Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 12.0.0 » SQL Anywhere Server - Database Administration » Configuring your database » Managing user IDs, authorities, and permissions

 

Managing login policies

A login policy is a named object in a database that consists of a set of rules that are applied when you create a database connection for a user. All new databases include a root login policy. You can modify the root login policy values, but you cannot delete the policy. Login policies govern only the rules for user login and are separate from authorities and permissions. Login policies are not inherited through group memberships.

The following table lists the settings that are governed by a login policy and includes the default settings for the root login policy:

Policy-option-name Description Default value Applies to
password_life_time The maximum number of days before a password must be changed. Unlimited All users including those with DBA authority
password_grace_time The number of days before the password expires during which login is allowed, but the default post_login procedure issues warnings. 0 All users including those with DBA authority
password_expiry_on_next_login If the value for this option is ON, the user's password will expire after the next login. OFF All users including those with DBA authority
locked If the value for this option is ON, users are not allowed to establish new connections. Users with DBA authority cannot be locked. The reason_locked column of the sa_get_user_status system procedure returns a string generated by the database server that shows why a user is locked. OFF Users without DBA authority
max_connections The maximum number of concurrent connections allowed for a user. Unlimited Users without DBA authority
max_failed_login_attempts The maximum number of failed attempts, since the last successful attempt, to login before the user is locked. Unlimited Users without DBA authority
max_days_since_login The maximum number of days that can elapse between two successive logins by the same user. Unlimited Users without DBA authority
max_non_dba_connections The maximum number of concurrent connections that users without DBA authority can make. This option is only supported in the root login policy. Unlimited Users without DBA authority and only to the default login policy

A user is assigned the root login policy when:

You can create, alter, and drop login policies. As well, you can create, alter, and drop users, and assign login policies to them. The sa_get_user_status system procedure lets you get information about the current status of a user. See sa_get_user_status system procedure.

 Inheritance of login policy settings
 See also

Modify the root login policy
Creating a new login policy
Creating a user and assigning a login policy
Assigning a login policy to an existing user
Altering a login policy
Dropping a login policy
Managing login policies on read-only databases