1
说明
Starting with this release, you can configure user accounts to automatically lock if they have been inactive over a period of time.
The CREATE USER and ALTER USER SQL statements enable you to set a new profile parameter,INACTIVE_ACCOUNT_TIME, which enables you to automatically lock inactive accounts.https://www.cndba.cn/Expect-le/article/2487https://www.cndba.cn/Expect-le/article/2487
从12.2开始,Oracle会自动将不活跃(超过一定时间没有操作)的用户锁住。该时间是通过参数INACTIVE_ACCOUNT_TIME来设置的。
该参数单位:天。从该用户上次成功登陆开始计算,如果超过参数设定的天数,那么Oracle会自动锁住该用户。当然该参数默认是UNLIMITED。需要手动开启。
SQL> select profile,resource_name,limit from dba_profiles t where t.resource_name='INACTIVE_ACCOUNT_TIME';
PROFILE RESOURCE_NAME LIMIT
------------------------------ ------------------------------ --------------------
DEFAULT INACTIVE_ACCOUNT_TIME UNLIMITED
ORA_STIG_PROFILE INACTIVE_ACCOUNT_TIME 35
TEST_PROFILE INACTIVE_ACCOUNT_TIME 35
关于该参数的更多说明:
1.
The default value for INACTIVE_ACCOUNT_TIME is UNLIMITED.
2.
You must specifya whole numberfor the number of days.The minimum setting is 15 and the maximum is 24855.
https://www.cndba.cn/Expect-le/article/2487
https://www.cndba.cn/Expect-le/article/2487
3.
To set the user’s account to have an unlimited inactivity time, set the INACTIVE_ACCOUNT_TIME to UNLIMITED.https://www.cndba.cn/Expect-le/article/2487
4.
To set the user’s account to use the time specified by the default profile, set INACTIVE_ACCOUNT_TIME to DEFAULT.https://www.cndba.cn/Expect-le/article/2487
5.
You can set this parameter for all database authenticated users, including administrative users, but not for external or global authenticated users.https://www.cndba.cn/Expect-le/article/2487
6.
In a read-only database, the last successful login is not considered in the INACTIVE_ACCOUNT_TIME timing. It is not possible to lock a user account in a read-only database (except by performing consecutive failed logins equal in number to the account’s FAILED_LOGIN_ATTEMPTS password profile setting).
https://www.cndba.cn/Expect-le/article/2487
7.
For a newly created user account, the timing begins at account creation time. When this user logs out and then logs again, the timing starts when the user successfully logs in.
8.
In a multitenant environment, the INACTIVE_ACCOUNT_TIME setting applies to the last time a common user logs in to the root. A common user is considered active if this user logs in to any of the PDBs or the root.
9.
For a proxy user account login, the INACTIVE_ACCOUNT_TIME begins the timing when the proxy user logs in successfully.https://www.cndba.cn/Expect-le/article/2487
详细信息查看官方文档:
版权声明:本文为博主原创文章,未经博主允许不得转载。
INACTIVE_ACCOUNT_TIME