Locking unused accounts
DBAsupport.com Forums - Powered by vBulletin
Results 1 to 7 of 7

Thread: Locking unused accounts

  1. #1
    Join Date
    Nov 2006
    Posts
    4

    Locking unused accounts

    hi ,
    Is there a way to lock the accounts if the user have not used it for some time for example one or two months.

    Thanks

  2. #2
    Join Date
    Jan 2001
    Posts
    2,828
    Hi

    The user you create should have a password that would expire every two months .
    Look up creating users in oracle documentation.

    There are otherways but the one above is the simplest

    regards
    Hrishy

  3. #3
    Join Date
    Nov 2006
    Posts
    4
    Thanks for the input . But ,once the password is expayered the user will be able to change his password during the grace period which will only start after he tryes to login . Please correct me if I am wrong .

    My requirment is that a user who has not loged into his account for 2 months will be locked and only the administrator will be able to unlock the account .

  4. #4
    Join Date
    Aug 2002
    Location
    Colorado Springs
    Posts
    5,253
    The grace period is optional, I believe.

    You might consider a logon trigger to log the last date of logon, and a scheduled job to lock accounts that haven't been used for two months. Maybe there's a more graceful way but I can't think of it.
    David Aldridge,
    "The Oracle Sponge"

    Senior Manager, Business Intelligence Development
    XM Satellite Radio
    Washington, DC

    Oracle ACE

  5. #5
    Oracle doesn't track the last login of a given user, you have to put something in for that yourself.

  6. #6
    Join Date
    Nov 2006
    Location
    Sofia
    Posts
    630
    Quote Originally Posted by slimdave
    You might consider a logon trigger to log the last date of logon
    There is just nothing to add to that post, as Nike says "Just do it"
    AGAIN check if grace period is not optional. I belive it is and that's the easiest

    Regards
    Boris

  7. #7
    Join Date
    Feb 2004
    Location
    India
    Posts
    18
    How bout this idea ...

    1. Create a table that shud contain username and last_logon_time .
    2. Write a trigger on logon event that will make entry into this table
    by select username,logon_time from v$session;

    3. Based on specific date range say if sysdate - last_logon_time > 20
    alter user account lock.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width