SYS_ADD_FORBIDDEN_RULE¶
参数¶
userid
用户ID, 若用户id为 0, 表示任意用户 (INT类型)
警告
权限说明: 要求当前连接用户是系统角色(SYSDBA、SECURE、AUDIT), 并且禁止为 userid 是数据库系统内置用户(SYSDBA、SYSSECURE、SYSAUDIT)创建登录限制规则
start
限制规则开始时间(时间类型)
end
限制规则结束时间(时间类型)
ip
限制规则的IP地址(字符串)
mask
限制规则的IP掩码(字符串)
返回值¶
返回创建的规则ID
示例¶
示例1: 创建用户NEWUSER并为该用户创建一条登录限制
SQL> CREATE USER NEWUSER WITH PASSWORD 'szoscar55';
CREATE USER
SQL> SELECT * FROM V_SYS_USER;
USENAME | USESYSID | ACCESSCOUNT | LOGINCOUNT | DEFAULTTABLESPACE | USESUPER | PASSWD | FINGERPRINT | VALUNTIL
-----------+----------+-------------+------------+-------------------+----------+----------+-------------+----------
SYSDBA | 1 | 0 | 0 | SYSTEM | t | ******** | ******** |
SYSAUDIT | 4 | 0 | 0 | AUDIT | f | ******** | ******** |
SYSSECURE | 2 | 0 | 0 | SYSTEM | f | ******** | ******** |
NEWUSER | 35445 | 0 | 0 | SYSTEM | f | ******** | ******** |
(4 rows)
SQL> SELECT SYS_ADD_FORBIDDEN_RULE(35445,'09:50:00','09:55:00', '10.1.1.211', '255.255.255.0');
SYS_ADD_FORBIDDEN_RULE
------------------------
35447
(1 row)
SQL>
SQL> SELECT * FROM LOGIN_FORBIDDEN_RULE;
START_TIME | END_TIME | RULEID | USERID | IP | MASK
------------+----------+--------+--------+------------+----------------
09:40:00 | 09:45:00 | 35444 | 0 | |
09:50:00 | 09:55:00 | 35447 | 35445 | 10.1.1.211 | 255.255.255.0
(2 rows)
SQL> EXIT
root@deb:~# isql -h 10.1.1.66 -Unewuser
Password for user newuser:
ERROR, 用户登录IP和登录时间受限, login forbidden,client's ip address and login time both are not in accepted range
root@deb:~#
SQL> SELECT SYS_UPDATE_FORBIDDEN_RULE(35448,35445,'11:00:00','11:20:00','10.1.1.211','255.255.255.192');
SYS_UPDATE_FORBIDDEN_RULE
---------------------------
t
(1 row)