A lock-down of some or all database services may occur if all administrative users with the MANAGE ANY USER system privilege are locked out of the database due to failed login attempts.
A user account is automatically locked if the user exceeds the maximum failed login attempts limit (MAX_FAILED_LOGIN_ATTEMPTS) value defined in the login policy. Once locked, the user account must be manually unlocked by a user granted the MANAGE ANY USER system privilege. However, if all users with the MANAGE ANY USER system privilege are locked out due to failed login attempts, a potential lock-down of some or all the database services can occur.
To prevent this scenario, use these login policy options:
Configuration of these values requires the MANAGE ANY LOGIN POLICY system privilege.
Based on the permissions granted to a user, one of these login policy options is verified at the time of unlocking. Automatic unlocking is applicable only to locked accounts due to failed login attempts and not to accounts locked for any other reason. The locked status of a user is verified during log in and if the user has equaled or exceeded the specified automatic unlock period, the user is allowed to login and the FAILED_LOGIN_ATTEMPTS counter is reset to zero.