search
HomeDatabaseMysql Tutorialoracle profile 小结

oracle profile 小结

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
Jun 07, 2016 pm 03:30 PM
httporacleprofile

http://blog.sina.com.cn/s/blog_54b09dc901008cs0.html 一、目的: Oracle 系统中的profile可以用来对用户所能使用的数据库资源进行限制,使用 Create Profile命令创建一个Profile,用它来实现对数据库资源的限制使用,如果把该profile分配给用户,则该用户


http://blog.sina.com.cn/s/blog_54b09dc901008cs0.html


一、目的:

Oracle 系统中的profile可以用来对用户所能使用的数据库资源进行限制,使用 Create Profile命令创建一个Profile,用它来实现对数据库资源的限制使用,如果把该profile分配给用户,则该用户所能使用的数据库资源都在该 profile的限制之内。

二、条件:

创建profile必须要有CREATE PROFILE的系统权限。

为用户指定资源限制,必须:

1.动态地使用alter system或使用初始化参数resource_limit使资源限制生效。该改变对密码资源无效,密码资源总是可用。

SQL> show parameter resource_limit

NAME                                 TYPE        VALUE

———————————— ———– ——————————

resource_limit                       boolean     FALSE

SQL> alter system set resource_limit=true;

系统已更改。

SQL> show parameter resource_limit;

NAME                                 TYPE        VALUE

———————————— ———– ——————————

resource_limit                      boolean     TRUE

SQL>

2.使用create profile创建一个定义对数据库资源进行限制的profile。

3.使用create user 或alter user命令把profile分配给用户。

三、语法:

<span><span> <wbr> <wbr> <wbr> <wbr> CREATE PROFILE profile 
</wbr></wbr></wbr></wbr></span>LIMIT { resource_parameters<span> | password_parameters } [ resource_parameters | password_parameters ]… ;</span></span>
<em><resource_parameters></resource_parameters></em>
<span>{{ SESSIONS_PER_USER | CPU_PER_SESSION | CPU_PER_CALL | CONNECT_TIME | IDLE_TIME | LOGICAL_READS_PER_SESSION | LOGICAL_READS_PER_CALL | COMPOSITE_LIMIT } { integer | UNLIMITED | DEFAULT }
| PRIVATE_SGA { integer [ K | M ] | UNLIMITED | DEFAULT }}</span>

<span>{{ FAILED_LOGIN_ATTEMPTS | PASSWORD_LIFE_TIME | PASSWORD_REUSE_TIME | PASSWORD_REUSE_MAX | PASSWORD_LOCK_TIME | PASSWORD_GRACE_TIME } { expr | UNLIMITED | DEFAULT }
| PASSWORD_VERIFY_FUNCTION<span> { function | NULL | DEFAULT }</span></span>}

四、语法解释:

       profile:配置文件的名称。Oracle数据库以以下方式强迫资源限制:

       1.如果用户超过了connect_time或idle_time的会话资源限制,数据库就回滚当前事务,并结束会话。用户再次执行命令,数据库则返回一个错误,

       2.如果用户试图执行超过其他的会话资源限制的操作,数据库放弃操作,回滚当前事务并立即返回错误。用户之后可以提交或回滚当前事务,必须结束会话。

       提示:可以将一条分成多个段,如1小时(1/24天)来限制时间,可以为用户指定资源限制,但是数据库只有在参数生效后才会执行限制。      

       Unlimited:分配该profile的用户对资源使用无限制,当使用密码参数时,unlimited意味着没有对参数加限制。

       Default:指定为default意味着忽略对profile中的一些资源限制,Default profile初始定义对资源不限制,可以通过alter profile命令来改变。

       Resource_parameter部分:      

       Session_per_user:指定限制用户的并发会话的数目。

       Cpu_per_session:指定会话的CPU时间限制,单位为百分之一秒。

       Cpu_per_call:指定一次调用(解析、执行和提取)的CPU时间限制,单位为百分之一秒。

       Connect_time:指定会话的总的连接时间,以分钟为单位。

       Idle_time:指定会话允许连续不活动的总的时间,以分钟为单位,超过该时间,会话将断开。但是长时间运行查询和其他操作的不受此限制。

       Logical_reads_per_session:指定一个会话允许读的数据块的数目,包括从内存和磁盘读的所有数据块。

       Logical_read_per_call:指定一次执行SQL(解析、执行和提取)调用所允许读的数据块的最大数目。

       Private_sga:指定一个会话可以在共享池(SGA)中所允许分配的最大空间,以字节为单位。(该限制只在使用共享服务器结构时才有效,会话在SGA中的私有空间包括私有的SQL和PL/SQL,但不包括共享的SQL和PL/SQL)。

