Creates a login policy in the database.
CREATE LOGIN POLICY policy-name policy-options
policy-option [ policy-option... ]
policy-option-name =policy-option-value policy-option-value={ UNLIMITED | ROOT | legal-option-value }
This example creates the Test1 login policy. This example has an unlimited password life and allows the user a maximum of five attempts to enter a correct password before the account is locked.
CREATE LOGIN POLICY Test1 password_life_time=UNLIMITED max_failed_login_attempts=5;
policy-name is the name of the login policy.
policy-option-name is the name of the login policy option. If you do not specify an option, the value from the root login policy is applied.
policy-option-value is the value assigned to the login policy option. If you specify UNLIMITED, no limits are imposed.
If you do not specify a policy option, values for the login policy are taken from the root login policy. Table 1-5 describes the default options for the root login policy.
Option |
Description |
Values |
Initial value for ROOT policy |
Applies to |
---|---|---|---|---|
locked |
If the value for this option is ON, users are prohibited from establishing new connections |
ON, OFF |
OFF |
Users without DBA authority only |
max_connections |
The maximum number of concurrent connections allowed for a user. |
0 – 2147483647 |
Unlimited |
Users without DBA authority only |
max_days_since_login |
The maximum number of days that can elapse between two successive logins by the same user. |
0 – 2147483647 |
Unlimited |
Users without DBA authority only |
max_failed_login_attempts |
The maximum number of failed attempts, since the last successful attempt, to login to the user account before the account is locked. |
0 – 2147483647 |
Unlimited |
Users without DBA authority only |
max_non_dba_connections |
The maximum number of concurrent connections that a user without DBA authority can make. This option is only supported in the root login policy. |
0 – 2147483647 |
Unlimited |
Users without DBA authority only. Only to the root login policy. |
password_expiry_on_next_login |
If the value for this option is ON, the user's password will expire in the next login. |
ON, OFF |
OFF |
All users including those with DBA authority |
password_grace_time |
The number of days before password expiration during which login is allowed but the default post_login procedure issues warnings. |
0 – 2147483647 |
0 |
All users including those with DBA authority |
password_life_time |
The maximum number of days before a password must be changed. |
0 – 2147483647 |
Unlimited |
All users including those with DBA authority |
Must have DBA or USER ADMIN authority.