Mandatory Profile in 21c
Starting from Oracle Database version 21c , you can now create a Mandatory profile at CDB Root and at PDB level . You can then assign this profile to the database user .
Mandatory profile enforces password complexity requirements for database user accounts across the entire CDB or individual PDBs using the profile parameter "password_verify_function ".
Why using a mandatory profile is a good idea?
Creation of Mandatory Profile makes the security more robust as the password complexity verification script of the mandatory profile will be executed before the password complexity script from the profile of the user account (if any).
My PDB name is TESTPDB_PDB1
Verify if any mandatory profile is in use currently .
Create a password verification function .
The mandatory profile adds the password complexity requirement in addition to existing profile limits for common and local users.
Verify if the Mandatory profile is created .
Apply the Mandatory Profile to the Entire CDB ,remember you have to be in the CDB$ROOT ;
Once the Mandatory profile is enabled , while creating a new DB user it should pass the password complexity function .
Disclaimer: The views expressed in this post are my own .
Very timely new feature. Your maintenance scripts will greatly benefit from these strong passwords, which can be centrally managed, automatically rotated and securely shared when making use of Secrets Management in #Oracle Key Vault 21.