This practice shows how to enforce CDB-wide, the minimum password length for database user accounts without restricting access to database user profiles.
Before starting any new practice, refer to the Practices Environment recommendations.
Step 1 : Create a mandatory profile in the CDB root
Connect to the CDB root in
Create the mandatory root profile. The mandatory root profile acts as an always-on user profile. Mandatory profile limits are enforced in addition to the existing limits from the profile which the user is assigned to. This creates a union effect in the sense that the password complexity verification script of the mandatory profile will be executed before the password complexity script from the profile of the user account (if any).
Step 2 : Set the
MANDATORY_USER_PROFILE initialization parameter
Set the initialization parameter to the profile name.
The password verify function of the mandatory profile is envisioned to be always enforced from
CDB$ROOT, which means that the password resource limit is always fetched and executed from
CDB$ROOTand enforced on the PDBs in the entire CDB depending on the
Step 3 : Replace the password verification function to enforce the minimum password length.
Replace the password verification function.
Step 4 : Test
Create a new user named
Step 5 : Reset the configuration
Drop the mandatory profile in the root.
MANDATORY_USER_PROFILEinitialization parameter first.
Restart the instance.