Failed Login Attempts Only Counted Per Shard

Oracle Globally Distributed Database doesn't support management of all shards as a single database. A distributed database is a collection of independent databases which have to be managed individually.

If you are relying on failed login counts, you either need to use external (centrally managed) users, or keep in mind that the number of unsuccessful login attempts is counted per shard when setting the limit in the distributed database.

A distributed database user created using ENABLE SHARD DDL, followed by the CREATE USER command, has identical user account status across all of the shards. However, the user's life cycle could move to a different status because of invalid login attempts against the catalog database or the shards.

The user account status does not get synced across shards. An explicit account lock using DDL such as ALTER USER may get replicated across shards, but any account status transition, such as locked account or expired account (because password life time has elapsed) is not propagated.