A login policy is a named object in a database that consists of a set of rules that are applied when you create a database connection for a user. All new databases include a root login policy. You can modify the root login policy values, but you cannot delete the policy. Login policies govern only the rules for user login and are separate from authorities and permissions. Login policies are not inherited through group memberships.

The following settings are governed by a login policy:

• Password life time
• Password grace time
• Password expiry on next login
• Locked
• Maximum connections
• Maximum failed login attempts
• Maximum days since login
• Maximum non-DBA connections

The user account is assigned the root login policy when:

• you create a new user account and do not specify a login policy
• you use the Unload utility (dbunload) to rebuild a database created by a previous version of SQL Anywhere
• you upgrade a SQL Anywhere version 10 database using the Upgrade utility (dbupgrad) or the ALTER DATABASE UPGRADE statement

You can create, alter, and drop login policies. As well, you can create, alter, and drop users, and assign login policies to them. The sa_get_user_status system procedure lets you get information about the current status of a user. See sa_get_user_status system procedure.

Inheritance of login policy settings

A default login policy called root is stored in the database and contains the default option values for all policies. If you want to use different settings than the defaults, you can either alter the root policy, or create a policy and then alter it to contain overrides for the defaults. A policy inherits its default settings from the root policy, unless it is altered to contain overrides.

For example, suppose the root policy value for max_connections is 5. You create a policy called myPolicy and alter it to set max_connections to Unlimited. Then, you create a user and assign the myPolicy login policy. When the user logs in, their login policy option settings are inherited from the root login policy with the exception of max_connections, which is set to Unlimited.

Inheritance of default values from the root policy is important to understand because if you subsequently change the value of an option setting in the root policy, you impact users of policies that rely on the default value for that setting. Similarly, if a root value is changed, it does not impact any users of policies that contain an override for that setting.