i am using oracle 12, and hoping to find how can i enable or disable simultaneous connections for my database for each user.
i found codes regarding dispatchers and other ones including the following codes:
SHARED_SERVER_SESSIONS
MAX_DISPATCHERS
CONNECTIONS
SESSIONS
POOL
in addition to other codes that didn't find suitable for my case .Can anyone help ?
Create a new profile as
CREATE PROFILE <profile_name> LIMIT
SESSIONS_PER_USER 1
CPU_PER_SESSION UNLIMITED
CPU_PER_CALL <some_value>
CONNECT_TIME <some_value>
LOGICAL_READS_PER_SESSION DEFAULT
LOGICAL_READS_PER_CALL <some_value>
PRIVATE_SGA <some_value>
COMPOSITE_LIMIT <some_value>;
note: choose other parameters as per requirement, you can get current profile parameter values from dba_profile view and use them in the above query. Before that get the profile name of the user using below query
SELECT profile FROM dba_users WHERE username = <user_name>;
Then ALTER USER
ALTER USER <user_name> PROFILE <profile_name>;
Related
I have a group login which has the Server Role "dbcreator". Users of this login has been granted execute on "sp_delete_database_backuphistory" so that they can delete each others databases. The problem now is that it is possible for these users to delete databases created by other logins. Is there a solution for this? Can permissionĀ“s be set, so that these users ONLY can delete databases created with this login?
You can't do this directly, but you can wrap the system sp_delete_database_backuphistory into your own usp_delete_database_backuphistory
that can call sp_delete_database_backuphistory or return immediately depending on a result of the check you want to perform.
I cannot ask you in a comment what do you mean saying 'databases created by other users', first of all only login (not user) can create a database but this information (db creator) you cannot extract from any system metadata, all you can get is the current database owner and this can differ from database creator.
I mean, when you create a database you can explicitly assign other login to own the database, or you can do this later for certain purposes
I am using Oracle SQL Developer and I run into the ORA-28000 error and my account got blocked, but I resolved it from SQL plus by using the following commands:
SQL> alter user user1 account unlock;
SQL> grant connect, resource to user1;
The thing is that I want to prevent this from happening again. Where can I see the threshold of the failed login attempts that exists so that I would either raise it or delete it completely?
In the sql developer, menu in the Users option, you can edit the user and edit the amount of attempts, if the password expires, etc. However I can only log in with the system user, sys could not connect.
FAILED_LOGIN_ATTEMPTS and similar are properties of the profile associated with your user. You can check the settings with this query:
select u.profile
, p.resource_name
, p.limit
from dba_users u
join dba_profiles p
on u.profile = p.profile
where p.resource_type = 'PASSWORD';
These limits are set for the profile: you can change them but the new limits will cascade to all users with this profile:
alter profile whatever limit FAILED_LOGIN_ATTEMPTS 12;
Alternatively you can modify the user so it has a more forgiving profile:
alter user joesoap profile default;
I have installed Oracle SQL Developer 11g and I have created many connections and I try to create user which will have access on only one specified connection
How can i do that?
You need to create a profile that limits the number of sessions:
create profile only_one_connection
limit sessions_per_user 1;
Then you need to alter the user and assign that profile to the user:
alter user only_one
profile only_one_connection;
This assumes you have already created the user only_one and granted the create session privilege. You can also assign the profile when creating the user
all!
I have a db with tables User and Group, which represent entities in some application. But at the same time there are database users and database groups with the same names. I need to anonymize the database. It's easy to change db tables, e.g. update User set "Name" = "John",... where Id = 100500
But what to do with db users and db groups?
My first thought was to drop user and that create a new one:
drop user John;
create user njoh identified by 'pswd' login policy "root";
But belonging to groups is lost in the approach.
Is there any kind of rename method for db users in Sybase Anywhere 11?
Also I don't know how to change last log-in time and comments for a db user.
The same problem with groups. I didn't try to 'drop groups', 'cause I don't know if there is a possibility in Sybase Anywhere 11.
Could anyone tell me the truth - does the problem have a solution?
No, there is no way to rename an existing user. You can certainly drop it and create a new user but like you said, any group memberships are lost, as are permissions granted on objects like tables and procedures.
The only way to change the last login time for a user is by logging in. You can change the comment on a user by using comment on user is '<string>'.
There is no drop group statement - a group in SQL Anywhere (versions 12 and older) is simply a user with "group authority", so to drop a group you would use revoke connect from <group name>.
Disclaimer: I work for SAP in SQL Anywhere engineering.
Consider this T-SQL:
CREATE USER my_test_user WITHOUT LOGIN;
SELECT USER_NAME(), USER, SUSER_SNAME(),SYSTEM_USER, suser_name();
EXECUTE AS USER = 'my_test_user' WITH NO REVERT;
SELECT USER_NAME(), USER, SUSER_SNAME(),SYSTEM_USER, suser_name();
I'm looking at using these accounts WITHOUT LOGIN for auditing purposes. Basically, my "get a database connection" code returns a connection on which the EXECUTE AS USER...WITH NO REVERT has already been executed.
The problem is that I can't get consistent results from any of these user name functions. The two lines of output are:
dbo dbo original_user original_user original_user
my_test_user my_test_user S-1-9-3-XXXXX.. S-1-9-3-XXXXX.. S-1-9-3-XXXXX..
The USER functions produce correct output AFTER the 'EXECUTE AS', but beforehand they're showing dbo rather than the user name
The SUSER functions are just the opposite -- they're correct initially but after impersonation they're showing some sort of ID
The MSDN docs for SUSER_SNAME explicitly give an example where this is supposed to work.
UPDATE: What I'm looking for is a function that will produce 'original_user' in the first case and 'my_test_user' in the second.
Update: you need the ORIGINAL_LOGIN fn here too
Original:
Afterwards, there is no matching system level user. So, it can't resolve the database level sid, so it simply returns the sid from sys.database_principals
CREATE USER my_test_user WITHOUT LOGIN;
SELECT USER_NAME(), USER, SUSER_SNAME(),SYSTEM_USER, suser_name();
EXECUTE AS USER = 'my_test_user' WITH NO REVERT;
SELECT USER_NAME(), USER, SUSER_SNAME(),SYSTEM_USER, suser_name(),
SUSER_SID();
SELECT * FROM sys.database_principals WHERE sid = SUSER_SID();
I don't know if this is by design, but it explains where the number comes from. The rest is as expected as explained below
Notes:
You'll get dbo for USER_NAME() because you are logged on with sysadmin rights. Everyone with "sysadmin" is dbo when using db level user functions.
After changing user context, db level user functions resolve to the database user context
For system level user functions, you'll get the login you used before
Users without login are a special case used exclusively for service broker security (remote service bindings) or for code signing. They represent identity, not impersonation. Do not use users without login for EXECUTE AS. You'll run into all sort of edge cases because they explicitly don't have a user to login mapping and almost everywhere a mapping is expected.
Just a guess here, but it looks like to me that the first select is being run as the user you're currently logged into as with the connection, and in the second select you are then telling sql server to execute as the newly created user.