Oracle教程FG421-ORA-28000账户锁定

本文档风哥主要介绍Oracle ORA-28000账户锁定相关知识，包括ORA-28000的概念、ORA-28000的常见原因、ORA-28000分析方法、ORA-28000错误分析配置、ORA-28000错误监控、ORA-28000错误故障处理等内容，由风哥教程参考Oracle官方文档Troubleshooting内容编写，适合DBA人员在学习和测试中使用，如果要应用于生产环境则需要自行确认。

Part01-基础概念与理论知识

1.1 ORA-28000的概念

Oracle ORA-28000是Oracle数据库的账户锁定错误，表示用户账户已被锁定。ORA-28000错误通常发生在用户多次登录失败后账户被自动锁定，或者管理员手动锁定账户时。ORA-28000错误需要解锁账户或重置密码才能解决。更多视频教程www.fgedu.net.cn

Oracle ORA-28000的特点：

账户锁定：用户账户已被锁定
登录失败：多次登录失败导致锁定
密码过期：密码过期导致账户锁定
管理员锁定：管理员手动锁定账户
安全策略：安全策略强制锁定账户

1.2 ORA-28000的常见原因

Oracle ORA-28000的常见原因：

多次登录失败：用户多次输入错误密码导致账户锁定
密码过期：密码过期未及时更改导致账户锁定
管理员锁定：管理员手动锁定用户账户
安全策略：安全策略强制锁定账户
PROFILE配置：PROFILE配置导致账户锁定
FAILED_LOGIN_ATTEMPTS：登录失败次数达到限制
PASSWORD_LIFE_TIME：密码生命周期到期

1.3 ORA-28000分析方法

Oracle ORA-28000分析方法：

错误信息分析：分析错误信息含义
账户状态分析：分析用户账户状态
PROFILE分析：分析用户PROFILE配置
登录失败分析：分析登录失败记录
审计日志分析：分析审计日志
告警日志分析：分析告警日志

风哥提示：ORA-28000是账户锁定错误，建议解锁账户或重置密码，并检查安全策略配置。

Part02-生产环境规划与建议

2.1 ORA-28000错误处理规划

Oracle ORA-28000错误处理规划要点：

# ORA-28000错误处理规划
– 错误监控：监控ORA-28000错误发生
– 错误记录：记录ORA-28000错误信息
– 错误分析：分析ORA-28000错误原因
– 错误处理：处理ORA-28000错误问题

# 错误监控规划
– 监控工具：选择监控工具
– 监控频率：设置监控频率
– 监控范围：定义监控范围
– 告警配置：配置告警规则

# 错误记录规划
– 记录方式：选择记录方式
– 记录格式：定义记录格式
– 记录保留：设置记录保留时间
– 记录备份：备份错误记录

# 错误分析规划
– 分析方法：选择分析方法
– 分析工具：选择分析工具
– 分析流程：定义分析流程
– 分析报告：生成分析报告

# 错误处理规划
– 处理流程：定义处理流程
– 处理优先级：设置处理优先级
– 处理责任人：指定处理责任人
– 处理验证：验证处理结果

2.2 ORA-28000错误分析工具

Oracle ORA-28000错误分析工具：

SQL*Plus：命令行工具
SQL Developer：图形化工具
Enterprise Manager：企业级管理工具
DBA_USERS：用户账户状态视图
DBA_PROFILES：PROFILE配置视图
DBA_AUDIT_SESSION：审计会话视图

# 工具使用建议
– SQL*Plus：快速查询错误信息
– SQL Developer：图形化分析错误
– Enterprise Manager：集中管理错误
– DBA_USERS：查看用户账户状态
– DBA_PROFILES：查看PROFILE配置
– DBA_AUDIT_SESSION：查看登录失败记录

2.3 ORA-28000错误处理最佳实践

Oracle ORA-28000错误处理最佳实践：

定期监控：定期监控ORA-28000错误
及时处理：及时处理ORA-28000错误
文档记录：记录错误处理过程
经验积累：积累错误处理经验
预防措施：制定预防措施

生产环境建议：ORA-28000错误处理需要建立完善的监控和处理机制，建议定期监控、及时处理、文档记录。学习交流加群风哥微信: itpux-com

Part03-生产环境项目实施方案

3.1 ORA-28000错误分析配置

3.1.1 配置用户账户管理

# 1. 查看用户账户状态
SQL> select username, account_status, lock_date, expiry_date, profile
from dba_users
where username = ‘SCOTT’;

