問題:賬號被鎖定
SQL> select username,account_status from dba_users where username in('APP_BASE_NORTH','NORTH_STATS');
USERNAME ACCOUNT_STATUS
------------------------------ --------------------------------
APP_BASE_NORTH LOCKED(TIMED)
NORTH_STATS LOCKED(TIMED)
查看是什麼原因導致?
--查看用戶使用的pofile
SQL> select profile from dba_users where username in('APP_BASE_NORTH','NORTH_STATS');
PROFILE
------------------------------
PF_NORTH_STATS
PF_APP_BASE_NORTH
--查看每個profile裏具體的資源限制內容
set line 300
select * from dba_profiles where profile ='PF_NORTH_STATS';
SQL> set line 200
SQL> select * from dba_profiles where profile ='PF_NORTH_STATS';
PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
PF_NORTH_STATS COMPOSITE_LIMIT KERNEL DEFAULT
PF_NORTH_STATS SESSIONS_PER_USER KERNEL 100
PF_NORTH_STATS CPU_PER_SESSION KERNEL DEFAULT
PF_NORTH_STATS CPU_PER_CALL KERNEL DEFAULT
PF_NORTH_STATS LOGICAL_READS_PER_SESSION KERNEL DEFAULT
PF_NORTH_STATS LOGICAL_READS_PER_CALL KERNEL DEFAULT
PF_NORTH_STATS IDLE_TIME KERNEL DEFAULT
PF_NORTH_STATS CONNECT_TIME KERNEL DEFAULT
PF_NORTH_STATS PRIVATE_SGA KERNEL DEFAULT
PF_NORTH_STATS FAILED_LOGIN_ATTEMPTS PASSWORD DEFAULT
PF_NORTH_STATS PASSWORD_LIFE_TIME PASSWORD DEFAULT
PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
PF_NORTH_STATS PASSWORD_REUSE_TIME PASSWORD DEFAULT
PF_NORTH_STATS PASSWORD_REUSE_MAX PASSWORD DEFAULT
PF_NORTH_STATS PASSWORD_VERIFY_FUNCTION PASSWORD DEFAULT
PF_NORTH_STATS PASSWORD_LOCK_TIME PASSWORD DEFAULT
PF_NORTH_STATS PASSWORD_GRACE_TIME PASSWORD DEFAULT
16 rows selected.
--因爲指定的limit的值都是default,查看default限定的值詳情
select * from dba_profiles where profile ='DEFAULT';
SQL> select * from dba_profiles where profile ='DEFAULT';
PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
DEFAULT COMPOSITE_LIMIT KERNEL UNLIMITED
DEFAULT SESSIONS_PER_USER KERNEL UNLIMITED
DEFAULT CPU_PER_SESSION KERNEL UNLIMITED
DEFAULT CPU_PER_CALL KERNEL UNLIMITED
DEFAULT LOGICAL_READS_PER_SESSION KERNEL UNLIMITED
DEFAULT LOGICAL_READS_PER_CALL KERNEL UNLIMITED
DEFAULT IDLE_TIME KERNEL UNLIMITED
DEFAULT CONNECT_TIME KERNEL UNLIMITED
DEFAULT PRIVATE_SGA KERNEL UNLIMITED
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD 10
DEFAULT PASSWORD_LIFE_TIME PASSWORD UNLIMITED
PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
DEFAULT PASSWORD_REUSE_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_REUSE_MAX PASSWORD UNLIMITED
DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD NULL
DEFAULT PASSWORD_LOCK_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_GRACE_TIME PASSWORD UNLIMITED
16 rows selected.
可以看到FAILED_LOGIN_ATTEMPTS的值爲10,PASSWORD_LIFE_TIME爲UNLIMITED
說明用戶沒有過期限制,但是用戶嘗試登錄數據庫的次數最大限制爲10次,當達到10次以後,該用戶的帳戶就被鎖定,當鎖定時間超過了PASSWORD_LOCK_TIME設置的時間後,用戶會自動解鎖(當然在沒有進行登錄時狀態不會發生變化,只有試圖登錄時狀態纔會發生變化)。但是該用戶默認的PASSWORD_LOCK_TIME爲UNLIMITED,所以需要DBA手動解鎖。
--解決方式
alter user APP_BASE_NORTH account unlock;
alter user NORTH_STATS account unlock;
--解鎖後查看狀態爲open
select username,account_status from dba_users where username in('APP_BASE_NORTH','NORTH_STATS');
--爲了避免在出現此類問題,可以將FAILED_LOGIN_ATTEMPTS設置爲UNLIMITED
alter profile default limit FAILED_LOGIN_ATTEMPTS unlimited;