Scribd
Upload
134 views5 pages

05 Oracle Profiles

Oracle profiles allow administrators to limit resource usage and enforce password policies for database users, with profile attributes including limits on CPU time, login attempts, connection time and more. Profiles are created using the CREATE PROFILE statement and assigned to users during creation or via ALTER USER to control passwords, locking, and resource usage. System privileges are needed to manage profiles and the RESOURCE_LIMIT parameter must be true to use resource limiting profile features.

Uploaded by

Istakhar Rajib
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
134 views5 pages

05 Oracle Profiles

Oracle profiles allow administrators to limit resource usage and enforce password policies for database users, with profile attributes including limits on CPU time, login attempts, connection time and more. Profiles are created using the CREATE PROFILE statement and assigned to users during creation or via ALTER USER to control passwords, locking, and resource usage. System privileges are needed to manage profiles and the RESOURCE_LIMIT parameter must be true to use resource limiting profile features.

Uploaded by

Istakhar Rajib
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Oracle PROFILES

http://psoug.org/reference/profiles.html

General
Dependencies

System Privileges

RESOURCE_LIMIT=TRUE is required for


resource limiting portions of the profile.
Password limiting functionality is not
affected by this parameter.

profile$
profname$
dba_profiles
alter profile
create profile
drop profile
resource_limit = TRUE
set linesize 121
col name format a30
col value format a30
SELECT name, value
FROM gv$parameter
WHERE name = 'resource_limit';
ALTER SYSTEM SET resource_limit=TRUE
SCOPE=BOTH;
SELECT name, value
FROM gv$parameter
WHERE name = 'resource_limit';

Kernel Resources

COMPOSITE_LIMIT

Maximum weighted sum of: CPU_PER_SESSION,


CONNECT_TIME,
LOGICAL_READS_PER_SESSION, and PRIVATE_SGA. If this
limit is exceeded, Oracle aborts the session and returns
an error.
composite_limit <value | UNLIMITED | DEFAULT>
ALTER PROFILE developer LIMIT composite_limit
5000000;
Allowable connect time per session in minutes

CONNECT_TIME

CPU_PER_CALL
CPU_PER_SESSION

connect_time <value | UNLIMITED | DEFAULT>


ALTER PROFILE developer LIMIT connect_time 600;
Maximum CPU time per call (100ths of a second)
cpu_per_call <value | UNLIMITED | DEFAULT>
ALTER PROFILE developer LIMIT cpu_per_call 3000;
Maximum CPU time per session (100ths of a second)
cpu_per_session <value | UNLIMITED | DEFAULT>

ALTER PROFILE developer LIMIT cpu_per_session


UNLIMITED;
Allowed idle time before user is disconnected (minutes)
IDLE_TIME

idle_time <value | UNLIMITED | DEFAULT>


ALTER PROFILE developer LIMIT idle_time 20;
Maximum number of database blocks read per call

LOGICAL_READS_PER_
CALL

logical_reads_per_call <value | UNLIMITED |


DEFAULT>
ALTER PROFILE developer LIMIT logical_reads_per_call
1000;
Maximum number of database blocks read per session

LOGICAL_READS_PER_
SESSION

logical_reads_per_session <value | UNLIMITED |


DEFAULT>
ALTER PROFILE developer LIMIT
logical_reads_per_session UNLIMITED;
Maximum integer bytes of private space in the SGA
(useful for systems using multi-threaded server MTS)

PRIVATE_SGA

private_sga <value | UNLIMITED | DEFAULT>


Only valid with TP-monitor
ALTER PROFILE developer LIMIT private_sga 15K;
Number of concurrent multiple sessions allowed per user

SESSIONS_PER_USER

sessions_per_user <value | UNLIMITED | DEFAULT>


ALTER PROFILE developer LIMIT sessions_per_user 1;

Password Resources
The number of failed attempts to log in to the user
account before the account is locked