USERNAME ACCOUNT_STATUS LOCK_DATE EXPIRY_DATE PROFILE
———- —————– ——————- ——————- ———-
SCOTT LOCKED 31-MAR-26 10:00:00 30-APR-26 10:00:00 DEFAULT

# 2. 查看所有锁定账户
SQL> select username, account_status, lock_date, profile
from dba_users
where account_status like ‘%LOCKED%’;

USERNAME ACCOUNT_STATUS LOCK_DATE PROFILE
———- —————– ——————- ———-
SCOTT LOCKED 31-MAR-26 10:00:00 DEFAULT
TEST LOCKED(TIMED) 31-MAR-26 09:00:00 DEFAULT

# 3. 查看用户PROFILE配置
SQL> select profile, resource_name, limit
from dba_profiles
where profile = ‘DEFAULT’
and resource_type = ‘PASSWORD’;

PROFILE RESOURCE_NAME LIMIT
———- ——————————– ———-
DEFAULT FAILED_LOGIN_ATTEMPTS 10
DEFAULT PASSWORD_LOCK_TIME 1
DEFAULT PASSWORD_LIFE_TIME 180
DEFAULT PASSWORD_GRACE_TIME 7
DEFAULT PASSWORD_REUSE_TIME UNLIMITED
DEFAULT PASSWORD_REUSE_MAX UNLIMITED
DEFAULT PASSWORD_VERIFY_FUNCTION NULL
DEFAULT PASSWORD_ROLLOVER_TIME UNLIMITED
DEFAULT INACTIVE_ACCOUNT_TIME UNLIMITED

# 4. 解锁用户账户
SQL> alter user scott account unlock;

User altered.

# 5. 验证账户状态
SQL> select username, account_status, lock_date, expiry_date, profile
from dba_users
where username = ‘SCOTT’;

USERNAME ACCOUNT_STATUS LOCK_DATE EXPIRY_DATE PROFILE
———- —————– ——————- ——————- ———-
SCOTT OPEN 30-APR-26 10:00:00 DEFAULT

# 6. 重置用户密码
SQL> alter user scott identified by tiger;

User altered.

# 7. 测试用户登录
$ sqlplus scott/tiger@FGEDUDB

SQL*Plus: Release 19.0.0.0.0 – Production on Mon Mar 31 10:00:00 2026
Copyright (c) 1982, 2020, Oracle. All rights reserved.

Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 – Production
Version 19.3.0.0.0

SQL> show user
USER is “SCOTT”

3.1.2 配置PROFILE管理

# 1. 创建新的PROFILE
SQL> create profile app_profile limit
failed_login_attempts 5
password_lock_time 1
password_life_time 90
password_grace_time 7
password_reuse_time 365
password_reuse_max 5;

Profile created.

# 2. 查看PROFILE配置
SQL> select profile, resource_name, limit
from dba_profiles
where profile = ‘APP_PROFILE’
and resource_type = ‘PASSWORD’;

PROFILE RESOURCE_NAME LIMIT
———– ——————————– ———-
APP_PROFILE FAILED_LOGIN_ATTEMPTS 5
APP_PROFILE PASSWORD_LOCK_TIME 1
APP_PROFILE PASSWORD_LIFE_TIME 90
APP_PROFILE PASSWORD_GRACE_TIME 7
APP_PROFILE PASSWORD_REUSE_TIME 365
APP_PROFILE PASSWORD_REUSE_MAX 5
APP_PROFILE PASSWORD_VERIFY_FUNCTION NULL
APP_PROFILE PASSWORD_ROLLOVER_TIME UNLIMITED
APP_PROFILE INACTIVE_ACCOUNT_TIME UNLIMITED

# 3. 修改用户PROFILE
SQL> alter user scott profile app_profile;

User altered.

# 4. 验证用户PROFILE
SQL> select username, profile from dba_users where username = ‘SCOTT’;

USERNAME PROFILE
———- ———-
SCOTT APP_PROFILE

# 5. 修改PROFILE配置
SQL> alter profile app_profile limit
failed_login_attempts 10
password_lock_time unlimited;

Profile altered.

