Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,370 --> 00:00:04,250 In this lesson, we'll be looking at profiles. 2 00:00:04,250 --> 00:00:10,050 So a profile is a resource limit that can be assigned to a user. 3 00:00:10,050 --> 00:00:14,430 To create a profile, we'll use the CREATE PROFILE command. 4 00:00:14,430 --> 00:00:17,760 And to change it, to alter the limits for it, 5 00:00:17,760 --> 00:00:19,800 we use ALTER PROFILE. 6 00:00:19,800 --> 00:00:23,820 So there are two types of profiles that we can use 7 00:00:23,820 --> 00:00:27,010 or at least two sets of resource limits. 8 00:00:27,010 --> 00:00:30,090 The first type is password limits, 9 00:00:30,090 --> 00:00:33,750 so these are the limitations on password behavior, 10 00:00:33,750 --> 00:00:37,420 such as the length of time that a password can be active, 11 00:00:37,420 --> 00:00:39,480 how many times it can be changed, 12 00:00:39,480 --> 00:00:42,960 how much time needs to expire before the password could 13 00:00:42,960 --> 00:00:45,560 be changed, so on and so forth. 14 00:00:45,560 --> 00:00:47,800 And also system resource limits-- and these 15 00:00:47,800 --> 00:00:49,240 are a little different. 16 00:00:49,240 --> 00:00:52,420 System resource limits apply to things 17 00:00:52,420 --> 00:00:58,240 like CPU usage and memory usage, so we can actually assign these 18 00:00:58,240 --> 00:01:02,140 to a profile and assign that profile to a user 19 00:01:02,140 --> 00:01:04,690 to limit the amount of system resources 20 00:01:04,690 --> 00:01:07,730 that they can actually use. 21 00:01:07,730 --> 00:01:11,620 So some examples of password limits-- 22 00:01:11,620 --> 00:01:13,720 FAILED-LOGIN_ATTEMPTS, so this is 23 00:01:13,720 --> 00:01:15,610 the number of times an account can 24 00:01:15,610 --> 00:01:19,180 fail the login before it locks. 25 00:01:19,180 --> 00:01:22,450 So if we set FAILED_LOGIN_ATTEMPTS to 5 26 00:01:22,450 --> 00:01:25,870 and the user attempted to log in five 27 00:01:25,870 --> 00:01:28,030 times with the incorrect password, 28 00:01:28,030 --> 00:01:29,960 the account would lock. 29 00:01:29,960 --> 00:01:33,050 PASSWORD_LOCK_TIME is the amount of time 30 00:01:33,050 --> 00:01:37,490 that the account stays locked after failed login attempts has 31 00:01:37,490 --> 00:01:38,690 been reached. 32 00:01:38,690 --> 00:01:41,450 So we've probably seen situations 33 00:01:41,450 --> 00:01:44,390 where you log into the web application 34 00:01:44,390 --> 00:01:46,550 and incorrect password. 35 00:01:46,550 --> 00:01:48,920 It stays locked for a certain period of time, 36 00:01:48,920 --> 00:01:51,710 and then you're able to go in later and try it again. 37 00:01:51,710 --> 00:01:55,160 So that's the same kind of thing that PASSWORD_LOCK_TIME 38 00:01:55,160 --> 00:01:56,900 is a limit over. 39 00:01:56,900 --> 00:01:59,600 PASSWORD_LIFE_TIME is the amount of time 40 00:01:59,600 --> 00:02:03,470 that a password can be active before it must be changed. 41 00:02:03,470 --> 00:02:06,950 PASSWORD_REUSE_TIME is the amount of time 42 00:02:06,950 --> 00:02:10,190 that must pass before a password can be reused. 43 00:02:10,190 --> 00:02:13,610 And PASSWORD_REUSE_MAX is the number of times 44 00:02:13,610 --> 00:02:17,840 that a password must be changed before it can be reused. 45 00:02:17,840 --> 00:02:20,060 And then PASSWORD_VERIFY_FUNCTION 46 00:02:20,060 --> 00:02:21,650 is an interesting limit. 47 00:02:21,650 --> 00:02:24,740 PASSWORD_VERIFY_FUNCTION can be assigned 48 00:02:24,740 --> 00:02:28,940 to a PL/SQL function that will check 49 00:02:28,940 --> 00:02:31,410 the complexity of the password. 50 00:02:31,410 --> 00:02:36,980 So if we want our passwords to be say 12 characters long 51 00:02:36,980 --> 00:02:41,180 and have a combination of uppercase and lowercase letters 52 00:02:41,180 --> 00:02:44,270 and numbers, and maybe some special characters 53 00:02:44,270 --> 00:02:47,720 in the password to ensure complexity, 54 00:02:47,720 --> 00:02:51,590 that can all be created in a PASSWORD_VERIFY_FUNCTION. 55 00:02:51,590 --> 00:02:54,320 And Oracle actually includes an example function 56 00:02:54,320 --> 00:02:59,950 that is easy to modify in order to put this in place. 57 00:02:59,950 --> 00:03:03,010 The other type of limits in a profile or system resource 58 00:03:03,010 --> 00:03:04,330 limits. 59 00:03:04,330 --> 00:03:07,370 We can look at things like SESSIONS_PER_USER. 60 00:03:07,370 --> 00:03:09,460 So this is the number of sessions 61 00:03:09,460 --> 00:03:12,040 that a individual user can have connected 62 00:03:12,040 --> 00:03:14,450 to the database at any one time. 63 00:03:14,450 --> 00:03:17,140 So this limits behavior, such as where 64 00:03:17,140 --> 00:03:20,350 people log in with one session in a tool, 65 00:03:20,350 --> 00:03:24,550 and then log in another and another, and different windows 66 00:03:24,550 --> 00:03:27,330 running operations against the database. 