Creates a login policy.
CREATE LOGIN POLICY policy-name policy-options
policy options : policy-option [ policy-option ... ]
policy-option :
policy-option-name = policy-option-value
policy-option-value :
{ UNLIMITED | legal-option-value }
policy-name The name of the login policy.
policy-option-name The name of the login policy option. If you do not specify an option, the value from the root login policy is applied.
policy-option-value The value assigned to the login policy option. If you specify UNLIMITED, no limits are imposed.
If you do not specify a policy option, values for the login policy are taken from the root login policy.
All new databases include a root login policy. You can modify the root login policy values, but you cannot delete the policy. An overview of the default options for the root login policy is provided in the table below.
Policy-option-name | Description | Default value | Applies to |
---|---|---|---|
password_life_time | The maximum number of days before a password must be changed. | Unlimited | All users, including those with DBA authority. |
password_grace_time | The number of days before the password expires during which login is allowed, but the default post_login procedure issues warnings. | 0 | All users, including those with DBA authority. |
password_expiry_on_next_login | If the value for this option is ON, the user's password expires after the next login. | OFF | All users, including those with DBA authority. |
locked | If the value for this option is ON, users are not allowed to establish new connections. Users with DBA authority cannot be locked. The reason_locked column of the sa_get_user_status system procedure returns a string generated by the database server that shows why a user is locked. | OFF | Users without DBA authority. |
max_connections | The maximum number of concurrent connections allowed for a user. | Unlimited | Users without DBA authority. |
max_failed_login_attempts | The maximum number of failed attempts since the last successful attempt to log in before the user is locked. | Unlimited |
All users, including those with DBA authority. DBA user accounts are unlocked after one minute has passed since the most recent failed login attempt. |
max_days_since_login | The maximum number of days that can elapse between two successive logins by the same user. | Unlimited | Users without DBA authority. |
max_non_dba_connections | The maximum number of concurrent connections that users without DBA authority can make. This option is only supported in the root login policy. | Unlimited | Users without DBA authority and only to the root login policy. |
DBA authority
None.
SQL/2008 Vendor extension.
The following example creates the Test1 login policy. This example has an unlimited password life and allows the user a maximum of 5 attempts to enter a correct password before the account is locked.
CREATE LOGIN POLICY Test1 password_life_time=UNLIMITED max_failed_login_attempts=5; |
Discuss this page in DocCommentXchange.
|
Copyright © 2012, iAnywhere Solutions, Inc. - SQL Anywhere 12.0.1 |