# 6. 验证PROFILE修改
SQL> select profile, resource_name, limit
from dba_profiles
where profile = ‘APP_PROFILE’
and resource_name in (‘FAILED_LOGIN_ATTEMPTS’, ‘PASSWORD_LOCK_TIME’);

PROFILE RESOURCE_NAME LIMIT
———– ——————————– ———-
APP_PROFILE FAILED_LOGIN_ATTEMPTS 10
APP_PROFILE PASSWORD_LOCK_TIME UNLIMITED

# 7. 删除PROFILE
SQL> drop profile app_profile cascade;

Profile dropped.

3.2 ORA-28000错误监控

3.2.1 配置ORA-28000错误监控脚本

# 1. 创建ORA-28000错误监控脚本
$ vi /home/oracle/scripts/monitor_ora28000.sh

#!/bin/bash
# from:www.itpux.com.qq113257174.wx:itpux-com
# web: http://www.fgedu.net.cn
# from:www.itpux.com.qq113257174.wx:itpux-com
# web: http://www.fgedu.net.cn
# from:www.itpux.com.qq113257174.wx:itpux-com
# web: http://www.fgedu.net.cn
# ORA-28000错误监控脚本

export ORACLE_HOME=/oracle/app/oracle/product/19c/dbhome_1
export ORACLE_SID=FGEDUDB
export PATH=$ORACLE_HOME/bin:$PATH

# 定义变量
ERROR_LOG=”/home/oracle/scripts/ora28000_errors.log”
EMAIL=”admin@fgedu.net.cn”

# 检查ORA-28000错误
check_ora28000_errors() {
local last_check_file=”/home/oracle/scripts/last_ora28000_check.txt”
local current_time=$(date +%s)

if [ -f “$last_check_file” ]; then
local last_check=$(cat “$last_check_file”)
local time_diff=$((current_time – last_check))

if [ $time_diff -lt 3600 ]; then
echo “Last check was $time_diff seconds ago, skipping…”
return 0
fi
fi

# 检查锁定账户
local locked_accounts=$(sqlplus -s / as sysdba < exit
EOF
)

if [ -n “$locked_accounts” ]; then
echo “Found locked accounts:” >> “$ERROR_LOG”
echo “$locked_accounts” >> “$ERROR_LOG”
echo “Timestamp: $(date)” >> “$ERROR_LOG”
echo “” >> “$ERROR_LOG”

# 发送告警邮件
echo “ORA-28000 error detected: locked accounts found” | mail -s “ORA-28000 Alert” “$EMAIL”

# 分析锁定账户
analyze_locked_accounts
fi

# 更新最后检查时间
echo “$current_time” > “$last_check_file”
}

# 分析锁定账户
analyze_locked_accounts() {
local locked_accounts=$(sqlplus -s / as sysdba < exit
EOF
)

echo “Locked Accounts Details:” >> “$ERROR_LOG”
echo “$locked_accounts” >> “$ERROR_LOG”
echo “” >> “$ERROR_LOG”
}

# 主函数
main() {
check_ora28000_errors

echo “ORA-28000 error monitoring completed at $(date)” >> “$ERROR_LOG”
}

# 执行主函数
main

# 2. 设置脚本权限
$ chmod +x /home/oracle/scripts/monitor_ora28000.sh

# 3. 测试脚本
$ /home/oracle/scripts/monitor_ora28000.sh

# 4. 设置定期监控
$ crontab -e

# 每小时检查ORA-28000错误
0 * * * * /home/oracle/scripts/monitor_ora28000.sh >> /home/oracle/scripts/monitor_ora28000.log 2>&1

3.2.2 配置数据库监控

# 1. 创建锁定账户监控视图
SQL> create or replace view locked_account_monitor as
select
username,
account_status,
lock_date,
expiry_date,
profile,
(select limit from dba_profiles p where p.profile = u.profile and resource_name = ‘FAILED_LOGIN_ATTEMPTS’) as failed_login_attempts,
(select limit from dba_profiles p where p.profile = u.profile and resource_name = ‘PASSWORD_LOCK_TIME’) as password_lock_time
from dba_users u
where account_status like ‘%LOCKED%’;

View created.

