CREATE LOGIN POLICY Statement

Creates a login policy in the database.

Syntax

CREATE LOGIN POLICY policy-name policy-options

Parameters

policy-options: – policy-option [ policy-option... ]
policy_option: – policy-option-name =policy-option-value policy-option-value={ UNLIMITED | ROOT | legal-option-value }

Examples

Example 1 – Create the Test1 login policy. This login policy has an unlimited password life and allows the user a maximum of five attempts to enter a correct password before the account is locked.
```
CREATE LOGIN POLICY Test1 
password_life_time=UNLIMITED
max_failed_login_attempts=5;
```

Usage

policy-name—the name of the login policy.

policy-option-name—the name of the login policy option. If you do not specify an option, the value from the root login policy is applied.

policy-option-value—the value assigned to the login policy option. If you specify UNLIMITED, no limits are imposed.

If you do not specify a policy option, values for the login policy are taken from the root login policy.

Login Policy Options
Option	Description	Values	Initial value for ROOT policy	Applies to
`locked`	If the value for this option is ON, users are prohibited from establishing new connections	ON, OFF	OFF	Users without DBA authority only
`max_connections`	The maximum number of concurrent connections allowed for a user.	0 – 2147483647	Unlimited	Users without DBA authority only
`max_days_since_login`	The maximum number of days that can elapse between two successive logins by the same user.	0 – 2147483647	Unlimited	Users without DBA authority only
`max_failed_login_attempts`	The maximum number of failed attempts, since the last successful attempt, to login to the user account before the account is locked.	0 – 2147483647	Unlimited	Users without DBA authority only
`max_non_dba_connections`	The maximum number of concurrent connections that a user without DBA authority can make. This option is only supported in the root login policy.	0 – 2147483647	Unlimited	Users without DBA authority only. Only to the root login policy.
`password_expiry_on_next_login`	If the value for this option is ON, the user's password will expire in the next login.	ON, OFF	OFF	All users including those with DBA authority
`password_grace_time`	The number of days before password expiration during which login is allowed but the default post_login procedure issues warnings.	0 – 2147483647	0	All users including those with DBA authority
`password_life_time`	The maximum number of days before a password must be changed.	0 – 2147483647	Unlimited	All users including those with DBA authority

Permissions

Must have DBA or USER ADMIN authority.