Creates a login account; specifies a password, a login profile for the account, and user-supplied parameters to be assigned to the account.
create login login_name with [encrypted] password password [attribute_value_pair_list]
specifies the name of the login account to be created; it must start with an alphabetic character and cannot exceed 30 characters in length.
specifies an encrypted password for the new login account.
specifies a password for the new login account.
list of attributes and corresponding values to be added to the login account. The attribute_value_ pair_list is an attribute name and value. Specify one or more of the following:
Parameter |
Parameter Value |
Description |
---|---|---|
login profile |
Valid values:
|
If a login profile is not specified, a default login profile is applied. See “Applying login profile and password policy attributes” in the Security Administration Guide. |
suid |
Valid values: Unique value between [-32768, 2147483647] excluding [-2, -1, 0, 1, 2]. |
By default an suid is generated and automatically assigned to the login account upon creation. |
fullname |
name_value |
Full name of user who owns the login account. Default is NULL. |
login script |
login_script_name |
Specifies a valid stored procedure. Limited to 120 characters for a login script. |
password expiration |
Valid range: 0 to 32767 days. |
Password expiration interval. Default is 0, meaning the password never expires. |
min password length |
Valid range: 0 to 30. |
Minimum password length required. Default is 6. |
max failed attempts |
Valid range: -1 to 32767. |
Number of login attempts allowed after which the login account is locked. -1 indicates the failed count is tracked but not locked. Default is 0, meaning the failed count is not tracked and the account is not locked due to failed login attempts. |
default database |
default_database_name |
Specifies a database to be the default. Default is Master. |
default language |
default_language |
Specifies a language to be the default. Default is us_english |
authenticate with |
Valid values: ASE, LDAP, PAM, KERBEROS, ANY |
Specifies the mechanism used for authenticating the login account. When ANY is used, Adaptive Server checks for a defined external authentication mechanism. If one is defined, Adaptive Server uses the defined mechanism., otherwise the ASE mechanism is used. If authenticate with authentication mechanism is not specified, ANY will be used for the login account. |
exempt inactive lock |
Valid values: TRUE or FALSE |
Specifies whether or not to exempt login accounts from being locked due to inactivity. Default is FALSE which indicates accounts are not exempt. |
Creates a login account with password itsA8ecret, applies the login profile emp_lp, applies server user ID 7, and specifies that the account will not be locked due to inactivity
create login ravi with password itsA8ecret login profile emp_lp suid 7 exempt inactive lock true
Precedence rules determine how login account attributes will be applied when attributes are taken from different login profiles or when values have been specified using sp_passwordpolicy.
For ease of management, it is strongly recommended that all users’ Adaptive Server login names be the same as their operating system login names. This makes it easier to correlate audit data between the operating system and Adaptive Server. Otherwise, keep a record of the correspondence between operating system and server login names.
ANSI SQL – Compliance level: Transact-SQL extension.
The permission checks for create login differ based on your granular permissions settings.
Granular permissions enabled |
With granular permissions enabled, you must be a user with the manage any login privilege. |
Granular permissions disabled |
With granular permissions disabled, you must be a user with sso_role. |
Values in event and extrainfo columns of sysaudits are:
Event |
Audit option |
Command or access audited |
Information in extrainfo |
---|---|---|---|
103 |
login_admin |
create login |
Keywords contain: WITH attribute_value_pair_list |
Commands create login profile, alter login, alter login profile, drop login, drop login profile
Documents For more information about creating login accounts, see the Security Administration Guide. For precedence rules, see “Applying login profile and password policy attributes,” in the Security Administration Guide.
Functions lprofile_id, lprofile_name
System procedures sp_passwordpolicy, sp_displaylogin, sp_displayroles, sp_locklogin