Antes de criarmos o Lockdown Profile, vamos consultar o valor de um par\u00e2metro e alter\u00e1-lo utilizando o comando ALTER SYSTEM:<\/p>\n\n\n
\n[oracle@quiasma ~]$ sqlplus \/ as sysdba\n \nSQL*Plus: Release 18.0.0.0.0 - Production on Fri Apr 16 03:54:17 2021\nVersion 18.13.0.0.0\n \nCopyright (c) 1982, 2018, Oracle. All rights reserved.\n \n \nConnected to:\nOracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production\nVersion 18.13.0.0.0\n \nSQL> ALTER SESSION SET CONTAINER=HIPOFISE1;\n \nSession altered.\n \nSQL> SHO PARAMETER OPTIMIZER_DYNAMIC_SAMPLING\n \nNAME TYPE VALUE\n------------------------------------ ----------- ------------------------------\noptimizer_dynamic_sampling integer 2\nSQL> ALTER SYSTEM SET OPTIMIZER_DYNAMIC_SAMPLING=3;\n \nSystem altered.\n \nSQL> SHO PARAMETER OPTIMIZER_DYNAMIC_SAMPLING\n \nNAME TYPE VALUE\n------------------------------------ ----------- ------------------------------\noptimizer_dynamic_sampling integer 3\nSQL>\n<\/pre><\/div>\n\n\nConsultando o atual Lockdown Profile que temos no ambiente:<\/p>\n\n\n
\nSQL> conn \/ as sysdba\nConnected.\nSQL> col profile_name format a30\nSQL> SELECT PROFILE_NAME FROM DBA_LOCKDOWN_PROFILES;\n \nPROFILE_NAME\n------------------------------\nPRIVATE_DBAAS\nPROFILE_DO_BRUNO\nPUBLIC_DBAAS\nSAAS\n \nSQL> col rule format a25\nSQL> col clause format a10\nSQL> SELECT PROFILE_NAME, RULE, CLAUSE, STATUS FROM DBA_LOCKDOWN_PROFILES WHERE PROFILE_NAME='PROFILE_DO_BRUNO';\n \nPROFILE_NAME RULE CLAUSE STATUS\n------------------------------ ------------------------- ---------- -------\nPROFILE_DO_BRUNO PARTITIONING DISABLE\n<\/pre><\/div>\n\n\nCriando a regra para n\u00e3o permitir a execu\u00e7\u00e3o de comandos ALTER SYSTEM no PDB HIPOFISE1, exceto para realizar KILL SESSION:<\/p>\n\n\n
\nSQL> ALTER LOCKDOWN PROFILE PROFILE_DO_BRUNO DISABLE STATEMENT= ('ALTER SYSTEM') CLAUSE ALL EXCEPT = ('KILL SESSION');\n \nLockdown Profile altered.\n \nSQL> col rule format a25\nSQL> col clause format a10\nSQL> SELECT PROFILE_NAME, RULE, CLAUSE, STATUS FROM DBA_LOCKDOWN_PROFILES WHERE PROFILE_NAME='PROFILE_DO_BRUNO';\n \nPROFILE_NAME RULE CLAUSE STATUS\n------------------------------ ------------------------- ---------- -------\nPROFILE_DO_BRUNO PARTITIONING DISABLE\nPROFILE_DO_BRUNO ALTER SYSTEM DISABLE\nPROFILE_DO_BRUNO ALTER SYSTEM KILL SESSI ENABLE\n ON\n<\/pre><\/div>\n\n\nValidando a regra em a\u00e7\u00e3o:<\/p>\n\n\n
\nSQL> ALTER SESSION SET CONTAINER=HIPOFISE1;\n \nSession altered.\n \nSQL> ALTER SYSTEM SET OPTIMIZER_DYNAMIC_SAMPLING=4;\nALTER SYSTEM SET OPTIMIZER_DYNAMIC_SAMPLING=4\n*\nERROR at line 1:\nORA-01031: insufficient privileges\n<\/pre><\/div>\n\n\nAbri uma outra conex\u00e3o com o PDB:<\/p>\n\n\n
\n[oracle@quiasma ~]$ sqlplus SYSTEM\/oracle@HIPOFISE1\n \nSQL*Plus: Release 18.0.0.0.0 - Production on Fri Apr 16 04:03:03 2021\nVersion 18.13.0.0.0\n \nCopyright (c) 1982, 2018, Oracle. All rights reserved.\n \nLast Successful login time: Thu Apr 15 2021 05:51:34 -03:00\n \nConnected to:\nOracle Database 18c Enterprise Edition Release 18.0.0.0.0 - Production\nVersion 18.13.0.0.0\n \nSQL> SELECT * FROM DUAL;\n \nD\n-\nX\n<\/pre><\/div>\n\n\nIdentificando seu SID e SERIAL# e realizando o KILL com sucesso:<\/p>\n\n\n
\nSQL> SELECT SID,SERIAL#,STATUS FROM V$SESSION WHERE USERNAME='SYSTEM';\n \n SID SERIAL# STATUS\n---------- ---------- --------\n 129 15313 INACTIVE\n \nSQL> ALTER SYSTEM KILL SESSION '129,15313' IMMEDIATE;\n \nSystem altered.\n<\/pre><\/div>\n\n\nPercebemos que a sess\u00e3o foi derrubada efetivamente:<\/p>\n\n\n
\nSQL> \/\nSELECT * FROM DUAL\n*\nERROR at line 1:\nORA-03113: end-of-file on communication channel\nProcess ID: 3181\nSession ID: 129 Serial number: 15313\n<\/pre><\/div>\n\n\nObs: Este procedimento foi criado pelo senhor Ahmed Baraka (www.ahmedbaraka.com) e foi apenas reproduzido por mim em um laborat\u00f3rio pessoal para fins de aprendizado.<\/p>\n","protected":false},"excerpt":{"rendered":"
Antes de criarmos o Lockdown Profile, vamos consultar o valor de um par\u00e2metro e alter\u00e1-lo utilizando o comando ALTER SYSTEM: Consultando o atual Lockdown Profile que temos no ambiente: Criando a regra para n\u00e3o permitir a execu\u00e7\u00e3o de comandos ALTER SYSTEM no PDB HIPOFISE1, exceto para realizar KILL SESSION: Validando a regra em a\u00e7\u00e3o: Abri […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-3855","post","type-post","status-publish","format-standard","hentry","category-multitenant"],"_links":{"self":[{"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/posts\/3855","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/comments?post=3855"}],"version-history":[{"count":1,"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/posts\/3855\/revisions"}],"predecessor-version":[{"id":9169,"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/posts\/3855\/revisions\/9169"}],"wp:attachment":[{"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/media?parent=3855"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/categories?post=3855"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swiv.com.br\/index.php\/wp-json\/wp\/v2\/tags?post=3855"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}