User Connections

There are several ways to manage user connections.

You can:

Limit the number of active logins for a single user – assign user to a login policy in which the MAX_CONNECTIONS login policy option is set.
Lock a user account:
- Explicitly – assign user to a login policy in which the LOCKED option is set to ON.
- Implicitly – assign user to a login policy in which the MAX_FAILED_LOGIN_ATTEMPTS option is set. If the user exceeds the value when attempting to log in, his or her user account is locked.
Set a password expiry condition – assign user to a login policy in which the PASSWORD_EXPIRY_ON_NEXT_LOGIN login policy option is set. You can also execute the CREATE USER or ALTER USER statements, including the FORCE PASSWORD CHANGE clause.

Assigning a login policy to a user, or forcing a password change requires the MANAGE ANY USER system privilege. Creating or altering a login policy requires the MANAGE ANY LOGIN POLICY system privilege.

Preventing Connection After Failed Login Attempts
Prevent a user from connecting after exceeding the maximum failed login attempts.
Creating a DBA Recovery Account
Create a DBA recovery account for production systems. The DBA recovery account is a backup, in case you lose the original DBA account password.
Logging In with a DBA Recovery Account
Log in using the DBA recovery account, and reset the original DBA account password.
Manage Connections Using Stored Procedures
There are several stored procedures for managing user connections.
Manage Resources Used by Connections
Building a set of users and roles allows you to manage permissions on a database. Another aspect of database security and management is to limit the resources an individual user can use.

Parent topic: Security Management