Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.
SQL Anywhere 17 » SQL Anywhere Server - SQL Reference » SQL statements » Alphabetical list of SQL statements

CREATE LOGIN POLICY statement

Creates a login policy.

Syntax 
CREATE LOGIN POLICY policy-name policy-options
policy options :
policy-option [ policy-option ... ]
policy-option :
policy-option-name = policy-option-value
policy-option-value : 
{ UNLIMITED | option-value }
Parameters
  • policy-name

    The name of the login policy.
  • policy-option-name

    The name of the login policy option.
  • policy-option-value

    The value assigned to the login policy option. If you specify UNLIMITED, no limits are imposed.
Remarks

If you do not specify a policy option, then the corresponding root login policy option is always used. However, new policies do not inherit the max_non_dba_connections and root_auto_unlock_time policy options, these are root policy-only options.

For all unspecified settings, the new policy does not make static copies from the root login policy. Unspecified settings always default back to the root login policy. This means that a change to a root login policy option also affects all those policies for which the option was not specified.

All new databases include a root login policy. You can modify the root login policy values, but you cannot delete the policy. An overview of the default values for the root login policy is provided in the parameters section.

Privileges

You must have the MANAGE ANY LOGIN POLICY system privilege.

Side effects

None.

Standards
  • ANSI/ISO SQL Standard

    Not in the standard.

Example

The following example creates the Test1 login policy. This example has an unlimited password life and allows the user a maximum of five attempts to enter a correct password before the account is locked.

CREATE LOGIN POLICY Test1 
PASSWORD_LIFE_TIME=UNLIMITED
MAX_FAILED_LOGIN_ATTEMPTS=5;

The following example shows typical settings for a new login policy (ldap_user_policy) that uses LDAP user authentication. Both a primary and a secondary server configuration object (previously created) are specified to allow failover to the secondary LDAP server, and the ability to failover to standard authentication is allowed when system resources, network resources, or, both primary and secondary LDAP servers are unresponsive. This example provides a combination of authentication options that permits responsiveness with cached values when an LDAP server cannot keep up with incoming requests. This example assumes that the login_mode database option includes 'Standard'. You cannot paste and run this example since the primary and secondary servers mentioned in the example are fictitious.

CREATE LOGIN POLICY ldap_user_policy  
LDAP_PRIMARY_SERVER=ldapsrv1 
LDAP_SECONDARY_SERVER=ldapsrv2
LDAP_FAILOVER_TO_STD=ON;
Related Information
Login policies
Creating a login policy
Assigning a login policy to an existing user
ALTER LOGIN POLICY statement
ALTER USER statement
COMMENT statement
CREATE USER statement
DROP LOGIN POLICY statement
DROP USER statement
Login policy options and default values