# 2. 查询锁定账户状态
SQL> select * from locked_account_monitor;

USERNAME ACCOUNT_STATUS LOCK_DATE EXPIRY_DATE PROFILE FAILED_LOGIN_ATTEMPTS PASSWORD_LOCK_TIME
———- —————– ——————- ——————- ———- ——————– —————–
SCOTT LOCKED 31-MAR-26 10:00:00 30-APR-26 10:00:00 DEFAULT 10 1
TEST LOCKED(TIMED) 31-MAR-26 09:00:00 30-APR-26 09:00:00 DEFAULT 10 1

# 3. 创建登录失败监控视图
SQL> create or replace view login_failure_monitor as
select
userid,
userhost,
terminal,
timestamp,
action_name,
returncode,
(select count(*) from dba_audit_session a2 where a2.userid = a1.userid and a2.returncode = 1017) as failed_count
from dba_audit_session a1
where returncode = 1017
and timestamp > sysdate – 1
order by timestamp desc;

View created.

# 4. 查询登录失败记录
SQL> select * from login_failure_monitor where rownum <= 10;

USERID USERHOST TERMINAL TIMESTAMP ACTION_NAME RETURNCODE FAILED_COUNT
——– —————– ———— ——————- ————— ———- ————
SCOTT workstation1 pts/0 31-MAR-26 10:00:00 LOGON 1017 5
TEST workstation2 pts/1 31-MAR-26 09:00:00 LOGON 1017 3

# 5. 创建ORA-28000错误告警
SQL> create or replace procedure ora28000_error_alert as
v_locked_count number;
v_email varchar2(100) := ‘admin@fgedu.net.cn’;
begin
— 获取锁定账户数量
select count(*) into v_locked_count
from dba_users
where account_status like ‘%LOCKED%’;

if v_locked_count > 0 then
— 发送告警
dbms_output.put_line(‘Locked accounts count: ‘ || v_locked_count);

for rec in (select username, account_status, lock_date, profile from locked_account_monitor) loop
dbms_output.put_line(‘Username: ‘ || rec.username);
dbms_output.put_line(‘Status: ‘ || rec.account_status);
dbms_output.put_line(‘Lock Date: ‘ || to_char(rec.lock_date, ‘YYYY-MM-DD HH24:MI:SS’));
dbms_output.put_line(‘Profile: ‘ || rec.profile);
dbms_output.put_line(‘—‘);
end loop;

dbms_output.put_line(‘Recommendation: Unlock accounts or check security policy’);
else
dbms_output.put_line(‘No locked accounts found’);
end if;
end ora28000_error_alert;
/

Procedure created.

# 6. 执行告警存储过程
SQL> set serveroutput on
SQL> exec ora28000_error_alert;

Locked accounts count: 2
Username: SCOTT
Status: LOCKED
Lock Date: 2026-03-31 10:00:00
Profile: DEFAULT
—
Username: TEST
Status: LOCKED(TIMED)
Lock Date: 2026-03-31 09:00:00
Profile: DEFAULT
—
Recommendation: Unlock accounts or check security policy

PL/SQL procedure successfully completed.

# 7. 创建定时任务
SQL> begin
dbms_scheduler.create_job(
job_name => ‘ORA28000_ERROR_ALERT_JOB’,
job_type => ‘STORED_PROCEDURE’,
job_action => ‘ORA28000_ERROR_ALERT’,
start_date => systimestamp,
repeat_interval => ‘FREQ=HOURLY;INTERVAL=1’,
enabled => true
);
end;
/

PL/SQL procedure successfully completed.

3.3 ORA-28000错误故障处理

3.3.1 ORA-28000错误处理

# 问题现象
$ sqlplus scott/tiger@FGEDUDB

SQL*Plus: Release 19.0.0.0.0 – Production on Mon Mar 31 10:00:00 2026
Copyright (c) 1982, 2020, Oracle. All rights reserved.

ERROR:
ORA-28000: the account is locked

# 分析步骤

# 1. 查看用户账户状态
SQL> select username, account_status, lock_date, expiry_date, profile
from dba_users
where username = ‘SCOTT’;

USERNAME ACCOUNT_STATUS LOCK_DATE EXPIRY_DATE PROFILE
———- —————– ——————- ——————- ———-
SCOTT LOCKED 31-MAR-26 10:00:00 30-APR-26 10:00:00 DEFAULT

# 2. 查看用户PROFILE配置
SQL> select profile, resource_name, limit
from dba_profiles
where profile = ‘DEFAULT’
and resource_type = ‘PASSWORD’;

# 3. 查看登录失败记录
SQL> select userid, userhost, terminal, timestamp, returncode
from dba_audit_session
where userid = ‘SCOTT’
and returncode = 1017
order by timestamp desc;

USERID USERHOST TERMINAL TIMESTAMP RETURNCODE
——– —————– ———— ——————- ———-
SCOTT workstation1 pts/0 31-MAR-26 10:00:00 1017
SCOTT workstation1 pts/0 31-MAR-26 09:59:00 1017
SCOTT workstation1 pts/0 31-MAR-26 09:58:00 1017

# 4. 分析错误原因
# 错误代码：ORA-28000
# 错误信息：the account is locked
# 账户状态：LOCKED
# 锁定原因：多次登录失败

# 5. 解决方案：解锁账户
SQL> alter user scott account unlock;

User altered.

