A login policy consists of a set of rules that are applied when you create a database connection for a user. All new databases include a root login policy. You can modify the root login policy values, but you cannot delete the policy. Login policies govern only the rules for user login and are separate from authorities and permissions. Login policies are not inherited through group memberships.
The following table lists the settings that are governed by a login policy and includes the default settings for the root login policy:
Policy-option-name | Description | Default value | Applies to |
---|---|---|---|
password_life_time | The maximum number of days before a password must be changed. | Unlimited | All users, including those with DBA authority. |
password_grace_time | The number of days before the password expires during which login is allowed, but the default post_login procedure issues warnings. | 0 | All users, including those with DBA authority. |
password_expiry_on_next_login | If the value for this option is ON, the user's password expires after the next login. | OFF | All users, including those with DBA authority. |
locked | If the value for this option is ON, users are not allowed to establish new connections. Users with DBA authority cannot be locked. The reason_locked column of the sa_get_user_status system procedure returns a string generated by the database server that shows why a user is locked. | OFF | Users without DBA authority. |
max_connections | The maximum number of concurrent connections allowed for a user. | Unlimited | Users without DBA authority. |
max_failed_login_attempts | The maximum number of failed attempts since the last successful attempt to log in before the user is locked. | Unlimited |
All users, including those with DBA authority. DBA user accounts are unlocked after one minute has passed since the most recent failed login attempt. |
max_days_since_login | The maximum number of days that can elapse between two successive logins by the same user. | Unlimited | Users without DBA authority. |
max_non_dba_connections | The maximum number of concurrent connections that users without DBA authority can make. This option is only supported in the root login policy. | Unlimited | Users without DBA authority and only to the root login policy. |
A user is assigned the root login policy when:
You can create, alter, and drop login policies. As well, you can create, alter, and drop users, and assign login policies to them. The sa_get_user_status system procedure lets you get information about the current status of a user.
Modifying the root login policy
Creating a new login policy
Creating a user and assigning a login policy
Assigning a login policy to an existing user
Altering a login policy
Dropping a login policy
Login policy management on read-only databases
Discuss this page in DocCommentXchange.
|
Copyright © 2012, iAnywhere Solutions, Inc. - SQL Anywhere 12.0.1 |