Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.
SQL Anywhere 17 » SQL Anywhere Server - SQL Reference » SQL statements » Alphabetical list of SQL statements

ALTER LOGIN POLICY statement

Alters an existing login policy.

Syntax 
ALTER LOGIN POLICY policy-name policy-options
policy options :
policy-option [ policy-option ... ]
policy-option :
policy-option-name = policy-option-value
policy-option-value : 
{ UNLIMITED 
| DEFAULT 
| legal-option-value }
Parameters
  • policy-name

    The name of the login policy. Specify root to modify the root login policy.
  • policy-option-name

    The name of the policy option.
  • policy-option-value

    The value assigned to the login policy option. If you specify UNLIMITED, no limits are used. If you specify DEFAULT, the default limits are used.
Remarks

When a login policy is altered, changes are immediately applied to all users.

If you do not specify a policy option, values for this login policy are taken from the root login policy. New policies do not inherit the MAX_NON_DBA_CONNECTIONS and ROOT_AUTO_UNLOCK_TIME policy options.

All new databases include a root login policy. You can modify the root login policy values, but you cannot delete the policy. An overview of the default values for the root login policy is provided in the table above.

Privileges

You must have the MANAGE ANY LOGIN POLICY system privilege.

Side effects

None.

Standards
  • ANSI/ISO SQL Standard

    Not in the standard.

Example

The following example alters the fictitious Test1 login policy by changing the LOCKED and MAX_CONNECTIONS policy options. The LOCKED value indicates that users with the policy cannot establish new connections and the MAX_CONNECTIONS value limits the number of concurrent connections that are allowed.

ALTER LOGIN POLICY Test1 
LOCKED=ON
MAX_CONNECTIONS=5;

This example overrides the root login policy LOCKED and MAX_CONNECTIONS policy options.

ALTER LOGIN POLICY root 
LOCKED=ON
MAX_CONNECTIONS=5;

The following example sets a primary and a secondary LDAP server for a fictitious ldap_user_policy login policy, and turns off the ability to failover to standard authentication, even when database option login_mode includes 'Standard'. This provides strict controls on users of this login policy so that only LDAP user authentication is used for authentication. In the event that a high volume of login connections occur such that the LDAP server is unable to respond and authenticate quickly, users whose retries and timeouts are exhausted will see connection failures to the database server rather than failover to use standard authentication.

ALTER LOGIN POLICY ldap_user_policy
LDAP_PRIMARY_SERVER=ldapsrv1
LDAP_SECONDARY_SERVER=ldapsrv2
LDAP_FAILOVER_TO_STD=OFF;

The following example resets the timestamp value for a fictitious application_user_policy login policy to the current time. Any user that is assigned this policy have their Distinguished Name (DN) searched on the next login attempt, rather than using the value cached in ISYSUSER. This strategy purges old DN values held in ISYSUSER for users associated with this policy at the time of their next authentication.

ALTER LOGIN POLICY application_user_policy
LDAP_REFRESH_DN=NOW;
Related Information
Login policies
Altering a login policy
ALTER USER statement
COMMENT statement
CREATE LOGIN POLICY statement
CREATE USER statement
DROP LOGIN POLICY statement
DROP USER statement
Login policy options and default values