create login profile

Description

Creates a login profile with specified attributes.

Syntax

create login profile login_profile_name [ as default ] 
	[ with { attributes from login_name | attribute_value_pair_list } ]

Parameters

login_profile_name

specifies the name of the login profile to be created.

as default

sets the created login profile as the default for all login accounts except sa and probe.

with attributes from login_name | attribute_value_pair_list

when login_name is specified, creates a login profile with attributes values taken from the specified login account. The attribute_value_ pair_list specifies, an attribute name and corresponding value. Specify one or more of the following attributes and value:

  • default database default_database_name – specifies a default database. The default is Master.

  • default language default_language – specifies a default language. The default is us_english

  • login script login_script_name – specifies a valid stored procedure. Limited to 120 characters for a login script.

  • authenticate with – specifies the mechanism used for authenticating the login account. Valid values: ASE, LDAP, PAM, KERBEROS, ANY

    When ANY is used, Adaptive Server checks for a defined external authentication mechanism. If one is defined, Adaptive Server uses the defined mechanism., otherwise the ASE mechanism is used.

    If authenticate with authentication mechanism is not specified, ANY will be used for the login account.

  • track lastlogin – enables last login updates. Valid values: TRUE, FALSE. The default is TRUE, which is to update.

  • stale period – indicates the duration a login account is allowed to remain inactive before it is locked due to inactivity. Valid values are 1 .. 32767 days. Duration: D (days), W (weeks), M (months), Y (years). The default is D (days).

  • profile id – shares the ID space with the server user ID (suid) of login accounts. By default, the login profile ID is generated and automatically assigned to the login profile upon creation

    Valid value is unique between login accounts and login profiles. Range: [-32768, 2147483647] Excluding: -2, -1, 0, 1, 2

Examples

Example 1

Creates a login profile. Attribute values that are not set will follow the precedence rules:

create login profile eng_lp

For information, see “Applying login profile and password policy attributes,” in the Security Administration Guide.

Example 2

Creates a login profile and transfers the login attribute values from the login account ravi to the new login profile ravi_lp. Attribute values that are not set will follow the precedence rules.

create login profile ravi_lp with attributes from ravi

Example 3

Creates login profile sa_login_profile with the authentication method ASE.

create login profile sa_login_profile with authenticate 
with ASE

Usage

Precedence rules determine how login account attributes will be applied when attributes are taken from different login profiles or when values have been specified using sp_passwordpolicy.

Standards

ANSI SQL – Compliance level: Transact-SQL extension.

Permissions

The permission checks for create login profile differ based on your granular permissions settings.

Granular permissions enabled

With granular permissions enabled, you must be a user with the manage any login profile privilege.

Granular permissions disabled

With granular permissions disabled, you must be a user with sso_role.

Auditing

Values in event and extrainfo columns of sysaudits are:

Event

Audit option

Command or access audited

Information in extrainfo

137

security_profile

create login profile

Keywords contain DEFAULT

If the login profile is made the default: {attributes from login_name | attribute_value_pair_list}

See also

Commands create login, alter login, alter login profile, drop login, drop login profile

Documents For information about creating login profiles, invoking a login script at login, and precedence rules, see the Security Administration Guide.

Functions lprofile_id, lprofile_name

System procedures sp_passwordpolicy, sp_displaylogin, sp_displayroles, sp_locklogin