       Composite_limit:指定一个会话的总的资源消耗,以service units单位表示。Oracle数据库以有利的方式计算cpu_per_session,connect_time, logical_reads_per_session和private-sga总的service units

       Password_parameter部分:      

       Failed_login_attempts:指定在帐户被锁定之前所允许尝试登陆的的最大次数。

       Password_life_time:指定同一密码所允许使用的天数。如果同时指定了 password_grace_time参数,如果在grace period内没有改变密码,则密码会失效,连接数据库被拒绝。如果没有设置password_grace_time参数,默认值unlimited将引发一个数据库警告,但是允许用户继续连接。

       Password_reuse_time和password_reuse_max:这两个参数必须互相关联设置,password_reuse_time指定了密码不能重用前的天数,而password_reuse_max则指定了当前密码被重用之前密码改变的次数。两个参数都必须被设置为整数。

       1.如果为这两个参数指定了整数,则用户不能重用密码直到密码被改变了password_reuse_max指定的次数以后在password_reuse_time指定的时间内。

       如:password_reuse_time=30,password_reuse_max=10,用户可以在30天以后重用该密码,要求密码必须被改变超过10次。

       2.如果指定了其中的一个为整数,而另一个为unlimited,则用户永远不能重用一个密码。

       3.如果指定了其中的一个为default,Oracle数据库使用定义在profile中的默认值,默认情况下,所有的参数在profile中都被设置为unlimited,如果没有改变profile默认值,数据库对该值总是默认为unlimited。

       4.如果两个参数都设置为unlimited,则数据库忽略他们。

       Password_lock_time:指定登陆尝试失败次数到达后帐户的缩定时间,以天为单位。

       Password_grace_time:指定宽限天数,数据库发出警告到登陆失效前的天数。如果数据库密码在这中间没有被修改,则过期会失效。

       Password_verify_function:该字段允许将复杂的PL/SQL密码验证脚本做为参 数传递到create profile语句。Oracle数据库提供了一个默认的脚本,但是自己可以创建自己的验证规则或使用第三方软件验证。对Function名称,指定的是密码验证规则的名称,指定为Null则意味着不使用密码验证功能。如果为密码参数指定表达式,则该表达式可以是任意格式,除了数据库标量子查询。      

五、举例:

       1.创建一个profile:

       create profile new_profile limit password_reuse_max 10 password_reuse_time 30;

       2.设置profile资源限制:

       create profile app_user limit sessions_per_user unlimited cpu_per_session unlimited cpu_per_call 3000 connect_time 45 logical_reads_per_session default logical_reads_per_call 1000 private_sga 15k composite_limit 5000000;

       总的resource cost不超过五百万service units。计算总的resource cost的公式由alter resource cost语句来指定。      

       3.设置密码限制profile:

       create profile app_users2 limit failed_login_attempts 5 password_life_time 60 password_reuse_time 60 password_reuse_max 5 password_verify_function verify_function password_lock_time 1/24 password_grace_time 10;             

       4.将配置文件分配给用户:

              SQL> alter user dinya profile app_user;

用户已更改。

              SQL> alter user dinya profile default;

用户已更改。


Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Related Article
MySQL: BLOB and other no-sql storage, what are the differences?MySQL: BLOB and other no-sql storage, what are the differences?May 13, 2025 am 12:14 AM

MySQL'sBLOBissuitableforstoringbinarydatawithinarelationaldatabase,whileNoSQLoptionslikeMongoDB,Redis,andCassandraofferflexible,scalablesolutionsforunstructureddata.BLOBissimplerbutcanslowdownperformancewithlargedata;NoSQLprovidesbetterscalabilityand

MySQL Add User: Syntax, Options, and Security Best PracticesMySQL Add User: Syntax, Options, and Security Best PracticesMay 13, 2025 am 12:12 AM

