oracle 建立profile,ORACLE profile系列2 --profile概述

最近客户提出要对ORACLE用户的密码修改做复杂验证，用到了oracle profile，于是顺便系统的把profile学习一下。一下部分截自官方文档(加上个人理解)

oracle profile可以用来实现资源限制(如会话可以使用的cpu资源等)，和密码限制(如果限制密码复杂度等)，但是oracle更推荐使用Database Resource Manager来进行资源管理。

一：Profiles(profile简述)

In the context of system resources, a user profile is a named set of resource limits and password parameters that restrict database usage andinstance resources for a user. Profiles can limit the number of concurrentsessions for a user, CPU processing time available for each session, and amount of logical I/O available (see"Buffer I/O"). For example, theclerk profile could limit a user to system resources required for clerical tasks.

##对于系统资源来说，用户profile是用来限制用户使用数据库和实例资源的一组密码参数及资源限制参数。profiles能够用来限制用户并发会话数，每个会话可用的cpu处理时间，以及逻辑I/O的数量。

Note: It is preferable to use Database Resource Manager to limit resources and to use profiles to manage passwords.

Profiles provide a single point of reference for users that share a set of attributes. You can assign a profile to one set of users, and a default profile to all others. Each user has at most one profile assigned at any point in time.

##虽然profile具有资源管理的功能，但是oracle更推荐使用Database Resource Manager来限制资源，用profile来管理密码。

##profile为使用共享资源的用户提供了资源分配的依据。你可以为多个用户指定同一个profile，没有指定的用户默认使用default profile。在任何时候，每一个用户最多只能被指定一个profile

See Also:

Oracle Database Security Guide to learn how to manage resources with profiles

二：Managing Resources with Profiles(profile的作用--资源管理)

#虽然profile可以实现资源管理，但是ORACLE推荐使用Database Resource Manager管理系统资源

A profileis a named set of resource limits and password parameters that restrict database usage and instance resources for a user. You can assign a profile to each user, and a default profile to all others. Each user can have only one profile, and creating a new one supersedes an earlier version.

You need to create and manage user profiles only if resource limits are a requirement of your database security policy. To use profiles, first categorize the related types of users in a database. Just as roles are used to manage the privileges of related users, profiles are used to manage the resource limits of related users. Determine how many profiles are needed to encompass all types of users in a database and then determine appropriate resource limits for each profile.

##只有当你的数据库处于安全策略考虑需要进行资源限制，你才需要使用profile。使用profile时，首先把你数据库里的用户进行分类。roles用来管理相关用户的权限，profile用来对相关用户做资源限制。根据你用户的分组来确定你需要建几个profile，并且为每个profile制定合适的资源限制属性(一般不同类型的用户使用不同的profile来进行资源限制，如业务用户和系统用户)，

In general, the word profile refers to a collection of attributes that apply to a user, enabling a single point of reference for any of multiple users that share those exact attributes. User profiles in Oracle Internet Directory contain attributes pertinent to directory usage and authentication for each user. Similarly, profiles in Oracle Label Security contain attributes useful in label security user administration and operations management. Profile attributes can include restrictions on system resources. You can use Database Resource Manager to set these types of resource limits.

##简单说来，profile就是一组运用于用户的属性，为使用该profile的用户提供参考(如果使用资源的参考)。

Profile resource limits are enforced only when you enable resource limitation for the associated database. Enabling this limitation can occur either before starting up the database (using theRESOURCE_LIMIT initialization parameter) or while it is open (using theALTER SYSTEM statement).

Though password parameters reside in profiles, they are unaffected by RESOURCE_LIMIT orALTER SYSTEM and password management is always enabled. In Oracle Database, Database Resource Manager primarily handles resource allocations and restrictions.

##profile只有在你对相关数据库启用了资源限制后才会起作用。我们可以通过在数据库启动前再参数文件中指定RESOURCE_LIMIT初始化参数或者在数据库启动后通过alter syste语句来启用数据库资源限制(alter system set resource_limit=true;)。但是密码参数并不受上述影响，密码管理总是能够起作用。oracle主要用Database Resource Manager来进行资源分配和限制

See Also:

Creating Profiles

Any authorized database user can create, assign to users, alter, and drop a profile at any time (using theCREATE USER orALTER USER statement). Profiles can be assigned only to users and not to roles or other profiles. Profile assignments do not affect current sessions, instead, they take effect only in subsequent sessions. Be aware that when you assign a profile to an external user or a global user, the password parameters do not take effect for that user.

To find information about current profiles, query the DBA_PROFILES view.

See Also:

Oracle Database SQL Language Reference for more information about the SQL statements that are used to manage profiles, which are ALTER PROFILE, CREATE PROFILE, andDROP PROFILE

Oracle Database Administrator's Guide for detailed information about managing resources

##关于create profile会在另一篇博客里面详细写一下，博客地址：ORACLE profile系列4 --CREATE PROFILE

Dropping Profiles

To drop a profile, you must have the DROP PROFILE system privilege. You can drop a profile (other than the default profile) using the SQL statementDROP PROFILE.To successfully drop a profile currently assigned to a user, use theCASCADE option.

##要删除profile，首先你必须具有DROP PROFILE系统权限。你能够使用drop profile语句并加cascade选项来删除一个被指定给某个用户的profile(default profile不能被删除)

The following statement drops the profile clerk, even though it is assigned to a user:

DROP PROFILE clerk CASCADE;

Any user currently assigned to a profile that is dropped is automatically assigned to theDEFAULT profile. TheDEFAULT profile cannot be dropped. When a profile is dropped, the drop does not affect currently active sessions. Only sessions created after a profile is dropped use the modified profile assignments.

##如果用户使用的profile被删除，那么用户自动的使用default profile。default profile不能被删除。删除profile不会对当前会话起作用，只会对删除之后创建的会话产生影响。