本文转载自微信公众号《DBA闲思杂想》,作者潇湘隐士。转载本文请联系DBA杂念公众号。关于Oracle数据库的账号,我们在维护数据库的时候,可能偶尔需要获取一些特殊的信息。比如账户创建时间、账户状态、账户锁定时间……一般情况下,我们可以通过DBA_USERS获取大部分相关信息。但是,有一些特殊信息必须通过未使用的基表sys.user$获取。SQL>DESCDBA_USERS;NameNull?类型------------------------------------------------------------------------------USERNAMENOTNULLVARCHAR2(30)USER_IDNOTNULLNUMBERPASSWORDVARCHAR2(30)ACCOUNT_STATUSNULLVARCHAR2(32)LOCK_DATEDATEEXPIRY_DATEDATEDEFAULT_TABLESPACENOTNULLVARCHAR2(30)TEMPORARY_TABLESPACENOTNULLVARCHAR2(30)CREATEDNULLDATEPROFILENOTNULLVARCHAR2(30)INITIAL_RSRC_CONSUMER_GROUPVARCHAR2(30)EXTERNAL_NAMEVARCHAR2(4000)其实我们常用的DBA_USERS是一个同义词,对应SYS.DBA_USERS视图。如果你想查看SYS.DBA_USERS的定义,可以通过下面的方式:--ORACLE10gSQL>SELECTDBMS_METADATA.GET_DDL('VIEW','DBA_USERS','SYS')FROMDUAL;CREATEORREPLACEFORCEVIEW"SYS"."DBA_USERS"("USERNAME","USER_ID","PASSWORD","ACCOUNT_STATUS","LOCK_DATE","EXPIRY_DATE","DEFAULT_TABLESPACE","TEMPORARY_TABLESPACE","CREATED","PROFILE","INITIAL_RSRC_CONSUMER_GROUP","EXTERNAL_NAME")ASselectu.name,u.user#,u.password,m.status,decode(u.astatus,4,u.ltime,5,u.ltime,6,u.ltime,8,u.ltime,9,u.ltime,10,u.ltime,to_date(NULL)),decode(u.astatus,1,u.exptime,2,u.exptime,5,u.exptime,6,u.exptime,9,u.exptime,10,u.exptime,解码(u.ptime,'',to_date(NULL),解码(pr.limit#,2147483647,to_date(NULL),解码(pr.limit#,0,decode(dp.limit#,2147483647,to_date(NULL),u.ptime+dp.limit#/86400),u.ptime+pr.limit#/86400))),dts.name,tts.name,u.ctime,p.name,nvl(cgm.consumer_group,'DEFAULT_CONSUMER_GROUP'),u.ext_usernamefromsys.user$uletouterjoinsys.resource_group_mapping$cgmon(cgm.attribute='ORACLE_USER'andcgm.status='ACTIVE'andcgm.value=u.name),sys.ts$dts,sys.ts$tts,sys.profname$p,sys.user_astatus_mapm,sys.profile$pr,sys.profile$dpwhereu.datats#=dts.ts#andu.resource$=p.profile#andu.tempts#=tts.ts#andu.astatus=m.status#andu.type#=1andu.resource$=pr.profile#anddp.profile#=0anddp.type#=1anddp.resource#=1andpr.type#=1andpr.resource#=1通过以上查看定义,我们可以知道大部分数据来自底层基表sys.user$表sys.user$的结构如下,我们可以从sql.bsq中得到sys.user$的定义。SQL>DESCsys.user$NameNull?Type-----------------------------------------------------------------------------USER#NOTNULLNUMBERNAMENOTNULLVARCHAR2(30)TYPE#NOTNULLNUMBERPASSWORDVARCHAR2(30)DATATS#NOTNULLNUMBERTEMPTS#NOTNULLNUMBERCTIMENOTNULLDATEPTIMEDATEEXPTIMEDATELTIMEDATERESOURCE$NOTNULLNUMBERAUDIT$VARCHAR2(38)DEFROLENOTNULLNUMBERDEFGRP#NUMBERDEFGRP_SEQ#NUMBERASTATUSNOTNULLNUMBERLCOUNTNOTNULLNUMBERDEFSCHCLASSVARCHAR2(30)EXT_USERNAMEVARCHAR2(4000)SPARE1NUMBERSPARE2NUMBERSPARE3NUMBERSPARE4VARCHAR2(1000)SPARE5VARCHAR2(1000)SPARE6DATE其中,我们可以获取一下关键字段信息,具体如下NAME用户(User)或Thenameoftherole(Role)TYPE#0meansRole,1meansUserCTIMEusercreationtimePTIMEpasswordlastmodificationtimeEXPTIMEpasswordexpirationtimeLTIMEaccountlastlockedtimeLCOUNTuserloginfailuretimes.