1  说明

Starting with this release, you can configure user accounts to automatically lock if they have been inactive over a period of time.

The CREATE USER and ALTER USER SQL statements enable you to set a new profile parameter, INACTIVE_ACCOUNT_TIME, which enables you to automatically lock inactive accounts.

从12.2开始，Oracle会自动将不活跃(超过一定时间没有操作)的用户锁住。该时间是通过参数INACTIVE_ACCOUNT_TIME来设置的。

该参数单位：天。从该用户上次成功登陆开始计算，如果超过参数设定的天数，那么Oracle会自动锁住该用户。当然该参数默认是UNLIMITED。需要手动开启。http://www.cndba.cn/Expect-le/article/2487

http://www.cndba.cn/Expect-le/article/2487

SQL> select profile,resource_name,limit from dba_profiles t where t.resource_name='INACTIVE_ACCOUNT_TIME';
PROFILE        RESOURCE_NAME	      LIMIT
------------------------------ ------------------------------ --------------------
DEFAULT INACTIVE_ACCOUNT_TIME UNLIMITED
ORA_STIG_PROFILE	       INACTIVE_ACCOUNT_TIME	      35
TEST_PROFILE	       INACTIVE_ACCOUNT_TIME	      35

http://www.cndba.cn/Expect-le/article/2487

关于该参数的更多说明：

1.  The default value for INACTIVE_ACCOUNT_TIME is UNLIMITED.http://www.cndba.cn/Expect-le/article/2487

2.  You must specify a whole number for the number of days. The minimum setting is 15 and the maximum is 24855.

3.  To set the user’s account to have an unlimited inactivity time, set the INACTIVE_ACCOUNT_TIME to UNLIMITED.

4.  To set the user’s account to use the time specified by the default profile, set INACTIVE_ACCOUNT_TIME to DEFAULT.

5.  You can set this parameter for all database authenticated users, including administrative users, but not for external or global authenticated users.

6.  In a read-only database, the last successful login is not considered in the INACTIVE_ACCOUNT_TIME timing. It is not possible to lock a user account in a read-only database (except by performing consecutive failed logins equal in number to the account’s FAILED_LOGIN_ATTEMPTS password profile setting).

7.  For a newly created user account, the timing begins at account creation time. When this user logs out and then logs again, the timing starts when the user successfully logs in.

8.  In a multitenant environment, the INACTIVE_ACCOUNT_TIME setting applies to the last time a common user logs in to the root. A common user is considered active if this user logs in to any of the PDBs or the root.

9.  For a proxy user account login, the INACTIVE_ACCOUNT_TIME begins the timing when the proxy user logs in successfully.

http://www.cndba.cn/Expect-le/article/2487

详细信息查看官方文档：

https://docs.oracle.com/en/database/oracle/oracle-database/12.2/dbseg/configuring-authentication.html#GUID-ED98E6DA-A30C-4052-A343-B516CD641737

版权声明：本文为博主原创文章，未经博主允许不得转载。

INACTIVE_ACCOUNT_TIME