// // Lockdown Profile: 

A technical troubleshooting blog about Oracle with other Databases & Cloud Technologies.

Lockdown Profile: 

1 min read

From 12c onwards we have new feature called lockdown profile to control the PDB level activities. It can be created in CDB container. 

SQL> show con_name

CON_NAME
------------------------------
CDB$ROOT


SQL> create lockdown profile APP_DEV_PROFILE;

Lockdown Profile created.


SQL> select PROFILE_NAME,STATUS from dba_lockdown_profiles;

PROFILE_NAME STATUS
-------------------- -------
APP_DEV_PROFILE EMPTY
PRIVATE_DBAAS EMPTY
PUBLIC_DBAAS EMPTY
SAAS EMPTY


SQL> alter lockdown profile APP_DEV_PROFILE disable statement = ('ALTER SYSTEM') clause all except = ('KILL SESSION');

Lockdown Profile altered.


SQL> select PROFILE_NAME,STATUS from dba_lockdown_profiles;

PROFILE_NAME STATUS
-------------------- -------
APP_DEV_PROFILE DISABLE
APP_DEV_PROFILE ENABLE
PRIVATE_DBAAS EMPTY
PUBLIC_DBAAS EMPTY
SAAS EMPTY

Note: once we set this lockdown profile to PDB. Particular PDB will not support any of the alert system options except killing session.