Changes the attributes of a login profile.
alter login profile login_profile_name { [as [ not ] default ] | [modify attribute_value_pair_list ] | [add auto activated roles role_name [, role_name_list ]] | [drop auto activated roles { ALL | role_name [, role_name_list ]}] | [drop attribute_name_list] }
Parameter |
Parameter Value |
Description |
---|---|---|
default database |
default_database_name |
Specifies a database in the SAP ASE server. The default is master. |
default language |
default_language |
Specifies a language. The default is us_english |
login script |
login_script_name |
Specifies a valid stored procedure. Limited to 120 characters for a login script. |
authenticate with |
Valid values: ASE, LDAP, PAM, KERBEROS, ANY |
Specifies the mechanism used for authenticating the login account. When ANY is used, the SAP ASE server checks for a defined external authentication mechanism. If one is defined, the SAP ASE server uses the defined mechanism., otherwise the ASE mechanism is used. If authenticate with authentication mechanism is not specified, ANY is used for the login account. |
track lastlogin |
Valid values: TRUE, FALSE. |
Enables last login updates. The default is TRUE, which is to update. |
stale period |
1 .. 32767 days. Duration: D (days), W (weeks), M (months), Y (years) |
Indicates the duration a login account is allowed to remain inactive before it is locked due to inactivity. The default is D (days). |
default database – removes the default database specification.
default language – removes thedefault languages specification.
login script– removes specifications to apply a login script.
authenticate with – removes specifications for authentication mechanisms that are associated with the account.
track last login – removes specifications that enable last login updates.
stale period – removes any restrictions that have been specified for the login account to remain inactive before it is locked.
alter login profile eng_lp as default
alter login profile mgr_lp add auto activated roles program _role, product_role, admin_role
alter login profile mgr_lp drop auto activated roles admin_role
alter login profile mgr_lp drop login script
Precedence rules determine how login account attributes are applied when attributes are taken from different login profiles or when values have been specified using sp_passwordpolicy. For precedence rules, see Applying Login Profile and Password Policy Attributes in the Security Administration Guide.
You can specify a login script to be invoked at login. For more information, see Invoking a Login Script in the Security Administration Guide.
create login, create login profile, alter login, drop login, drop login profile
For information about altering login profiles, see the Security Administration Guide.
lprofile_id, lprofile_name in Reference Manual: Building Blocks
sp_passwordpolicy, sp_displaylogin, sp_displayroles, sp_locklogin in Reference Manual: Procedures
ANSI SQL – Compliance level: Transact-SQL extension.
The permission checks for alter login profile differ based on your granular permissions settings.
Setting | Description |
---|---|
Enabled | With granular permissions enabled, you must have the manage any login profile privilege to execute alter login profile. |
Disabled | With granular permissions disabled, you must have sso_role to execute alter login profile. |
Values in event and extrainfo columns of sysaudits are:
Information | Values |
---|---|
Event | 140 |
Audit option | security_profile |
Command or access audited | alter login profile |
Information in extrainfo | Keywords contain:
|