# 6. 重置密码（可选）
SQL> alter user scott identified by tiger;

User altered.

# 7. 验证问题解决
$ sqlplus scott/tiger@FGEDUDB

SQL*Plus: Release 19.0.0.0.0 – Production on Mon Mar 31 10:00:00 2026
Copyright (c) 1982, 2020, Oracle. All rights reserved.

Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 – Production
Version 19.3.0.0.0

SQL> show user
USER is “SCOTT”

# 8. 预防措施
# – 增加FAILED_LOGIN_ATTEMPTS限制
# – 配置密码复杂度验证函数
# – 定期检查锁定账户
# – 配置账户锁定告警

3.3.2 PROFILE配置错误处理

# 1. 查看当前PROFILE配置
SQL> select profile, resource_name, limit
from dba_profiles
where profile = ‘DEFAULT’
and resource_type = ‘PASSWORD’;

# 2. 修改PROFILE配置
SQL> alter profile default limit
failed_login_attempts unlimited
password_lock_time unlimited;

Profile altered.

# 3. 验证PROFILE修改
SQL> select profile, resource_name, limit
from dba_profiles
where profile = ‘DEFAULT’
and resource_name in (‘FAILED_LOGIN_ATTEMPTS’, ‘PASSWORD_LOCK_TIME’);

PROFILE RESOURCE_NAME LIMIT
———- ——————————– ———-
DEFAULT FAILED_LOGIN_ATTEMPTS UNLIMITED
DEFAULT PASSWORD_LOCK_TIME UNLIMITED

# 4. 创建密码复杂度验证函数
SQL> create or replace function verify_function
(
username varchar2,
password varchar2,
old_password varchar2
) return boolean is
n boolean;
m integer;
differ integer;
isdigit boolean;
ischar boolean;
ispunct boolean;
digitarray varchar2(20);
punctarray varchar2(25);
chararray varchar2(52);
begin
digitarray := ‘0123456789’;
chararray := ‘abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ’;
punctarray := ‘!”#$%&()”*+,-/:;<=>?_’;

— 检查密码长度
if length(password) < 8 then raise_application_error(-20001, 'Password length less than 8');
end if;

— 检查是否包含数字
isdigit := false;
for i in 1..length(password) loop
for j in 1..length(digitarray) loop
if substr(password, i, 1) = substr(digitarray, j, 1) then
isdigit := true;
exit;
end if;
end loop;
end loop;

if not isdigit then
raise_application_error(-20002, ‘Password must contain at least one digit’);
end if;

— 检查是否包含字母
ischar := false;
for i in 1..length(password) loop
for j in 1..length(chararray) loop
if substr(password, i, 1) = substr(chararray, j, 1) then
ischar := true;
exit;
end if;
end loop;
end loop;

if not ischar then
raise_application_error(-20003, ‘Password must contain at least one letter’);
end if;

return true;
end;
/

Function created.

# 5. 应用密码复杂度验证函数
SQL> alter profile default limit
password_verify_function verify_function;

Profile altered.

# 6. 验证密码复杂度
SQL> alter user scott identified by simple;

alter user scott identified by simple
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20001: Password length less than 8

SQL> alter user scott identified by Simple123;

User altered.

# 7. 测试用户登录
$ sqlplus scott/Simple123@FGEDUDB

SQL*Plus: Release 19.0.0.0.0 – Production on Mon Mar 31 10:00:00 2026
Copyright (c) 1982, 2020, Oracle. All rights reserved.

Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 – Production
Version 19.3.0.0.0

SQL> show user
USER is “SCOTT”

风哥提示：ORA-28000错误处理需要结合用户账户管理和PROFILE配置，建议建立完善的错误处理流程。学习交流加群风哥QQ113257174

Part04-生产案例与实战讲解

4.1 ORA-28000错误分析案例

在生产环境中分析ORA-28000错误的完整案例：

4.1.1 场景描述

某企业生产数据库出现ORA-28000账户锁定错误，需要分析错误原因并解决问题。

4.1.2 分析步骤

# 1. 收集错误信息
$ sqlplus scott/tiger@FGEDUDB

ERROR:
ORA-28000: the account is locked

# 2. 查看用户账户状态
SQL> select username, account_status, lock_date, expiry_date, profile
from dba_users
where username = ‘SCOTT’;

USERNAME ACCOUNT_STATUS LOCK_DATE EXPIRY_DATE PROFILE
———- —————– ——————- ——————- ———-
SCOTT LOCKED 31-MAR-26 10:00:00 30-APR-26 10:00:00 DEFAULT

# 3. 查看登录失败记录
SQL> select userid, userhost, terminal, timestamp, returncode
from dba_audit_session
where userid = ‘SCOTT’
and returncode = 1017
order by timestamp desc;

# 4. 分析错误原因
# 错误代码：ORA-28000
# 错误信息：the account is locked
# 账户状态：LOCKED
# 锁定原因：多次登录失败

# 5. 解决方案：解锁账户
SQL> alter user scott account unlock;

User altered.

# 6. 验证问题解决
$ sqlplus scott/tiger@FGEDUDB

Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 – Production
Version 19.3.0.0.0

SQL> show user
USER is “SCOTT”

4.2 ORA-28000错误故障处理

在ORA-28000错误故障处理过程中的方法和技巧：

4.2.1 故障处理流程

# ORA-28000错误故障处理流程

# 1. 错误识别
# – 监控锁定账户
# – 检查错误信息
# – 确认错误参数

# 2. 错误分析
# – 查看账户状态
# – 检查PROFILE配置
# – 分析登录失败记录

# 3. 错误处理
# – 解锁账户
# – 重置密码
# – 修改PROFILE配置

# 4. 错误预防
# – 增加FAILED_LOGIN_ATTEMPTS限制
# – 配置密码复杂度验证
# – 制定预防措施

# 示例：ORA-28000错误处理

# 1. 错误识别
$ sqlplus scott/tiger@FGEDUDB

ERROR:
ORA-28000: the account is locked

# 2. 错误分析
SQL> select username, account_status, lock_date, profile
from dba_users
where username = ‘SCOTT’;

USERNAME ACCOUNT_STATUS LOCK_DATE PROFILE
———- —————– ——————- ———-
SCOTT LOCKED 31-MAR-26 10:00:00 DEFAULT

# 3. 错误处理
SQL> alter user scott account unlock;

User altered.

# 4. 验证处理结果
$ sqlplus scott/tiger@FGEDUDB

Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 – Production
Version 19.3.0.0.0

SQL> show user
USER is “SCOTT”

# 5. 错误预防
# – 增加FAILED_LOGIN_ATTEMPTS限制
# – 配置密码复杂度验证
# – 定期检查锁定账户
# – 配置账户锁定告警

4.3 ORA-28000错误优化

优化ORA-28000错误处理配置的最佳实践：

4.3.1 优化用户账户管理

# 1. 创建账户管理优化存储过程
SQL> create or replace procedure optimize_account_management as
v_locked_count number;
v_expired_count number;
begin
— 获取锁定账户数量
select count(*) into v_locked_count
from dba_users
where account_status like ‘%LOCKED%’;

— 获取过期账户数量
select count(*) into v_expired_count
from dba_users
where account_status like ‘%EXPIRED%’;

if v_locked_count > 0 or v_expired_count > 0 then
dbms_output.put_line(‘Locked accounts: ‘ || v_locked_count);
dbms_output.put_line(‘Expired accounts: ‘ || v_expired_count);

for rec in (
select username, account_status, lock_date, expiry_date
from dba_users
where account_status like ‘%LOCKED%’ or account_status like ‘%EXPIRED%’
) loop
dbms_output.put_line(‘Username: ‘ || rec.username);
dbms_output.put_line(‘Status: ‘ || rec.account_status);
dbms_output.put_line(‘Lock Date: ‘ || to_char(rec.lock_date, ‘YYYY-MM-DD HH24:MI:SS’));
dbms_output.put_line(‘Expiry Date: ‘ || to_char(rec.expiry_date, ‘YYYY-MM-DD HH24:MI:SS’));
dbms_output.put_line(‘—‘);
end loop;

dbms_output.put_line(‘Recommendation: Unlock accounts or reset passwords’);
else
dbms_output.put_line(‘All accounts are normal’);
end if;
end optimize_account_management;
/

Procedure created.