ToaddauserinMySQL,use:CREATEUSER'username'@'host'IDENTIFIEDBY'password';Here'showtodoitsecurely:1)Choosethehostcarefullytocontrolaccess.2)SetresourcelimitswithoptionslikeMAX_QUERIES_PER_HOUR.3)Usestrong,uniquepasswords.4)EnforceSSL/TLSconnectionswith

MySQL: How to avoid String Data Types common mistakes?MySQL: How to avoid String Data Types common mistakes?May 13, 2025 am 12:09 AM

ToavoidcommonmistakeswithstringdatatypesinMySQL,understandstringtypenuances,choosetherighttype,andmanageencodingandcollationsettingseffectively.1)UseCHARforfixed-lengthstrings,VARCHARforvariable-length,andTEXT/BLOBforlargerdata.2)Setcorrectcharacters

MySQL: String Data Types and ENUMs?MySQL: String Data Types and ENUMs?May 13, 2025 am 12:05 AM

MySQloffersechar, Varchar, text, Anddenumforstringdata.usecharforfixed-Lengthstrings, VarcharerForvariable-Length, text forlarger text, AndenumforenforcingdataAntegritywithaetofvalues.

MySQL BLOB: how to optimize BLOBs requestsMySQL BLOB: how to optimize BLOBs requestsMay 13, 2025 am 12:03 AM

Optimizing MySQLBLOB requests can be done through the following strategies: 1. Reduce the frequency of BLOB query, use independent requests or delay loading; 2. Select the appropriate BLOB type (such as TINYBLOB); 3. Separate the BLOB data into separate tables; 4. Compress the BLOB data at the application layer; 5. Index the BLOB metadata. These methods can effectively improve performance by combining monitoring, caching and data sharding in actual applications.

Adding Users to MySQL: The Complete TutorialAdding Users to MySQL: The Complete TutorialMay 12, 2025 am 12:14 AM

Mastering the method of adding MySQL users is crucial for database administrators and developers because it ensures the security and access control of the database. 1) Create a new user using the CREATEUSER command, 2) Assign permissions through the GRANT command, 3) Use FLUSHPRIVILEGES to ensure permissions take effect, 4) Regularly audit and clean user accounts to maintain performance and security.

Mastering MySQL String Data Types: VARCHAR vs. TEXT vs. CHARMastering MySQL String Data Types: VARCHAR vs. TEXT vs. CHARMay 12, 2025 am 12:12 AM

ChooseCHARforfixed-lengthdata,VARCHARforvariable-lengthdata,andTEXTforlargetextfields.1)CHARisefficientforconsistent-lengthdatalikecodes.2)VARCHARsuitsvariable-lengthdatalikenames,balancingflexibilityandperformance.3)TEXTisidealforlargetextslikeartic

MySQL: String Data Types and Indexing: Best PracticesMySQL: String Data Types and Indexing: Best PracticesMay 12, 2025 am 12:11 AM

Best practices for handling string data types and indexes in MySQL include: 1) Selecting the appropriate string type, such as CHAR for fixed length, VARCHAR for variable length, and TEXT for large text; 2) Be cautious in indexing, avoid over-indexing, and create indexes for common queries; 3) Use prefix indexes and full-text indexes to optimize long string searches; 4) Regularly monitor and optimize indexes to keep indexes small and efficient. Through these methods, we can balance read and write performance and improve database efficiency.

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Show More

Hot Article

Roblox: Grow A Garden - Complete Mutation Guide
3 weeks agoByDDD
Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys
3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
How to fix KB5055612 fails to install in Windows 10?
3 weeks agoByDDD
Nordhold: Fusion System, Explained
3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Mandragora: Whispers Of The Witch Tree - How To Unlock The Grappling Hook
3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Show More

Hot Tools

Dreamweaver Mac version

Dreamweaver Mac version

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

EditPlus Chinese cracked version

EditPlus Chinese cracked version

Small size, syntax highlighting, does not support code prompt function

MinGW - Minimalist GNU for Windows

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

SecLists

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

Show More

Hot Topics

Java Tutorial
1666
14
CakePHP Tutorial
1426
52
Laravel Tutorial
1328
25
PHP Tutorial
1273
29
C# Tutorial
1254
24
Show More