Documentation - V-270546

Title

Oracle Database must provide a mechanism to automatically identify accounts designated as temporary or emergency accounts.

Description

<VulnDiscussion>Temporary application accounts could be used in the event of a vendor support visit where a support representative requires a temporary unique account to perform diagnostic testing or conduct some other support-related activity. When these types of accounts are created, there is a risk that the temporary account may remain in place and active after the support representative has left. To address this in the event temporary application accounts are required, the application must ...

Fix Text (Documentation Requirement)

Use a profile with a distinctive name (for example, TEMPORARY_USERS), so that temporary users can be easily identified. Whenever a temporary user account is created, assign it to this profile. To enable resource limiting via profiles, use the SQL statement: ALTER SYSTEM SET RESOURCE_LIMIT = TRUE; Set values in the profile as needed for temporary users; refer to below for further information. The values here are examples; set them to values appropriate to the situation: CREATE PROFILE TEMPORARY_USERS LIMIT SESSIONS_PER_USER ........... <limit> CPU_PER_SESSION ............. <limit> CPU_PER_CALL ................ <limit> CONNECT_TIME ................ <limit> LOGICAL_READS_PER_SESSION ... DEFAULT LOGICAL_READS_PER_CALL ...... <limit> PRIVATE_SGA ................. <limit> COMPOSITE_LIMIT ......