Profiling Offenders

After a few recent adventures I’m beginning to think my new employers aren’t taking me entirely seriously. So as a result I’ve dug up a rather useful and often ignored oracle feature. User profiles

Profiles allow the dba to control a great deal of database resources on a per-user level, from cpu usage to password change frequency it really doesn’t pay to piss off a DBA who knows how to use these.

In practice, the real world tends not to use them as some of the limitations are pretty difficult to calculate fairly, and when everyone logs in to a web front end they’re pretty much useless. Where you still have an old client server setup however, as a means of enforcement or revenge they can be incredibly useful. Take for example my favourite profile for people I don’t like:

CREATE PROFILE IHateYou CONNECT TIME 5;

ALTER USER <random user> PROFILE IHateYou;

It’s also a good idea, if you’re being evil to prevent people just logging in again

ALTER PROFILE IHateYou SESSIONS_PER_USER 1;

This will limit someone I don’t like or has pissed me off lately to only stay connected to oracle for a whole five minutes before their session is disconnected

And to enable it all you have to do is:

ALTER USER muppet PROFILE IHateYou;

Now a word of warning here, profiles only take effect the next time the victim logs in so you have to keep some of the timings short in order to mess with their heads. I’ve recently implemented an oracle profile purely for our finance staff that ensures they either have to work for a living or GTFO

CREATE PROFILE BeanCounter
CONNECT_TIME 20
IDLE_TIME 5
SESSIONS_PER_USER 1;

 

This ensures that our accountants, marketing droids and other wastes of DNA don’t hog any of MY databases. They can stay connected for 20 minutes at a time and if they dare to take a five minute break, well…tough….

As our beancounters couldn’t be arsed to work between Christmas and new year it has been a lean six week month for many of us before we got paid, so for my next trick I’m going to build this into a DBMS_SCHEDULER job so that the idle time and connect time change randomly every hour for every single member of our payroll department.

I’m even considering adding random password expiry and re-use limits for anyone who doesn’t pay my expense claims on time

After a couple of helpdesk calls where I could blame it on GDPR or new security rules I feel just so much better………..

Respect my Authority!