67 00:03:27,330 --> 00:03:31,300 CPU_PER_SESSION is the amount of CPU cycles 68 00:03:31,300 --> 00:03:33,820 that can be used in a given session 69 00:03:33,820 --> 00:03:37,600 before that session is no longer allowed to use CPU 70 00:03:37,600 --> 00:03:40,330 and effectively will give an error. 71 00:03:40,330 --> 00:03:43,600 So CPU_PER_SESSION is kind of not 72 00:03:43,600 --> 00:03:46,060 used probably as much these days. 73 00:03:46,060 --> 00:03:49,180 Oracle has other ways of doing resource management that 74 00:03:49,180 --> 00:03:51,190 are better than profiles. 75 00:03:51,190 --> 00:03:54,340 CPU_PER_SESSION and some of the system resource 76 00:03:54,340 --> 00:03:56,680 limits kind of hearken back to a time 77 00:03:56,680 --> 00:04:01,390 when there were more constraints on resources 78 00:04:01,390 --> 00:04:03,160 in database servers. 79 00:04:03,160 --> 00:04:08,590 In order to pass allowed as much of that resource as it can, 80 00:04:08,590 --> 00:04:12,080 we had limits like CPU_PER_SESSION. 81 00:04:12,080 --> 00:04:14,180 IDLE_TIME is a system resource limit 82 00:04:14,180 --> 00:04:17,450 that is used pretty frequently and is a good security 83 00:04:17,450 --> 00:04:18,470 practice. 84 00:04:18,470 --> 00:04:21,080 IDLE_TIME specifies the amount of time 85 00:04:21,080 --> 00:04:23,120 that a session can be idle before it 86 00:04:23,120 --> 00:04:24,630 would be disconnected. 87 00:04:24,630 --> 00:04:27,350 So you may have seen situations in applications where you've 88 00:04:27,350 --> 00:04:29,930 connected, and then not done anything 89 00:04:29,930 --> 00:04:33,200 in the session for a period of time, and then timed out. 90 00:04:33,200 --> 00:04:35,560 Web applications often do this as well. 91 00:04:35,560 --> 00:04:38,480 And so that's how IDLE_TIME functions. 92 00:04:38,480 --> 00:04:40,940 CONNECT_TIME is the amount of time 93 00:04:40,940 --> 00:04:43,490 that a session can be connected to the database 94 00:04:43,490 --> 00:04:46,170 before it's forcibly disconnected. 95 00:04:46,170 --> 00:04:49,850 So this limits people from running a continual session 96 00:04:49,850 --> 00:04:53,240 for a long period of time perhaps with bad SQL statement 97 00:04:53,240 --> 00:04:55,200 or something of that nature. 98 00:04:55,200 --> 00:04:56,390 And then COMPOSITE_LIMIT. 99 00:04:56,390 --> 00:04:59,510 COMPOSITE_LIMIT is a resource limit 100 00:04:59,510 --> 00:05:03,720 that allows us to take a number of different resource limits, 101 00:05:03,720 --> 00:05:06,080 such as CPU_PER_SESSION and some of the limits 102 00:05:06,080 --> 00:05:08,900 that deal with memory and form them together 103 00:05:08,900 --> 00:05:11,600 into a composite overall limit. 104 00:05:11,600 --> 00:05:14,480 So you manage that part of it, and then 105 00:05:14,480 --> 00:05:17,000 if that COMPOSITE_LIMIT is reached 106 00:05:17,000 --> 00:05:21,320 in terms of usage of CPU, and memory, and other limits, 107 00:05:21,320 --> 00:05:25,610 then the session is disconnected or gives an error. 108 00:05:25,610 --> 00:05:29,180 So let's look at creating a profile. 109 00:05:29,180 --> 00:05:32,720 Want to open the system connection. 110 00:05:32,720 --> 00:05:37,770 Creating a profile is going to require system admin rights. 111 00:05:37,770 --> 00:05:55,830 We say create profile, and then we begin specifying our limits 112 00:05:55,830 --> 00:05:59,630 and as many limits as we wish to specify. 113 00:05:59,630 --> 00:06:03,590 So now that profile has been created. 114 00:06:03,590 --> 00:06:07,150 If we wish to alter the profile, we use alter profile. 115 00:06:10,060 --> 00:06:13,390 failed_login_attempts-- 5. 116 00:06:16,170 --> 00:06:18,120 Keep the limit keyword in their. 117 00:06:20,630 --> 00:06:22,430 Now when we want to see information 118 00:06:22,430 --> 00:06:25,260 about a given profile and its limits, 119 00:06:25,260 --> 00:06:29,150 we select from dba_profiles. 120 00:06:31,970 --> 00:06:34,220 Profile equals the profile name-- 121 00:06:41,020 --> 00:06:42,250 dba_profiles. 122 00:06:45,570 --> 00:06:48,000 So a number of the resources, such as COMPOSITE 123 00:06:48,000 --> 00:06:51,590 and SESSIONS_PER_USER, we've left to the default. 124 00:06:51,590 --> 00:06:53,880 And then others, such as FAILED_LOGIN_ATTEMPTS attempts 125 00:06:53,880 --> 00:06:56,720 and PASSWORD_LIFE_TIME, we've set to values. 126 00:06:59,800 --> 00:07:04,060 Now when the Kara user logs in, she has that profile, 127 00:07:04,060 --> 00:07:06,930 and those limits would be assigned to her. 10243