Changes the attributes of a login profile.
alter login profile login_profile_name { [as [ not ] default ] | [modify attribute_value_pair_list ] | [add auto activated roles role_name [, role_name_list ]] | [drop auto activated roles { ALL | role_name [, role_name_list ]}] | [drop attribute_name_list] }
as default modifies the login profile to be the default login profile. as not default removes the default property of the specified login profile.
specifies the name of the login profile to be changed.
attribute values are changed to the new values specified if the attributes exist. If the attributes do not exist, the specified list of attributes and corresponding values are added to the specified login profile. The attribute_value_ pair_list is an attribute name and a specified value. Specify one or more of the following attributes:
Parameter |
Parameter Value |
Description |
---|---|---|
default database |
default_database_name |
Specifies a database in Adaptive Server. The default is master. |
default language |
default_language |
Specifies a language. The default is us_english |
login script |
login_script_name |
Specifies a valid stored procedure. Limited to 120 characters for a login script. |
authenticate with |
Valid values: ASE, LDAP, PAM, KERBEROS, ANY |
Specifies the mechanism used for authenticating the login account. When ANY is used, Adaptive Server checks for a defined external authentication mechanism. If one is defined, Adaptive Server uses the defined mechanism., otherwise the ASE mechanism is used. If authenticate with authentication mechanism is not specified, ANY will be used for the login account. |
track lastlogin |
Valid values: TRUE, FALSE. |
Enables last login updates. The default is TRUE, which is to update. |
stale period |
1 .. 32767 days. Duration: D (days), W (weeks), M (months), Y (years) |
Indicates the duration a login account is allowed to remain inactive before it is locked due to inactivity. The default is D (days). |
specifies the previously granted non-password protected user defined roles that must be automatically activated on login. An error is generated if the role specified is not granted to the login. By default, user defined roles are not automatically activated on login.
specifies the previously granted user defined roles must not be automatically activated on login. ALL specifies all granted user defined roles.
removes the following:
default database – removes the default database specification.
default language – removes thedefault languages specification.
login script– removes specifications to apply a login script.
authenticate with – removes specifications for authentication mechanisms that are associated with the account.
track last login – removes specifications that enable last login updates.
stale period – removes any restrictions that have been specified for the login account to remain inactive before it is locked.
Configures eng_lp as the default login profile. If there is an existing default login profile, its default property is removed.
alter login profile eng_lp as default
Alters the login profile mgr_lp to automatically activate the previously granted program_role, product_role, and admin_role, roles on login if they are not password protected.
alter login profile mgr_lp add auto activated roles program _role, product_role, admin_role
Alters the login profile mgr_lp to remove the automatic activation of the previously granted role admin_role on login.
alter login profile mgr_lp drop auto activated roles admin_role
Alters the login profile mgr_lp to remove the login script attribute. Once removed, a login account associated with mgr_lp will use the values of a default login script, if one is defined. If one is not defined, the login script attribute be set to the default value, which is no login script with be invoked on login.
alter login profile mgr_lp drop login script
Precedence rules determine how login account attributes will be applied when attributes are taken from different login profiles or when values have been specified using sp_passwordpolicy. For precedence rules, see “Applying login profile and password policy attributes,” in the Security Administration Guide.
You can specify a login script to be invoked at login. For more information, see “Invoking a login script,” in the Security Administration Guide.
ANSI SQL – Compliance level: Transact-SQL extension.
The permission checks for alter login profile differ based on your granular permissions settings.
Granular permissions enabled |
With granular permissions enabled, you must have the manage any login profile privilege to execute alter login profile. |
Granular permissions disabled |
With granular permissions disabled, you must have sso_role to execute alter login profile. |
Values in event and extrainfo columns of sysaudits are:
Event |
Audit option |
Command or access audited |
Information in extrainfo |
---|---|---|---|
140 |
security_profile |
alter login profile |
Keywords contain:
|
Commands create login, create login profile, alter login, drop login, drop login profile
Documents For information about altering login profiles, see the Security Administration Guide.
Functions lprofile_id, lprofile_name
System procedures sp_passwordpolicy, sp_displaylogin, sp_displayroles, sp_locklogin