签到成功

知道了

CNDBA社区CNDBA社区

oracle PDB lockdown profile

2022-09-03 14:23 19361 0 原创 oracle
作者: hbhe0316
本文链接:https://www.cndba.cn/hbhe0316/article/108653

PDB lockdown profile是一组可以控制操作的命名集。控制PDB的操作权限,是对所有用户都生效。
例如:可以控制用户禁止直行ALTER SYSTEM这样的语法。某种程度上保证了数据库的安全性。https://www.cndba.cn/hbhe0316/article/108653

Use the CREATE LOCKDOWN PROFILE statement to create a PDB lockdown profile. You can use PDB lockdown profiles in a multitenant container database (CDB) to restrict user operations in PDBs.

https://www.cndba.cn/hbhe0316/article/108653
https://www.cndba.cn/hbhe0316/article/108653https://www.cndba.cn/hbhe0316/article/108653

After you create a PDB lockdown profile, you can add restrictions to the profile with the ALTER LOCKDOWN PROFILE statement. You can restrict user operations associated with certain database features, options, and SQL statements.

https://www.cndba.cn/hbhe0316/article/108653

When a lockdown profile is assigned to a PDB, users in that PDB cannot perform the operations that are the disabled for the profile. To assign a lockdown profile, set its name for the value of the PDB_LOCKDOWN initialization parameter. You can assign a lockdown profile to individual PDBs, or to all PDBs in a CDB or application container, as follows:

https://www.cndba.cn/hbhe0316/article/108653

If you set PDB_LOCKDOWN while connected to a CDB root, then the lockdown profile applies to all PDBs in the CDB. It does not apply to the CDB root.

https://www.cndba.cn/hbhe0316/article/108653

If you set PDB_LOCKDOWN while connected to an application root, then the lockdown profile applies to the application root and all PDBs in the application container.https://www.cndba.cn/hbhe0316/article/108653https://www.cndba.cn/hbhe0316/article/108653

If you set PDB_LOCKDOWN while connected to a particular PDB, then the lockdown profile applies to that PDB and overrides the lockdown profile for the CDB or application container, if one exists.

See Also:

SQL> create lockdown profile hbhe_prof;

Lockdown Profile created.

SQL> ALTER LOCKDOWN PROFILE hbhe_prof DISABLE STATEMENT = ('ALTER SYSTEM') clause = ('flush shared_pool');

Lockdown Profile altered.

SQL> alter system set pdb_lockdown=hbhe_prof;

System altered.

SQL> show pdbs;

    CON_ID CON_NAME                       OPEN MODE  RESTRICTED
---------- ------------------------------ ---------- ----------
         2 PDB$SEED                       READ ONLY  NO
         3 PDB01                          MOUNTED
SQL> alter session set container=pdb01;

Session altered.

SQL> alter system flush shared_pool;
alter system flush shared_pool
*
ERROR at line 1:
ORA-01031: insufficient privileges

删除https://www.cndba.cn/hbhe0316/article/108653

SQL> DROP Lockdown Profile hbhe_prof;

Lockdown Profile dropped.

版权声明:本文为博主原创文章,未经博主允许不得转载。

oracle

用户评论
* 以下用户言论只代表其个人观点,不代表CNDBA社区的观点或立场
hbhe0316

hbhe0316

关注

1.只有承认无知,才能装下新的东西; 2.进步来自一点点滴滴的积累; 3.广博让你更优秀,而专业让你无法替代; 4.挫折和失败能够转换为一种财富。

  • 889
    原创
  • 1
    翻译
  • 13
    转载
  • 24
    评论
  • 访问:2658881次
  • 积分:1523
  • 等级:核心会员
  • 排名:第6名
精华文章

    达梦数据库运维实战

    Oracle 18c 必须掌握的新特性:管理与实战

    Oracle数据库问题解决方案和故障排除手册
    最新问题
    查看更多+
    热门文章
      热门用户
      推荐用户
        友情链接: CNDBA社区 | openGauss | openEuler | openAnolis | 广告联系: database@ustc.edu
        Copyright © 2016 All Rights Reserved. Powered by CNDBA · 皖ICP备2022006297号-1·

        QQ交流群

        注册联系QQ