Scribd
Upload
20 views3 pages

4Jul21_User_management_profiles

The document outlines user management profiles and kernel resource parameters for database sessions, including limits on sessions, CPU time, and resource usage. It also details password-related parameters such as failed login attempts, password life and reuse policies, and account lock times. Additionally, it introduces the INACTIVE_ACCOUNT_TIME parameter for locking accounts after a specified period of inactivity.

Uploaded by

imsanju1909
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
20 views3 pages

4Jul21_User_management_profiles

The document outlines user management profiles and kernel resource parameters for database sessions, including limits on sessions, CPU time, and resource usage. It also details password-related parameters such as failed login attempts, password life and reuse policies, and account lock times. Additionally, it introduces the INACTIVE_ACCOUNT_TIME parameter for locking accounts after a specified period of inactivity.

Uploaded by

imsanju1909
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

User management profiles:

Kernel resource parameters :

SESSIONS_PER_USER
Specify the number of concurrent sessions to which you want to limit the user.

CPU_PER_SESSION
Specify the CPU time limit for a session, expressed in hundredth of seconds.

CPU_PER_CALL
Specify the CPU time limit for a call (a parse, execute, or fetch), expressed in
hundredths of seconds.

CONNECT_TIME
Specify the total elapsed time limit for a session, expressed in minutes.

IDLE_TIME
Specify the permitted periods of continuous inactive time during a session,
expressed in minutes. Long-running queries and other operations are not subject to
this limit.

LOGICAL_READS_PER_SESSION
Specify the permitted number of data blocks read in a session, including blocks
read from memory and disk.

LOGICAL_READS_PER_CALL
Specify the permitted number of data blocks read for a call to process a SQL
statement (a parse, execute, or fetch).

PRIVATE_SGA
Specify the amount of private space a session can allocate in the shared pool of
the system global area (SGA). Refer to size_clause for information on that clause.

COMPOSITE_LIMIT
Specify the total resource cost for a session, expressed in service units. Oracle
Database calculates the total service units as a weighted sum of CPU_PER_SESSION,
CONNECT_TIME, LOGICAL_READS_PER_SESSION, and PRIVATE_SGA.

===================================================================================
===================================================================================
================

Password related parameters:

FAILED_LOGIN_ATTEMPTS
Specify the number of consecutive failed attempts to log in to the user account
before the account is locked. If you omit this clause, then the default is 10
times.

PASSWORD_LIFE_TIME
Specify the number of days the same password can be used for authentication. If you
also set a value for PASSWORD_GRACE_TIME, then the password expires if it is not
changed within the grace period, and further connections are rejected. If you omit
this clause, then the default is 180 days.
=========================================================

PASSWORD_REUSE_TIME and PASSWORD_REUSE_MAX

These two parameters must be set in conjunction with each other.


PASSWORD_REUSE_TIME specifies the number of days before which a password cannot be
reused. PASSWORD_REUSE_MAX specifies the number of password changes required before
the current password can be reused. For these parameter to have any effect, you
must specify a value for both of them.

If you specify a value for both of these parameters, then the user cannot reuse a
password until the password has been changed the number of times specified for
PASSWORD_REUSE_MAX during the number of days specified for PASSWORD_REUSE_TIME.

For example, if you specify PASSWORD_REUSE_TIME to 30 and PASSWORD_REUSE_MAX to 10,


then the user can reuse the password after 30 days if the password has already been
changed 10 times.

If you specify a value for either of these parameters and specify UNLIMITED for the
other, then the user can never reuse a password.

If you specify DEFAULT for either parameter, then Oracle Database uses the value
defined in the DEFAULT profile. By default, all parameters are set to UNLIMITED in
the DEFAULT profile. If you have not changed the default setting of UNLIMITED in
the DEFAULT profile, then the database treats the value for that parameter as
UNLIMITED.

If you set both of these parameters to UNLIMITED, then the database ignores both of
them. This is the default if you omit both parameters.

15- abc
30- pqr
45- xyz
60- def
-------------------------
75- hhh

-------------------------
90- abc

----------------------------------------------------------------

PASSWORD_LOCK_TIME
Specify the number of days an account will be locked after the specified number of
consecutive failed login attempts. If you omit this clause, then the default is 1
day.

PASSWORD_GRACE_TIME
Specify the number of days after the grace period begins during which a warning is
issued and login is allowed. If you omit this clause, then the default is 7 days.

PASSWORD_VERIFY_FUNCTION
The PASSWORD_VERIFY_FUNCTION clause lets a PL/SQL password complexity verification
script be passed as an argument to the CREATE PROFILE statement. Oracle Database
provides a default script, but you can create your own routine or use third-party
software instead.

For function, specify the name of the password complexity verification routine. The
function must exist in the SYS schema and you must have EXECUTE privilege on the
function.

Specify NULL to indicate that no password verification is performed.

If you specify expr for any of the password parameters, then the expression can be
of any form except scalar subquery expression.

INACTIVE_ACCOUNT_TIME: From 12.2 version

We can use the INACTIVE_ACCOUNT_TIME resource parameter in profile to automatically


lock the account of a database user who has not logged in to the database instance
in a specified number of days.
----------------------------------------------------------------

You might also like