FAILED_LOGIN_ATTEMP
TS

PASSWORD_GRACE_TI
ME

failed_login_attempts <value | UNLIMITED |


DEFAULT>
ALTER PROFILE developer LIMIT failed_login_attempts
3;
-- to count failed log in attempts:
SELECT name, lcount
FROM user$
WHERE lcount <> 0;
The number of days after the grace period begins during
which a warning is issued and login is allowed. If the
password is not changed during the grace period, the

password expires
password_gracetime <value | UNLIMITED |
DEFAULT>
ALTER PROFILE developer LIMIT password_grace_time
10;
The number of days the same password can be used for
authentication
PASSWORD_LIFE_TIME

PASSWORD_LOCK_TIM
E

PASSWORD_REUSE_MAX

PASSWORD_REUSE_TIME

password_life_time <value | UNLIMITED |


DEFAULT>
ALTER PROFILE developer LIMIT password_life_time
60;
the number of days an account will be locked after the
specified number of consecutive failed login attempts
defined by FAILED_LOGIN_ATTEMPTS
password_lock_time <value | UNLIMITED |
DEFAULT>
ALTER PROFILE developer LIMIT password_lock_time
30;
The number of times a password must be
changed before it can be reused
password_reuse_max <value | UNLIMITED |
DEFAULT>
ALTER PROFILE developer LIMIT
password_reuse_max 0;
The number of days between reuses of a
password
password_reuse_time <value | UNLIMITED |
DEFAULT>
ALTER PROFILE developer LIMIT
password_reuse_time 0;

Password Verification
Sample script for
creating a password
verify function

{ORACLE_HOME}/rdbms/admin/utlpwdmg.sql

Verify passwords for length, content, and complexity


PASSWORD_VERIFY_FU
NCTION

password_verify_function <function_name | NULL


| DEFAULT>
ALTER PROFILE developer LIMIT
password_verify_function uw_pwd_verification;

Changing passwords
with a password verify
function

The function requires the old and new passwords so


password changes can not be done with ALTER USER.
Password changes should be performed with the
SQL*Plus PASSWORD command or through a stored
procedure that requires the correct inputs.

Create Profiles
List things that can be
limited in a profile

Create profile

SELECT DISTINCT resource_name, limit


FROM dba_profiles
ORDER BY resource_name;
CREATE PROFILE <profile_name> LIMIT
<profile_item_name> <value>
<profile_item_name> <value>
....;
CREATE PROFILE developer LIMIT
PASSWORD_LIFE_TIME 60
PASSWORD_GRACE_TIME 10
PASSWORD_REUSE_TIME 0
PASSWORD_REUSE_MAX 0
FAILED_LOGIN_ATTEMPTS 4
PASSWORD_LOCK_TIME 2
CPU_PER_CALL 3000
PRIVATE_SGA 500K
LOGICAL_READS_PER_CALL 1000;

Alter Profile
Alter profile syntax

ALTER PROFILE <profile_name> LIMIT


<profile_item_name> <value>;
ALTER PROFILE developer LIMIT
FAILED_LOGIN_ATTEMPTS 3;

Assign Profile

Assign During User


Creation

Assign Profile After


User Creation

CREATE USER <user_name>


IDENTIFIED BY <password>
PROFILE <profile_name>;
CREATE USER uwclass
IDENTIFIED BY "N0Way!"
DEFAULT TABLESPACE uwdata
TEMPORARY TABLESPACE temp
QUOTA 0 ON SYSTEM
QUOTA 0 ON SYSAUX
QUOTA UNLIMITED ON uwdata
QUOTA 10M ON indx_sml
PROFILE developer;
ALTER USER <user_name>
PROFILE <profile_name>;

ALTER USER uwclass PROFILE developer;

Drop Profile
Drop Profile without
Users
Drop Profile with
Users

DROP
DROP
DROP
DROP

PROFILE
PROFILE
PROFILE
PROFILE

<profile_name>
developer;
<profile_name> CASCADE;
developer CASCADE;

You might also like