签到成功

知道了

CNDBA社区CNDBA社区

oracle PDB lockdown profile

2022-09-03 14:23 8334 0 原创 oracle
作者: hbhe0316
本文链接:http://www.cndba.cn/hbhe0316/article/108653

PDB lockdown profile是一组可以控制操作的命名集。控制PDB的操作权限,是对所有用户都生效。
例如:可以控制用户禁止直行ALTER SYSTEM这样的语法。某种程度上保证了数据库的安全性。http://www.cndba.cn/hbhe0316/article/108653

Use the CREATE LOCKDOWN PROFILE statement to create a PDB lockdown profile. You can use PDB lockdown profiles in a multitenant container database (CDB) to restrict user operations in PDBs.http://www.cndba.cn/hbhe0316/article/108653

After you create a PDB lockdown profile, you can add restrictions to the profile with the ALTER LOCKDOWN PROFILE statement. You can restrict user operations associated with certain database features, options, and SQL statements.http://www.cndba.cn/hbhe0316/article/108653

When a lockdown profile is assigned to a PDB, users in that PDB cannot perform the operations that are the disabled for the profile. To assign a lockdown profile, set its name for the value of the PDB_LOCKDOWN initialization parameter. You can assign a lockdown profile to individual PDBs, or to all PDBs in a CDB or application container, as follows:

http://www.cndba.cn/hbhe0316/article/108653
http://www.cndba.cn/hbhe0316/article/108653http://www.cndba.cn/hbhe0316/article/108653

If you set PDB_LOCKDOWN while connected to a CDB root, then the lockdown profile applies to all PDBs in the CDB. It does not apply to the CDB root.

If you set PDB_LOCKDOWN while connected to an application root, then the lockdown profile applies to the application root and all PDBs in the application container.http://www.cndba.cn/hbhe0316/article/108653

If you set PDB_LOCKDOWN while connected to a particular PDB, then the lockdown profile applies to that PDB and overrides the lockdown profile for the CDB or application container, if one exists.http://www.cndba.cn/hbhe0316/article/108653

See Also:http://www.cndba.cn/hbhe0316/article/108653

SQL> create lockdown profile hbhe_prof;

Lockdown Profile created.

SQL> ALTER LOCKDOWN PROFILE hbhe_prof DISABLE STATEMENT = ('ALTER SYSTEM') clause = ('flush shared_pool');

Lockdown Profile altered.

SQL> alter system set pdb_lockdown=hbhe_prof;

System altered.

SQL> show pdbs;

    CON_ID CON_NAME                       OPEN MODE  RESTRICTED
---------- ------------------------------ ---------- ----------
         2 PDB$SEED                       READ ONLY  NO
         3 PDB01                          MOUNTED
SQL> alter session set container=pdb01;

Session altered.

SQL> alter system flush shared_pool;
alter system flush shared_pool
*
ERROR at line 1:
ORA-01031: insufficient privileges

删除http://www.cndba.cn/hbhe0316/article/108653

SQL> DROP Lockdown Profile hbhe_prof;

Lockdown Profile dropped.

版权声明:本文为博主原创文章,未经博主允许不得转载。

oracle

用户评论
* 以下用户言论只代表其个人观点,不代表CNDBA社区的观点或立场
hbhe0316

hbhe0316

关注

1.只有承认无知,才能装下新的东西; 2.进步来自一点点滴滴的积累; 3.广博让你更优秀,而专业让你无法替代; 4.挫折和失败能够转换为一种财富。

  • 889
    原创
  • 1
    翻译
  • 13
    转载
  • 24
    评论
  • 访问:1749956次
  • 积分:1523
  • 等级:核心会员
  • 排名:第6名
精华文章

    达梦数据库运维实战

    Oracle 18c 必须掌握的新特性:管理与实战

    Oracle数据库问题解决方案和故障排除手册
    最新问题
    查看更多+
    热门文章
      热门用户
      推荐用户
        友情链接: CNDBA社区 | openGauss | openEuler | openAnolis | 广告联系: database@ustc.edu
        Copyright © 2016 All Rights Reserved. Powered by CNDBA · 皖ICP备2022006297号-1·

        QQ交流群

        注册联系QQ