TABLE 9-3 User-Related Data Dictionary Views and Tables
Chapter 9: Database Security and Auditing 293
In addition, profiles can be used as an authorization mechanism to control how user passwords
are created, reused, and validated. For example, we may wish to enforce a minimum password
length, along with a requirement that at least one upper- and lowercase letter appear in the
password. In this section, we??™ll talk about how profiles manage passwords and resources.
The CREATE PROFILE command
The create profile command does double duty; we can create a profile to limit the connect time
for a user to 120 minutes:
create profile lim_connect limit
connect_time 120;
Similarly, we can limit the number of consecutive times a login can fail before the account is
locked:
create profile lim_fail_login limit
failed_login_attempts 8;
Or, we can combine both types of limits in a single profile:
create profile lim_connectime_faillog limit
connect_time 120
failed_login_attempts 8;
How Oracle responds to one of the resource limits being exceeded depends on the type of
limit. When one of the connect time or idle time limits is reached (such as CPU_PER_SESSION),
the transaction in progress is rolled back, and the session is disconnected. For most other resource
limits (such as PRIVATE_SGA), the current transaction is rolled back, an error is returned to the
user, and the user has the option to commit or roll back the transaction.
Pages:
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494