A login policy is a named object in a database that consists of a set of rules that are applied when you create a database connection for a user. All new databases include a root login policy. You can modify the root login policy values, but you cannot delete the policy. Login policies govern only the rules for user login and are separate from authorities and permissions. Login policies are not inherited through group memberships.
The following table lists the settings that are governed by a login policy and includes the default settings for the root login policy:
Policy-option-name | Description | Default value | Applies to |
---|---|---|---|
password_life_time | The maximum number of days before a password must be changed. | Unlimited | All users including those with DBA authority |
password_grace_time | The number of days before the password expires during which login is allowed, but the default post_login procedure issues warnings. | 0 | All users including those with DBA authority |
password_expiry_on_next_login | If the value for this option is ON, the user's password will expire after the next login. | OFF | All users including those with DBA authority |
locked | If the value for this option is ON, users are not allowed to establish new connections. Users with DBA authority cannot be locked. The reason_locked column of the sa_get_user_status system procedure returns a string generated by the database server that shows why a user is locked. | OFF | Users without DBA authority |
max_connections | The maximum number of concurrent connections allowed for a user. | Unlimited | Users without DBA authority |
max_failed_login_attempts | The maximum number of failed attempts, since the last successful attempt, to login before the user is locked. | Unlimited | Users without DBA authority |
max_days_since_login | The maximum number of days that can elapse between two successive logins by the same user. | Unlimited | Users without DBA authority |
max_non_dba_connections | The maximum number of concurrent connections that users without DBA authority can make. This option is only supported in the root login policy. | Unlimited | Users without DBA authority and only to the default login policy |
A user is assigned the root login policy when:
You can create, alter, and drop login policies. As well, you can create, alter, and drop users, and assign login policies to them. The sa_get_user_status system procedure lets you get information about the current status of a user. See sa_get_user_status system procedure.
Modify the root login policy
Creating a new login policy
Creating a user and assigning a login policy
Assigning a login policy to an existing user
Altering a login policy
Dropping a login policy
Managing login policies on read-only databases
Discuss this page in DocCommentXchange.
|
Copyright © 2010, iAnywhere Solutions, Inc. - SQL Anywhere 12.0.0 |