create login

Description

Creates a login account; specifies a password, a login profile for the account, and user-supplied parameters to be assigned to the account.

Syntax

create login login_name with [encrypted] 
	password password 
	[attribute_value_pair_list]

Parameters

login_name

specifies the name of the login account to be created; it must start with an alphabetic character and cannot exceed 30 characters in length.

with encrypted

specifies an encrypted password for the new login account.

password passwordValue

specifies a password for the new login account.

attribute_value_pair_list

list of attributes and corresponding values to be added to the login account. The attribute_value_ pair_list is an attribute name and value. Specify one or more of the following:

Parameter

Parameter Value

Description

login profile

Valid values:

  • login_profile_name

  • ignore

  • login_profile_name binds the specified login profile to the specified login account.

  • ignore eliminates any login profile binding. A default login profile will not be applicable and attributes will be applied as they were prior to release 15.7.

If a login profile is not specified, a default login profile is applied. See “Applying login profile and password policy attributes” in the Security Administration Guide.

suid

Valid values: Unique value between [-32768, 2147483647] excluding [-2, -1, 0, 1, 2].

By default an suid is generated and automatically assigned to the login account upon creation.

fullname

name_value

Full name of user who owns the login account.

Default is NULL.

login script

login_script_name

Specifies a valid stored procedure. Limited to 120 characters for a login script.

password expiration

Valid range: 0 to 32767 days.

Password expiration interval.

Default is 0, meaning the password never expires.

min password length

Valid range: 0 to 30.

Minimum password length required.

Default is 6.

max failed attempts

Valid range: -1 to 32767.

Number of login attempts allowed after which the login account is locked.

-1 indicates the failed count is tracked but not locked.

Default is 0, meaning the failed count is not tracked and the account is not locked due to failed login attempts.

default database

default_database_name

Specifies a database to be the default.

Default is Master.

default language

default_language

Specifies a language to be the default.

Default is us_english

authenticate with

Valid values: ASE, LDAP, PAM, KERBEROS, ANY

Specifies the mechanism used for authenticating the login account.

When ANY is used, Adaptive Server checks for a defined external authentication mechanism. If one is defined, Adaptive Server uses the defined mechanism., otherwise the ASE mechanism is used.

If authenticate with authentication mechanism is not specified, ANY will be used for the login account.

exempt inactive lock

Valid values: TRUE or FALSE

Specifies whether or not to exempt login accounts from being locked due to inactivity.

Default is FALSE which indicates accounts are not exempt.

Examples

Example 1

Creates a login account with password itsA8ecret, applies the login profile emp_lp, applies server user ID 7, and specifies that the account will not be locked due to inactivity

Example 2

create login ravi with password itsA8ecret login profile
emp_lp suid 7 exempt inactive lock true

Usage

Standards

ANSI SQL – Compliance level: Transact-SQL extension.

Permissions

The permission checks for create login differ based on your granular permissions settings.

Granular permissions enabled

With granular permissions enabled, you must be a user with the manage any login privilege.

Granular permissions disabled

With granular permissions disabled, you must be a user with sso_role.

Auditing

Values in event and extrainfo columns of sysaudits are:

Event

Audit option

Command or access audited

Information in extrainfo

103

login_admin

create login

Keywords contain: WITH attribute_value_pair_list

See also

Commands create login profile, alter login, alter login profile, drop login, drop login profile

Documents For more information about creating login accounts, see the Security Administration Guide. For precedence rules, see “Applying login profile and password policy attributes,” in the Security Administration Guide.

Functions lprofile_id, lprofile_name

System procedures sp_passwordpolicy, sp_displaylogin, sp_displayroles, sp_locklogin