Oracle 12C R2-新特性-自动锁住不经常使用的用户

本文链接：https://blog.csdn.net/qianglei6077/article/details/90137325

从Oracle 12.2版本开始，系统引入了自动锁定长时间未登录用户的特性。通过INACTIVE_ACCOUNT_TIME参数，管理员可以设置账户在指定天数内无活动即被锁定。此参数适用于所有数据库认证用户，但不包括外部或全球认证用户。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

1 说明

Starting with this release, you can configure user accounts to automatically lock if they have been inactive over a period of time.

The CREATE USER and ALTER USER SQL statements enable you to set a new profile parameter, INACTIVE_ACCOUNT_TIME, which enables you to automatically lock inactive accounts.

从12.2开始，Oracle会自动将不活跃(超过一定时间没有操作)的用户锁住。该时间是通过参数INACTIVE_ACCOUNT_TIME来设置的。

该参数单位：天。表示从该用户上次成功登陆开始计算，如果超过参数设定的天数，那么Oracle会自动锁住该用户。
该参数默认是UNLIMITED，需要手动开启。

SQL> select profile,resource_name,limit from dba_profiles t where t.resource_name='INACTIVE_ACCOUNT_TIME';
PROFILE        RESOURCE_NAME	      LIMIT
------------------------------ ------------------------------ --------------------
DEFAULT INACTIVE_ACCOUNT_TIME UNLIMITED
ORA_STIG_PROFILE	       INACTIVE_ACCOUNT_TIME	      35
TEST_PROFILE	       INACTIVE_ACCOUNT_TIME	      35

关于该参数的更多说明：

INACTIVE_ACCOUNT_TIME默认值是UNLIMITED，也就是不启用自动锁用户.
参数值是15到24855之间.
如果不想自动锁用户，则需要把 INACTIVE_ACCOUNT_TIME参数值设置为UNLIMITED.
想将该参数时间设置为默认PROFILE中指定的参数值，可设置 INACTIVE_ACCOUNT_TIME 参数值为 DEFAULT.
You can set this parameter for all database authenticated users, including administrative users, but not for external or global authenticated users.
In a read-only database, the last successful login is not considered in the INACTIVE_ACCOUNT_TIME timing. It is not possible to lock a user account in a read-only database (except by performing consecutive failed logins equal in number to the account’s FAILED_LOGIN_ATTEMPTS password profile setting).
For a newly created user account, the timing begins at account creation time. When this user logs out and then logs again, the timing starts when the user successfully logs in.
In a multitenant environment, the INACTIVE_ACCOUNT_TIME setting applies to the last time a common user logs in to the root. A common user is considered active if this user logs in to any of the PDBs or the root.
For a proxy user account login, the INACTIVE_ACCOUNT_TIME begins the timing when the proxy user logs in successfully.

详细信息查看官方文档：
https://docs.oracle.com/en/database/oracle/oracle-database/12.2/dbseg/configuring-authentication.html#GUID-ED98E6DA-A30C-4052-A343-B516CD641737