Tuesday, July 1, 2014

Profile in Oracle

Profile in Oracle

Profiles are a means to limit resources a user can use.We can set up limits on the system resources used by setting up profiles with defined limits on resources.  Profiles are very useful in large, complex organizations with many users.  It allows us to regulate the amount of  resources used by each database user by creating and assigning profiles to users.

The limits resource can be categories into two parts  :  
1.) Kernel Limits
2.) Password Limits

1.) Kernel Limits : Kernel Resources covers the following options to limit the kernels resources.
  • Composite_limits : it  specify the total resource cost for a session, expressed in service units. Oracle Database calculates the total service units as a weighted sum of CPU_PER_SESSION, CONNECT_TIME, LOGICAL_READS_PER_SESSION, and PRIVATE_SGA. composite_limit  <value | unlimited | default>
       e.g;    SQL> alter profile P1 LIMIT composite_limit 5000000;

  • CONNECT_TIME : it specify the total elapsed time limit for a session, expressed in minutes. connect_time <value |  unlimited | default> . e.g ,
                  SQL> alter profile P1  LIMIT connect_time 600;

  • CPU_PER_CALL : Specify the CPU time limit for a call (a parse, execute, or fetch), expressed in hundredths of seconds. cpu_per_call  value |  unlimited | default > .  e.g;
                  SQL>  alter profile P1  LIMIT cpu_per_call 3000;

  • CPU_PER_SESSION : Specify the CPU time limit for a session,expressed in hundredth of seconds. cpu_per_session   <value |  unlimited | default> .e.g ;
                  SQL>  alter profile  P1  LIMIT   cpu_per_session   UNLIMITED ; 

  • IDLE_TIME : Specify the permitted periods of continuous inactive time during a session,expressed in minutes. Long-running queries and other operations are not subject to this limit . idle_time  <value | unlimited | default> . e.g;
                SQL>  alter profile  P1  LIMIT   idle_time  20 ; 

  • LOGICAL_READS_PER_CALL : Specify the permitted number of data blocks read for a call to process a SQL statement (a parse, execute, or fetch). logical_reads_per_call  <value |  unlimited | default> .e.g;
                 SQL> ALTER PROFILE  P1  LIMIT logical_reads_per_call 1000;

  • LOGICAL_READS_PER_SESSION : Specify the permitted number of data blocks read in a session, including blocks read from memory and disk. logical_reads_per_session <value | unlimited | default e.g;
               SQL> ALTER PROFILE  P1   LIMIT logical_reads_per_session UNLIMITED;

  • PRIVATE_SGA : Specify the amount of private space a session can allocate in the shared pool of the system global area (SGA). private_sga  <value | unlimited | default Only valid with TP-monitor.  e.g;
               SQL> ALTER PROFILE  P1   LIMIT private_sga 15K ;

  • SESSIONS_PER_USER : Specify the number of concurrent sessions to which you want to limit the user. sessions_per_user <value | unlimited | default e.g;
             SQL> ALTER PROFILE  P1   LIMIT sessions_per_user 1;


2 .)  Password Limits : Password Limits covers the following option to restrict the Password resources. Parameters that set lengths of time are interpreted in number of days .

  • FAILED_LOGIN_ATTEMPTS : Specify the number of failed attempts to log in to the user account before the account is locked. failed_login_attempts <value | unlimited | defaulte.g;
            SQL> ALTER PROFILE  P1  LIMIT failed_login_attempts 3;

--  to count failed log in attempts , fire the below command
             SQL> SELECT name, lcount FROM user$ WHERE lcount <> 0;

  • PASSWORD_GRACE_TIME  :  The number of days during which a login is alowed but a  warning is issued. password_gracetime <value | unlimited | default> . e.g;
             SQL> ALTER PROFILE  P1  LIMIT password_grace_time 10;

  • PASSWORD_LOCK_TIME  :  The number of days an account will be locked after the specified number of  consecutive failed login attempts defined by  FAILED_LOGIN_ATTEMPTS.    password_lock_time  <value | unlimited | default>  .  e.g;
               SQL> ALTER PROFILE  P1  LIMIT password_lock_time 30;

  • PASSWORD_REUSE_MAX :Times a password can be reused .password_reuse_max  <value | unlimited | default> .  e.g;
          SQL> ALTER PROFILE  P1  LIMIT password_reuse_max 0 ; 

  • PASSWORD_REUSE_TIME : Days between password reuses.password_reuse_time  <value | unlimited | default> .  e.g ; 
          SQL> ALTER PROFILE  P1  LIMIT password_reuse_time 0 ; 

To view existing profiles fire the below query :

SQL> select  profile, resource_name, limit FROM dba_profiles order by  profile, resource_name ; 

How to create the profile   :

SQL Create profile CREATE PROFILE <profile_name>  LIMIT
           <profile_item_name> <value>
           <profile_item_name> <value>
            ....;
e.g; 
SQL> create profile P1 limit 
 password_life_time 90
password_grace_time 15
password_reuse_time  0
password_reuse_max  0
failed_login_attempts  4
password__login_atempts  4
password_lock_time  2
cpu_per_call  2
private_sga 500K
logical_read_per_call   1000;

How to assign profile to user : we can assign the profile to user while creating the user or by altering the user. Here is demo to assign a profile to user .Say we have profile P1 and we assign to user ABC.

SQL> create user abc identified by abc 
default tablespace users  
 quota unlimited on users 
profile P1;
or  
SQL> alter user abc identified by abc  profile P1;

No comments:

Post a Comment