A technical troubleshooting blog about Oracle with other Databases & Cloud Technologies.

Lockdown Profile: 

1 min read
metal chain with lock on street

Photo by Erik Mclean on Pexels.com

From 12c onwards we have new feature called lockdown profile to control the PDB level activities. It can be created in CDB container. 

SQL> show con_name

CON_NAME
------------------------------
CDB$ROOT


SQL> create lockdown profile APP_DEV_PROFILE;

Lockdown Profile created.


SQL> select PROFILE_NAME,STATUS from dba_lockdown_profiles;

PROFILE_NAME STATUS
-------------------- -------
APP_DEV_PROFILE EMPTY
PRIVATE_DBAAS EMPTY
PUBLIC_DBAAS EMPTY
SAAS EMPTY


SQL> alter lockdown profile APP_DEV_PROFILE disable statement = ('ALTER SYSTEM') clause all except = ('KILL SESSION');

Lockdown Profile altered.


SQL> select PROFILE_NAME,STATUS from dba_lockdown_profiles;

PROFILE_NAME STATUS
-------------------- -------
APP_DEV_PROFILE DISABLE
APP_DEV_PROFILE ENABLE
PRIVATE_DBAAS EMPTY
PUBLIC_DBAAS EMPTY
SAAS EMPTY

Note: once we set this lockdown profile to PDB. Particular PDB will not support any of the alert system options except killing session.