Oracle 12C R2-新特性-自动锁住不经常使用的用户

版权声明:未经博主允许不允许转载 https://blog.csdn.net/qianglei6077/article/details/90137325

1 说明

Starting with this release, you can configure user accounts to automatically lock if they have been inactive over a period of time.

The CREATE USER and ALTER USER SQL statements enable you to set a new profile parameter, INACTIVE_ACCOUNT_TIME, which enables you to automatically lock inactive accounts.

从12.2开始,Oracle会自动将不活跃(超过一定时间没有操作)的用户锁住。该时间是通过参数INACTIVE_ACCOUNT_TIME来设置的。

该参数单位:天。表示从该用户上次成功登陆开始计算,如果超过参数设定的天数,那么Oracle会自动锁住该用户。
该参数默认是UNLIMITED,需要手动开启。

SQL> select profile,resource_name,limit from dba_profiles t where t.resource_name='INACTIVE_ACCOUNT_TIME';
PROFILE        RESOURCE_NAME	      LIMIT
------------------------------ ------------------------------ --------------------
DEFAULT INACTIVE_ACCOUNT_TIME UNLIMITED
ORA_STIG_PROFILE	       INACTIVE_ACCOUNT_TIME	      35
TEST_PROFILE	       INACTIVE_ACCOUNT_TIME	      35

关于该参数的更多说明:

  • INACTIVE_ACCOUNT_TIME默认值是UNLIMITED,也就是不启用自动锁用户.

  • 参数值是15到24855之间.

  • 如果不想自动锁用户,则需要把 INACTIVE_ACCOUNT_TIME参数值设置为UNLIMITED.

  • 想将该参数时间设置为默认PROFILE中指定的参数值,可设置 INACTIVE_ACCOUNT_TIME 参数值为 DEFAULT.

  • You can set this parameter for all database authenticated users, including administrative users, but not for external or global authenticated users.

  • In a read-only database, the last successful login is not considered in the INACTIVE_ACCOUNT_TIME timing. It is not possible to lock a user account in a read-only database (except by performing consecutive failed logins equal in number to the account’s FAILED_LOGIN_ATTEMPTS password profile setting).

  • For a newly created user account, the timing begins at account creation time. When this user logs out and then logs again, the timing starts when the user successfully logs in.

  • In a multitenant environment, the INACTIVE_ACCOUNT_TIME setting applies to the last time a common user logs in to the root. A common user is considered active if this user logs in to any of the PDBs or the root.

  • For a proxy user account login, the INACTIVE_ACCOUNT_TIME begins the timing when the proxy user logs in successfully.

详细信息查看官方文档:
https://docs.oracle.com/en/database/oracle/oracle-database/12.2/dbseg/configuring-authentication.html#GUID-ED98E6DA-A30C-4052-A343-B516CD641737

猜你喜欢

转载自blog.csdn.net/qianglei6077/article/details/90137325
今日推荐