问题:
您想限制用户可以在数据库中使用的资源量。
解
为了限制资源,我们可以按照以下步骤操作。
我们可以使用下面的SQL语句在数据库中查看RESOURCE_LIMIT的当前设置。
选择名称,从v $parameter中的值,其中name ='resource_limit';
创建配置文件以限制资源并将其分配给用户。它不会限制CPU使用率。
CREATE PROFILE test_profile LIMIT SESSIONS_PER_USER 2 CPU_PER_SESSION UNLIMITED CPU_PER_CALL 300000 CONNECT_TIME 45 IDLE_TIME 15 LOGICAL_READS_PER_SESSION DEFAULT LOGICAL_READS_PER_CALL 1000 PRIVATE_SGA 15K FAILED_LOGIN_ATTEMPTS 5 PASSWORD_LIFE_TIME 60 PASSWORD_GRACE_TIME 10 PASSWORD_LOCK_TIME 1 PASSWORD_REUSE_TIME 10 PASSWORD_REUSE_MAX 1 ;
输出结果
SESSIONS_PER_USER -- Specify the number of concurrent sessions to which you want to limit the user. CPU_PER_SESSION -- Specify the CPU time limit for a session, expressed in hundredth of seconds. CPU_PER_CALL -- Specify the CPU time limit for a call (a parse, execute, or fetch), expressed in hundredths of seconds. Need to increase this or not required to mention CONNECT_TIME -- Specify the total elapsed time limit for a session, expressed in minutes. IDLE_TIME -- Specify the permitted periods of continuous inactive time during a session, expressed in minutes. Long-running queries and other operations are not subject to this limit. LOGICAL_READS_PER_SESSION -- Specify the permitted number of data blocks read in a session, including blocks read from memory and disk. PRIVATE_SGA -- Specify the amount of private space a session can allocate in the shared pool of the system global area (SGA). Please refer to size_clause for information on that clause. FAILED_LOGIN_ATTEMPTS -- Specify the number of failed attempts to log in to the user account before the account is locked PASSWORD_LIFE_TIME -- Specify the number of days the same password can be used for authentication. PASSWORD_GRACE_TIME -- Specify the number of days after the grace period begins during which a warning is issued and login is allowed. If the password is not changed during the grace period, the password expires. PASSWORD_LOCK_TIME -- Specify the number of days an account will be locked after the specified number of consecutive failed login attempts. PASSWORD_REUSE_TIME --specifies the number of days before which a password cannot be reused. PASSWORD_REUSE_MAX --specifies the number of password changes required before the current password can be reused
执行时将创建test_profile。
创建配置文件后,我们现在可以将其分配给用户。在下一个示例中,为用户测试分配了test_profile:
alter user test profile test_profile;
使用Oracle数据库概要文件有两个原因,即设置资源限制和实施密码安全性设置。
创建用户时,如果未指定配置文件,则将默认配置文件分配给新创建的用户。我们可以使用ALTER PROFILE语句修改配置文件。我们可以覆盖DEFAULT配置文件以将CPU_PER_SESSION限制为360000(以百分之一秒为单位)。
alter profile default limit cpu_per_session 360000;
配置文件还用于强制执行密码安全设置,例如,说您想更改DEFAULT配置文件,以使密码使用的最大天数没有上限。下一行代码将DEFAULT配置文件的PASSWORD_LIFE_TIME设置为90天。
alter profile default limit password_life_time 90;
PASSWORD_REUSE_TIME和PASSWORD_REUSE_MAX设置必须结合使用。如果您为一个参数指定一个整数,然后为另一个参数指定UNLIMITED,则永远不能重用当前密码。
如果要指定默认配置文件密码必须在100天之内进行10次更改才能重新使用,请使用类似于以下代码的一行:
alter profile default limit password_reuse_time 100 password_reuse_max 10;