Oracle® Database 2 Day DBA 11g Release 1 (11.1) Part Number B28301-03 |
|
|
View PDF |
This section provides background information and instructions for setting the password policy for all user accounts in the database. It contains the following topics:
When you create a user account, a default password policy is assigned to that user account. The default password policy for a newly installed database includes these directives:
The password for the user account expires automatically in 180 days.
The user account is locked 7 days after password expiration.
The user account is locked for 1 day after 10 failed login attempts.
The default password policy is assigned to user accounts through a database object called a profile. Each user account is assigned a profile, and the profile has a number of attributes that together describe a password policy. The database comes with a default profile (named DEFAULT
), and unless you specify otherwise when you create a user account, the default profile is assigned to the user account.
For better database security, you may want to impose a more strict password policy. For example, you may want passwords to expire every 70 days, and you may want to lock user accounts after three failed login attempts. (A failed login attempt for a user account occurs when a user enters an incorrect password for the account.) You may also want to require that passwords be complex enough to provide reasonable protection against intruders who try to break into the system by guessing passwords. For example, you might specify that passwords must contain at least one number and one punctuation mark.
You change the password policy for every user account in the database by modifying the password-related attributes of the DEFAULT
profile.
Note:
It is possible to have different password policies for different user accounts. You accomplish this by creating multiple profiles, setting password-related attributes differently for each profile, and assigning different profiles to different user accounts. This scenario is not addressed in this section.You modify the default password policy for every database user account by modifying the password-related attributes of the profile named DEFAULT
.
To modify the default password policy:
Go to the Database Home page.
At the top of the page, click Server to view the Server subpage.
In the Security section, click Profiles.
The Profiles page appears.
In the Select column, select the profile named DEFAULT
, and then click Edit.
The Edit Profile page appears.
Toward the top of the page, select the Password subpage.
Change field values as required. Click the flashlight icon next to each field to view a list of choices. (Click Help on this page for a description of the fields.)
Click Apply to save your changes.