Creates a login profile with specified attributes.
create login profile login_profile_name [ as default ]
[ with { attributes from login_name | attribute_value_pair_list } ]
specifies the name of the login profile to be created.
sets the created login profile as the default for all login accounts except sa and probe.
when login_name is specified, creates a login profile with attributes values taken from the specified login account. The attribute_value_ pair_list specifies, an attribute name and corresponding value. Specify one or more of the following attributes and value:
default database default_database_name – specifies a default database. The default is Master.
default language default_language – specifies a default language. The default is us_english
login script login_script_name – specifies a valid stored procedure. Limited to 120 characters for a login script.
authenticate with – specifies the mechanism used for authenticating the login account. Valid values: ASE, LDAP, PAM, KERBEROS, ANY
When ANY is used, Adaptive Server checks for a defined external authentication mechanism. If one is defined, Adaptive Server uses the defined mechanism., otherwise the ASE mechanism is used.
If authenticate with authentication mechanism is not specified, ANY will be used for the login account.
track lastlogin – enables last login updates. Valid values: TRUE, FALSE. The default is TRUE, which is to update.
stale period – indicates the duration a login account is allowed to remain inactive before it is locked due to inactivity. Valid values are 1 .. 32767 days. Duration: D (days), W (weeks), M (months), Y (years). The default is D (days).
profile id – shares the ID space with the server user ID (suid) of login accounts. By default, the login profile ID is generated and automatically assigned to the login profile upon creation
Valid value is unique between login accounts and login profiles. Range: [-32768, 2147483647] Excluding: -2, -1, 0, 1, 2
Creates a login profile. Attribute values that are not set will follow the precedence rules:
create login profile eng_lp
For information, see “Applying login profile and password policy attributes,” in the Security Administration Guide.
Creates a login profile and transfers the login attribute values from the login account ravi to the new login profile ravi_lp. Attribute values that are not set will follow the precedence rules.
create login profile ravi_lp with attributes from ravi
Creates login profile sa_login_profile with the authentication method ASE.
create login profile sa_login_profile with authenticate with ASE
Precedence rules determine how login account attributes will be applied when attributes are taken from different login profiles or when values have been specified using sp_passwordpolicy.
ANSI SQL – Compliance level: Transact-SQL extension.
The permission checks for create login profile differ based on your granular permissions settings.
Granular permissions enabled |
With granular permissions enabled, you must be a user with the manage any login profile privilege. |
Granular permissions disabled |
With granular permissions disabled, you must be a user with sso_role. |
Values in event and extrainfo columns of sysaudits are:
Event |
Audit option |
Command or access audited |
Information in extrainfo |
|---|---|---|---|
137 |
security_profile |
create login profile |
Keywords contain DEFAULT If the login profile is made the default: {attributes from login_name | attribute_value_pair_list} |
Commands create login, alter login, alter login profile, drop login, drop login profile
Documents For information about creating login profiles, invoking a login script at login, and precedence rules, see the Security Administration Guide.
Functions lprofile_id, lprofile_name
System procedures sp_passwordpolicy, sp_displaylogin, sp_displayroles, sp_locklogin
