CREATE LOGIN POLICY statement

Description

Creates a login policy in the database.

Syntax

CREATE LOGIN POLICY policy-name policy-options

Parameters

policy-options:

policy-option [ policy-option... ]

policy_option:

policy-option-name =policy-option-value policy-option-value={ UNLIMITED |  ROOT |  legal-option-value }

Examples

Example 1

This example creates the Test1 login policy. This example has an unlimited password life and allows the user a maximum of five attempts to enter a correct password before the account is locked.

CREATE LOGIN POLICY Test1 
password_life_time=UNLIMITED
max_failed_login_attempts=5;

Usage

policy-name is the name of the login policy.

policy-option-name is the name of the login policy option. If you do not specify an option, the value from the root login policy is applied.

policy-option-value is the value assigned to the login policy option. If you specify UNLIMITED, no limits are imposed.

If you do not specify a policy option, values for the login policy are taken from the root login policy. Table 1-5 describes the default options for the root login policy.

Table 1-5: Login policy options

Option

Description

Values

Initial value for ROOT policy

Applies to

locked

If the value for this option is ON, users are prohibited from establishing new connections

ON, OFF

OFF

Users without DBA authority only

max_connections

The maximum number of concurrent connections allowed for a user.

0 – 2147483647

Unlimited

Users without DBA authority only

max_days_since_login

The maximum number of days that can elapse between two successive logins by the same user.

0 – 2147483647

Unlimited

Users without DBA authority only

max_failed_login_attempts

The maximum number of failed attempts, since the last successful attempt, to login to the user account before the account is locked.

0 – 2147483647

Unlimited

Users without DBA authority only

max_non_dba_connections

The maximum number of concurrent connections that a user without DBA authority can make. This option is only supported in the root login policy.

0 – 2147483647

Unlimited

Users without DBA authority only. Only to the root login policy.

password_expiry_on_next_login

If the value for this option is ON, the user's password will expire in the next login.

ON, OFF

OFF

All users including those with DBA authority

password_grace_time

The number of days before password expiration during which login is allowed but the default post_login procedure issues warnings.

0 – 2147483647

0

All users including those with DBA authority

password_life_time

The maximum number of days before a password must be changed.

0 – 2147483647

Unlimited

All users including those with DBA authority

Permissions

Must have DBA or USER ADMIN authority.