1 说明
Starting with this release, you can configure user accounts to automatically lock if they have been inactive over a period of time.
The CREATE USER and ALTER USER SQL statements enable you to set a new profile parameter, INACTIVE_ACCOUNT_TIME, which enables you to automatically lock inactive accounts.
从12.2开始,Oracle会自动将不活跃(超过一定时间没有操作)的用户锁住。该时间是通过参数INACTIVE_ACCOUNT_TIME
来设置的。
该参数单位:天。表示从该用户上次成功登陆开始计算,如果超过参数设定的天数,那么Oracle会自动锁住该用户。
该参数默认是UNLIMITED,需要手动开启。
SQL> select profile,resource_name,limit from dba_profiles t where t.resource_name='INACTIVE_ACCOUNT_TIME';
PROFILE RESOURCE_NAME LIMIT
------------------------------ ------------------------------ --------------------
DEFAULT INACTIVE_ACCOUNT_TIME UNLIMITED
ORA_STIG_PROFILE INACTIVE_ACCOUNT_TIME 35
TEST_PROFILE INACTIVE_ACCOUNT_TIME 35
关于该参数的更多说明:
-
INACTIVE_ACCOUNT_TIME默认值是UNLIMITED,也就是不启用自动锁用户.
-
参数值是15到24855之间.
-
如果不想自动锁用户,则需要把 INACTIVE_ACCOUNT_TIME参数值设置为UNLIMITED.
-
想将该参数时间设置为默认PROFILE中指定的参数值,可设置 INACTIVE_ACCOUNT_TIME 参数值为 DEFAULT.
-
You can set this parameter for all database authenticated users, including administrative users, but not for external or global authenticated users.
-
In a read-only database, the last successful login is not considered in the INACTIVE_ACCOUNT_TIME timing. It is not possible to lock a user account in a read-only database (except by performing consecutive failed logins equal in number to the account’s FAILED_LOGIN_ATTEMPTS password profile setting).
-
For a newly created user account, the timing begins at account creation time. When this user logs out and then logs again, the timing starts when the user successfully logs in.
-
In a multitenant environment, the INACTIVE_ACCOUNT_TIME setting applies to the last time a common user logs in to the root. A common user is considered active if this user logs in to any of the PDBs or the root.
-
For a proxy user account login, the INACTIVE_ACCOUNT_TIME begins the timing when the proxy user logs in successfully.