create login

Description

Creates a login account; specifies a password, a login profile for the account, and user-supplied parameters to be assigned to the account.

Syntax

create login login_name with [encrypted] 
	password password 
	[attribute_value_pair_list]

Parameters

login_name: specifies the name of the login account to be created.

with encrypted: specifies an encrypted password for the new login account.

password passwordValue: specifies a password for the new login account.

attribute_value_pair_list: list of attributes and corresponding values to be added to the login account. The attribute_value_ pair_list is an attribute name and value. Specify one or more of the following:

Parameter

Parameter Value

Description

login profile

Valid values:

login_profile_name

ignore

login_profile_name binds the specified login profile to the specified login account.

ignore eliminates any login profile binding. A default login profile will not be applicable and attributes will be applied as they were prior to release 15.7.

If a login profile is not specified, a default login profile is applied. See “Applying login profile and password policy attributes” in the Security Administration Guide.

suid

Valid values: Unique value between [-32768, 2147483647] excluding [-2, -1, 0, 1, 2].

By default an suid is generated and automatically assigned to the login account upon creation.

fullname

name_value

Full name of user who owns the login account.

Default is NULL.

login script

login_script_name

Specifies a valid stored procedure. Limited to 120 characters for a login script.

password expiration

Valid range: 0 to 32767 days.

Password expiration interval.

Default is 0, meaning the password never expires.

min password length

Valid range: 0 to 30.

Minimum password length required.

Default is 6.

max failed attempts

Valid range: -1 to 32767.

Number of login attempts allowed after which the login account is locked.

-1 indicates the failed count is tracked but not locked.

Default is 0, meaning the failed count is not tracked and the account is not locked due to failed login attempts.

default database

default_database_name

Specifies a database to be the default.

Default is Master.

default language

default_language

Specifies a language to be the default.

Default is us_english

authenticate with

Valid values: ASE, LDAP, PAM, KERBEROS, ANY

Specifies the mechanism used for authenticating the login account.

When ANY is used, Adaptive Server checks for a defined external authentication mechanism. If one is defined, Adaptive Server uses the defined mechanism., otherwise the ASE mechanism is used.

If authenticate with authentication mechanism is not specified, ANY will be used for the login account.

exempt inactive lock

Valid values: TRUE or FALSE

Specifies whether or not to exempt login accounts from being locked due to inactivity.

Default is FALSE which indicates accounts are not exempt.

Parameter	Parameter Value	Description
login profile	Valid values: *login_profile_name* ignore	*login_profile_name* binds the specified login profile to the specified login account. ignore eliminates any login profile binding. A default login profile will not be applicable and attributes will be applied as they were prior to release 15.7. If a login profile is not specified, a default login profile is applied. See “Applying login profile and password policy attributes” in the Security Administration Guide.
suid	Valid values: Unique value between [-32768, 2147483647] excluding [-2, -1, 0, 1, 2].	By default an suid is generated and automatically assigned to the login account upon creation.
fullname	name_value	Full name of user who owns the login account. Default is NULL.
login script	login_script_name	Specifies a valid stored procedure. Limited to 120 characters for a login script.
password expiration	Valid range: 0 to 32767 days.	Password expiration interval. Default is 0, meaning the password never expires.
min password length	Valid range: 0 to 30.	Minimum password length required. Default is 6.
max failed attempts	Valid range: -1 to 32767.	Number of login attempts allowed after which the login account is locked. -1 indicates the failed count is tracked but not locked. Default is 0, meaning the failed count is not tracked and the account is not locked due to failed login attempts.
default database	*default_database_name*	Specifies a database to be the default. Default is Master.
default language	*default_language*	Specifies a language to be the default. Default is us_english
authenticate with	Valid values: ASE, LDAP, PAM, KERBEROS, ANY	Specifies the mechanism used for authenticating the login account. When ANY is used, Adaptive Server checks for a defined external authentication mechanism. If one is defined, Adaptive Server uses the defined mechanism., otherwise the ASE mechanism is used. If authenticate with authentication mechanism is not specified, ANY will be used for the login account.
exempt inactive lock	Valid values: TRUE or FALSE	Specifies whether or not to exempt login accounts from being locked due to inactivity. Default is FALSE which indicates accounts are not exempt.

Examples

Example 1

Creates a login account with password itsA8ecret, applies the login profile emp_lp, applies server user ID 7, and specifies that the account will not be locked due to inactivity

Example 2

create login ravi with password itsA8ecret login profile
emp_lp suid 7 exempt inactive lock true

Usage

Precedence rules determine how login account attributes will be applied when attributes are taken from different login profiles or when values have been specified using sp_passwordpolicy.
For ease of management, it is strongly recommended that all users’ Adaptive Server login names be the same as their operating system login names. This makes it easier to correlate audit data between the operating system and Adaptive Server. Otherwise, keep a record of the correspondence between operating system and server login names.

Standards

ANSI SQL – Compliance level: Transact-SQL extension.

Permissions

You must have sso_role privileges to create login accounts.

Auditing

Values in event and extrainfo columns of sysaudits are:

Event	Audit option	Command or access audited	Information in extrainfo
103	login_admin	create login	Keywords contain: WITH attribute_value_pair_list