All rights reserved.• Control use of resources using profiles • Obtain password and resource limit information... All rights reserved.Profiles • A profile is a named set of password and
Trang 1Copyright © Oracle Corporation, 2002 All rights reserved.
Managing Password Security
and Resources
Trang 214-2 Copyright © Oracle Corporation, 2002 All rights reserved.
• Control use of resources using profiles
• Obtain password and resource limit information
Trang 314-3 Copyright © Oracle Corporation, 2002 All rights reserved.
Profiles
• A profile is a named set of password and resource
limits.
• Profiles are assigned to users by the CREATE USER
or ALTER USER command.
• Profiles can be enabled or disabled.
• Profiles can relate to the DEFAULT profile.
Trang 414-5 Copyright © Oracle Corporation, 2002 All rights reserved.
User
Password expiration and aging
Password verification
Password history
Account locking
Setting up profilesPassword Management
Trang 514-6 Copyright © Oracle Corporation, 2002 All rights reserved.
• Set up password management by using profiles and
assigning them to users.
• Lock, unlock, and expire accounts using the CREATE USER or ALTER USER command.
• Password limits are always enforced.
• To enable password management, run the
utlpwdmg.sql script as the user SYS.
Enabling Password Management
Trang 614-7 Copyright © Oracle Corporation, 2002 All rights reserved.
Password Account Locking
Trang 714-8 Copyright © Oracle Corporation, 2002 All rights reserved.
Trang 814-9 Copyright © Oracle Corporation, 2002 All rights reserved.
PASSWORD_REUSE_TIME
PASSWORD_REUSE_MAX
Description
Trang 914-10 Copyright © Oracle Corporation, 2002 All rights reserved.
Trang 1014-11 Copyright © Oracle Corporation, 2002 All rights reserved.
User-Provided Password Function
This function must be created in the SYS schema and must have the following specification:
Trang 1114-12 Copyright © Oracle Corporation, 2002 All rights reserved.
Password Verification Function
VERIFY_FUNCTION
• Minimum length is four characters.
• Password should not be equal to username.
• Password should have at least one alphabetic, one
numeric, and one special character.
• Password should differ from the previous password
by at least three letters.
Trang 1214-13 Copyright © Oracle Corporation, 2002 All rights reserved.
CREATE PROFILE grace_5 LIMIT
Creating a Profile:
Password Settings
Trang 1314-17 Copyright © Oracle Corporation, 2002 All rights reserved.
ALTER PROFILE default LIMIT
FAILED_LOGIN_ATTEMPTS 3
PASSWORD_LIFE_TIME 60
PASSWORD_GRACE_TIME 10;
Altering a Profile: Password Setting
Use ALTER PROFILE to change password limits.
Trang 1414-19 Copyright © Oracle Corporation, 2002 All rights reserved.
DROP PROFILE developer_prof;
DROP PROFILE developer_prof CASCADE;
Dropping a Profile: Password Setting
• Drop the profile using DROP PROFILE command.
• DEFAULT profile cannot be dropped.
• CASCADE revokes the profile from the user to whom
it was assigned.
Trang 1514-21 Copyright © Oracle Corporation, 2002 All rights reserved.
Resource Management
• Resource management limits can be enforced at the
session level, the call level, or both.
• Limits can be defined by profiles using the CREATE PROFILE command.
• Enable resource limits with the:
– RESOURCE_LIMIT initialization parameter
– ALTER SYSTEM command
Trang 1614-22 Copyright © Oracle Corporation, 2002 All rights reserved.
Enabling Resource Limits
• Set the initialization parameter RESOURCE_LIMIT to TRUE.
• Enforce the resource limits by enabling the
parameter with the ALTER SYSTEM command.
ALTER SYSTEM SET RESOURCE_LIMIT=TRUE;
Trang 1714-23 Copyright © Oracle Corporation, 2002 All rights reserved.
Number of concurrent sessions allowed for each username
Elapsed connect time measured
in minutes Periods of inactive time measured
in minutes Number of data blocks (physical and logical reads)
Private space in the SGA measured in bytes (for Shared Server only)
Setting Resource Limits
at Session Level
Trang 1814-24 Copyright © Oracle Corporation, 2002 All rights reserved.
Resource
CPU_PER_CALL
LOGICAL_READS_PER_CALL
Description CPU time per call in hundredths of seconds Number of data blocks that can be read per call
Setting Resource Limits
at Call Level
Trang 1914-25 Copyright © Oracle Corporation, 2002 All rights reserved.
CREATE PROFILE developer_prof LIMIT SESSIONS_PER_USER 2
Trang 2014-28 Copyright © Oracle Corporation, 2002 All rights reserved.
Managing Resources Using the Database Resource Manager
• Provides the Oracle server with more control over
resource management decisions
• Elements of the Database Resource Manager:
– Resource consumer group
– Resource plan
– Resource allocation method
– Resource plan directives
• Uses the DBMS_RESOURCE_MANAGER package to create and maintain elements
• Requires ADMINISTER_RESOURCE_MANAGER privilege
Trang 2114-29 Copyright © Oracle Corporation, 2002 All rights reserved.
Managing Resources Using the Database Resource Manager
• Resource plans specify the resource consumer
groups belonging to the plan.
• Resource plans contain directives for how to allocate
resources among consumer groups.
Trang 2214-31 Copyright © Oracle Corporation, 2002 All rights reserved.
Resource Plan Directives
The Database Resource Manager provides several means of allocating resources:
• CPU method
• Active session pool and queuing
• Degree of parallelism limit
• Automatic consumer group switching
• Maximum estimated execution time
• Undo quota
Trang 2314-33 Copyright © Oracle Corporation, 2002 All rights reserved.
Obtaining Password and Resource Limit Information
Information about password and resource limits can be obtained by querying the following views:
• DBA_USERS
• DBA_PROFILES
Trang 2414-35 Copyright © Oracle Corporation, 2002 All rights reserved.
Trang 2514-36 Copyright © Oracle Corporation, 2002 All rights reserved.
Practice 14 Overview
This practice covers the following topics:
• Enabling password management
• Defining profiles and assigning to users
• Disabling password management