CREATE LOGIN POLICY Statement

Syntax

CREATE LOGIN POLICY policy-name
AUTO_UNLOCK_TIME=0 – UNLIMITED
| DEFAULT_LOGICAL_SERVER=[logical_server_name | ALL | AUTO | COORDINATOR | NONE | OPEN | SERVER]
| CHANGE_PASSWORD_DUAL_CONTROL=[ON | OFF]
| LOCKED=[ON | OFF]
| MAX_CONNECTIONS=0 – 2147483647
| MAX_DAYS_SINCE_LOGIN=0 – 2147483647
| MAX_FAILED_LOGIN_ATTEMPTS=0 – 2147483647
| MAX_NON_DBA_CONNECTIONS=0 – 2147483647
| PASSWORD_EXPIRY_ON_NEXT_LOGIN=[ON | OFF]
| PASSWORD_GRACE_TIME=0 – 2147483647
| PASSWORD_LIFE_TIME=0 – 2147483647
| ROOT_AUTO_UNLOCK_TIME=0 – UNLIMITED
| LDAP_PRIMARY_SERVER=server_name
| LDAP_SECONDARY_SERVER=server_name
| LDAP_AUTO_FAILBACK_PERIOD=0 – 2147483647
| LDAP_FAILOVER_TO_STD=[ON | OFF]
| LDAP_REFRESH_DN=NOW

Applies to

Simplex and multiplex.

Examples

Example 1 – creates the Test1 login policy. This login policy has an unlimited password life and allows the user a maximum of five attempts to enter a correct password before the account is locked.
```
CREATE LOGIN POLICY Test1 
password_life_time=UNLIMITED
max_failed_login_attempts=5;
```

Usage

If you do not specify a login policy option, the value from the root login policy is applied.

Permissions

Requires MANAGE ANY LOGIN POLICY system privilege.

The following system privileges can override the noted login policy options:

Exception System Privilege	Login Policy Option
SERVER OPERATOR or DROP CONNECTION system privilege	MAX_NON_DBA_CONNS MAX_CONNECTIONS
MANAGE ANY USER system privilege	LOCKED MAX_DAYS_SINCE_LOGIN

Exception System Privilege

Login Policy Option

SERVER OPERATOR or DROP CONNECTION system privilege

MAX_NON_DBA_CONNS

MAX_CONNECTIONS

MANAGE ANY USER system privilege

LOCKED

MAX_DAYS_SINCE_LOGIN