下面我们简单测试验证一下,SQL>CREATEUSERTESTIDENTIFIEDBY"Test#1232134$#3"DEFAULTTABLESPACETBS_TEST_DATATEMPORARYTABLESPACETEMP;Usercreated.SQL>GRANTCONNECTTOTEST;SQL>@get_user_info.sqlSessionaltered.Entervalueforuser_name:TESTold9:WHERENAME=('&USER_NAME')new9:WHERENAME=('TEST')NAMETYPE#CTIMEPTIMEEXPTIMELTIMELCOUNT------------------------------------------------------------------------------------------------------------------------TEST12021-06-1014:10:012021-06-1014:10:010SQL>ALTERUSERTESTIDENTIFIEDBY"kER124";Useraltered.SQL>@get_user_info.sqlSessionaltered.Entervalueforuser_name:TESTold9:WHERENAME=('&USER_NAME')new9:WHERENAME=('TEST')NAMETYPE#CTIMEPTIMEEXPTIMELCOUNT----------------------------------------------------------------------------------------------------------------------TEST12021-06-1014:10:012021-06-1014:10:500SQL>ALTERUSERTESTACCOUNTLOCK;Useraltered.SQL>@get_user_info.sqlSessionaltered.Entervalueforuser_name:TESTold9:WHERENAME=('&USER_NAME')new9:WHERENAME=('TEST')NAMETYPE#CTIMEPTIMEEXPTIMELTIMELCOUNT---------------------------------------------------------------------------------------------------------------------------TEST12021-06-1014:10:012021-06-1014:10:502021-06-1014:11:270SQL>get_user_info.sql脚本如下$moreget_user_info.sqlALTERSESSIONSETNLS_DATE_FORMAT='YYYY-MM-DDHH24:MI:SS';SELECTNAME,TYPE#,CTIME,PTIME,EXPTIME,LTIME,LCOUNTFROMuser$WHERENAME=('&USER_NAME');另外,我们来测试一下账号登录失败的次数,实验前将账号解锁,尝试用错误的账号密码登录数据库,会发现LCOUNT变成了1SQL>@get_user_info.sqlSessionaltered.Entervalueforuser_name:TESTold9:WHERENAME=('&USER_NAME')new9:WHERENAME=('TEST')NAMETYPE#CTIMEPTIMEEXPTIMELCOUNT----------------------------------------------------------------------------------------------------------------------------TEST12021-06-1014:10:012021-06-1014:10:502021-06-1014:11:271SQL>那么这个LCOUNT字段的值一直累加到超过阈值锁?还是中间会被锁住?清算呢?什么情况下会清零?如果你使用正确的密码成功登录数据库,你会发现LCOUNT的值被清空了。如下截图所示:$sqlplus/nologSQL*Plus:Release10.2.0.4.0-ProductiononThuJun1014:30:412021Copyright(c)1982,2007,Oracle.AllRightsReserved.SQL>connectTESTEnterpassword:Connected。也就是说,只要你在锁定之前,一旦登录成功,计数就会归零。在某些版本中,由于bug,LCOUNT可能无法正确反映登录失败次数。例如,这种情况记录在Lcount中,既不会在正确登录时重置,也不会在通过JDBC错误登录后增加(文档ID2675398.1)。另外在ORACLE12C之后增加了一个新的功能,会记录用户上次登录时间:SPARE6字段记录用户上次登录时间。参考:https://www.eygle.com/archives/2009/07/profile_failed_login_attempts.htmlhttps://dbaora.com/sys-user-table-in-oracle-last-password-change-time-last-locked-last-expired-creation-time-failed-logon/Lcount既不会在正确登录时重置,也不会在通过JDBC错误登录后增加(文档ID2675398.1)https://bijoos.com/oraclenotes/2013/153/
