|
Sets the minimum number of administrators required to administer roles.
Integer between 1 and 10.
1
| PUBLIC role | For current user | For other users | |
|---|---|---|---|
| Allowed to set permanently? | Yes, with SET ANY SECURITY OPTION | No | No |
| Allowed to set temporarily? | No | No | No |
Setting this option takes effect immediately.
When creating, dropping, or revoking roles, changing a user password to null, locking users manually, or auto-locking a user for violating some condition of their login policy, the database server ensures that the number of role administrators will not drop below the specified minimum. Only role administrators with non-null passwords, including those with expired passwords, and who are not locked out are included in the count.
Changes to the value of this option are allowed only if each role has at least the specified number of role administrators. While revoking a role from a user, if the number of role administrators falls below the min_role_admins option value, the statement returns an error.
A user is locked manually by setting the locked attribute to ON for the login policy of that user. This prevents the user from making a new connection to the database.
Conditions in the login policy that can result in a user being auto-locked include exceeding max_failed_login_attempts or max_days_since_login.
The following example sets the min_role_admins option to 2:
SET OPTION PUBLIC.MIN_ROLE_ADMINS = 2;