# 2. 执行优化存储过程
SQL> set serveroutput on
SQL> exec optimize_account_management;

Locked accounts: 2
Expired accounts: 1
Username: SCOTT
Status: LOCKED
Lock Date: 2026-03-31 10:00:00
Expiry Date: 2026-04-30 10:00:00
—
Username: TEST
Status: LOCKED(TIMED)
Lock Date: 2026-03-31 09:00:00
Expiry Date: 2026-04-30 09:00:00
—
Username: HR
Status: EXPIRED
Lock Date:
Expiry Date: 2026-03-30 10:00:00
—
Recommendation: Unlock accounts or reset passwords

PL/SQL procedure successfully completed.

# 3. 创建定时任务
SQL> begin
dbms_scheduler.create_job(
job_name => ‘OPTIMIZE_ACCOUNT_MANAGEMENT_JOB’,
job_type => ‘STORED_PROCEDURE’,
job_action => ‘OPTIMIZE_ACCOUNT_MANAGEMENT’,
start_date => systimestamp,
repeat_interval => ‘FREQ=DAILY;INTERVAL=1’,
enabled => true
);
end;
/

PL/SQL procedure successfully completed.

# 4. 批量解锁账户
SQL> begin
for rec in (select username from dba_users where account_status like ‘%LOCKED%’) loop
execute immediate ‘alter user ‘ || rec.username || ‘ account unlock’;
dbms_output.put_line(‘Unlocked account: ‘ || rec.username);
end loop;
end;
/

PL/SQL procedure successfully completed.

# 5. 验证账户状态
SQL> select username, account_status from dba_users where account_status like ‘%LOCKED%’;

no rows selected

生产环境建议：ORA-28000错误优化需要建立完善的监控和处理机制，建议定期监控、及时处理、文档记录。更多学习教程公众号风哥教程itpux_com

Part05-风哥经验总结与分享

5.1 ORA-28000错误总结

Oracle ORA-28000错误是账户锁定错误，具有以下特点：

账户锁定：用户账户已被锁定
登录失败：多次登录失败导致锁定
密码过期：密码过期导致账户锁定
管理员锁定：管理员手动锁定账户
安全策略：安全策略强制锁定账户

5.2 ORA-28000错误检查清单

Oracle ORA-28000错误检查清单：

错误识别：识别错误信息和参数
错误分析：分析账户状态和PROFILE配置
错误处理：处理错误问题
错误验证：验证处理结果
错误预防：制定预防措施
错误记录：记录处理过程

5.3 ORA-28000错误工具推荐

Oracle ORA-28000错误工具推荐：

SQL*Plus：命令行工具
SQL Developer：图形化工具
Enterprise Manager：企业级管理工具
DBA_USERS：用户账户状态视图
DBA_PROFILES：PROFILE配置视图
DBA_AUDIT_SESSION：审计会话视图

风哥提示：ORA-28000是账户锁定错误，建议解锁账户或重置密码，并检查安全策略配置，建立完善的错误处理流程。from:www.itpux.com www.fgedu.net.cn

本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html

Oracle教程FG421-ORA-28000账户锁定

Part01-基础概念与理论知识

1.1 ORA-28000的概念

1.2 ORA-28000的常见原因

1.3 ORA-28000分析方法

Part02-生产环境规划与建议

2.1 ORA-28000错误处理规划

2.2 ORA-28000错误分析工具

2.3 ORA-28000错误处理最佳实践

Part03-生产环境项目实施方案

3.1 ORA-28000错误分析配置

3.1.1 配置用户账户管理

3.1.2 配置PROFILE管理

3.2 ORA-28000错误监控

3.2.1 配置ORA-28000错误监控脚本

3.2.2 配置数据库监控

3.3 ORA-28000错误故障处理

3.3.1 ORA-28000错误处理

3.3.2 PROFILE配置错误处理

Part04-生产案例与实战讲解

4.1 ORA-28000错误分析案例

4.1.1 场景描述

4.1.2 分析步骤

4.2 ORA-28000错误故障处理

4.2.1 故障处理流程

4.3 ORA-28000错误优化

4.3.1 优化用户账户管理

Part05-风哥经验总结与分享

5.1 ORA-28000错误总结

5.2 ORA-28000错误检查清单

5.3 ORA-28000错误工具推荐

相关推荐

联系我们