Login Policy Options

Available options for root and user-defined login policies.

Option Description
AUTO_UNLOCK_TIME The time period after which locked accounts not granted the MANAGE ANY USER system privilege are automatically unlocked. This option can be defined in any login policy, including the root login policy.
  • Values – 0 – unlimited
  • Initial value for Root policy – Unlimited
  • Applies to – All users not granted the MANAGE ANY USER system privilege.
CHANGE_PASSWORD_DUAL_CONTROL Requires input from two users, each granted the CHANGE PASSWORD system privilege, to change the password of another user.
  • Values – ON, OFF
  • Initial value for Root policy – OFF
  • Applies to – All users.
DEFAULT_LOGICAL_SERVER

If the connection string specifies no logical server, the user connects to the DEFAULT_LOGICAL_SERVER setting specified in the user's login policy.

  • Values
    • Name of an existing user-defined logical server
    • ALL – allows access to all logical servers.
    • AUTO – value of the default logical server in the root login policy.
    • COORDINATOR – the current coordinator node.
    • NONE – denies access to any multiplex server.
    • OPEN – use alone or with the name of a user-defined logical server. Allows access to all multiplex nodes that are not members of any user-defined logical servers.
    • SERVER – allows access to all of the multiplex nodes, subject to the semantics of the SERVER logical server.
  • Initial value for Root policy – AUTO
  • Applies to – All users. Requires MANAGE MULTIPLEX system privilege.
LOCKED

If set ON, users cannot establish new connections. This setting temporarily denies access to login policy users. Logical server overrides for this option are not allowed.

  • Values – ON, OFF
  • Initial value for Root policy – OFF
  • Applies to – All users except those with the MANAGE ANY USER system privilege.
MAX_CONNECTIONS

The maximum number of concurrent connections allowed for a user. You can specify a per-logical-server setting for this option.

  • Values – 0 – 2147483647
  • Initial value for Root policy – Unlimited
  • Applies to – All users except those with the SERVER OPERATOR or DROP CONNECTION system privilege.
MAX_DAYS_SINCE_LOGIN

The maximum number of days that can elapse between two successive logins by the same user.

  • Values – 0 – 2147483647
  • Initial value for Root policy – Unlimited
  • Applies to – All users except those with the MANAGE ANY USER system privilege.
MAX_FAILED_LOGIN_ATTEMPTS

The maximum number of failed attempts, since the last successful attempt, to log into the user account before the account is locked.

  • Values – 0 – 2147483647
  • Initial value for Root policy – Unlimited
  • Applies to – All users.
MAX_NON_DBA_CONNECTIONS

The maximum number of concurrent connections that a user without SERVER OPERATOR or DROP CONNECTION system privileges can make. This option is supported only in the root login policy.

  • Values – 0 – 2147483647
  • Initial value for Root policy – Unlimited
  • Applies to – All users except those with the SERVER OPERATOR or DROP CONNECTION privilege.
PASSWORD_EXPIRY_ON_NEXT_LOGIN

If set ON, the user's password expires at the next login.

  • Values – ON, OFF
  • Initial value for Root policy – OFF
  • Applies to – All users.
Note: This functionality is not currently implemented when logging in to Sybase Control Center. A user will not be prompted to change their password. He or she will be prompted, however, when logging in to SAP Sybase IQ outside of Sybase Control Center (for example, using Interactive SQL).
PASSWORD_GRACE_TIME

The number of days before password expiration during which login is allowed but the default post_login procedure issues warnings.

  • Values – 0 – 2147483647
  • Initial value for Root policy – 0
  • Applies to – All users.
PASSWORD_LIFE_TIME

The maximum number of days before a password must be changed.

  • Values – 0 – 2147483647
  • Initial value for Root policy – Unlimited
  • Applies to – All users.
ROOT_AUTO_UNLOCK_TIME

The time period after which locked accounts granted the MANAGE ANY USER system privilege are automatically unlocked. This option can be defined only in the root login policy.

  • Values – 0 – unlimited
  • Initial value for Root policy – 15
  • Applies to – All users granted the MANAGE ANY USER system privilege.
Parent topic: CREATE LOGIN POLICY Statement