Available options for root and user-defined login policies.
Option | Description |
---|---|
AUTO_UNLOCK_TIME | The time period after which locked accounts that
are not granted the MANAGE ANY USER system privilege are
automatically unlocked. You can define this option in any login
policy, including the root login policy.
|
CHANGE_PASSWORD_DUAL_CONTROL | Requires input from two users, each of whom is
granted the CHANGE PASSWORD system privilege, to change the password
of another user.
|
DEFAULT_LOGICAL_SERVER |
If the connection string specifies no logical server, the user connects to the DEFAULT_LOGICAL_SERVER option specified in the user's login policy.
|
LOCKED |
If set ON, users cannot establish new connections. This setting temporarily denies access to login policy users. Logical server overrides for this option are not allowed.
|
MAX_CONNECTIONS |
The maximum number of concurrent connections allowed for a user. You can specify a per-logical-server setting for this option.
|
MAX_DAYS_SINCE_LOGIN |
The maximum number of days that can elapse between two successive logins by the same user.
|
MAX_FAILED_LOGIN_ATTEMPTS |
The maximum number of failed attempts, since the last successful attempt, to log in to the user account before the account is locked.
|
MAX_NON_DBA_CONNECTIONS |
The maximum number of concurrent connections that a user without SERVER OPERATOR or DROP CONNECTION system privileges can make. This option is supported only in the root login policy.
|
PAM_FAILOVER_TO_STD |
Use standard authentication if PAM authentication is enabled but the PAM library is unavailable due to a system failure. Authentication failures returned by PAM do not fail over to standard authentication.
|
PAM_SERVICENAME |
The PAM service name to use when authenticating. The service name identifies the rule set to be used by PAM during validation. If empty (the default), do not use PAM. The database server continues to function when PAM support is unavailable. See Enabling PAM User Authentication in Adminstration: User Management and Security. |
PASSWORD_EXPIRY_ON_NEXT_LOGIN |
If set ON, the user's password expires at the next login.
Note This functionality is not
currently implemented when logging in to SAP IQ Cockpit. However, when logging in to SAP IQ outside of SAP IQ Cockpit (for example, using Interactive SQL), users are then
prompted to enter a new password.
|
PASSWORD_GRACE_TIME |
The number of days before password expiration during which login is allowed but the default post_login procedure issues warnings.
|
PASSWORD_LIFE_TIME |
The maximum number of days before a password must be changed.
|
ROOT_AUTO_UNLOCK_TIME |
The time period after which locked accounts that are granted the MANAGE ANY USER system privilege are automatically unlocked. You can define this option only in the root login policy.
|