Show TOC

Login Policy OptionsLocate this document in the navigation structure

Available options for root and user-defined login policies.

Option Description
AUTO_UNLOCK_TIME The time period after which locked accounts that are not granted the MANAGE ANY USER system privilege are automatically unlocked. You can define this option in any login policy, including the root login policy.
  • Values 0 – UNLIMITED
  • Default UNLIMITED
  • Applies to all users who are not granted the MANAGE ANY USER system privilege.
CHANGE_PASSWORD_DUAL_CONTROL Requires input from two users, each of whom is granted the CHANGE PASSWORD system privilege, to change the password of another user.
  • Values ON, OFF
  • Default OFF
  • Applies to all users.
DEFAULT_LOGICAL_SERVER

If the connection string specifies no logical server, the user connects to the DEFAULT_LOGICAL_SERVER option specified in the user's login policy.

  • Values
    • Name of an existing user-defined logical server
    • ALL – allows access to all logical servers.
    • AUTO – value of the default logical server in the root login policy.
    • COORDINATOR – the current coordinator node.
    • NONE – denies access to any multiplex server.
    • OPEN – use alone or with the name of a user-defined logical server. Allows access to all multiplex nodes that are not members of any user-defined logical servers.
    • SERVER – allows access to all of the multiplex nodes, subject to the semantics of the SERVER logical server.
  • Default AUTO
  • Applies to

    all users. Requires MANAGE MULTIPLEX system privilege.
LOCKED

If set ON, users cannot establish new connections. This setting temporarily denies access to login policy users. Logical server overrides for this option are not allowed.

  • Values ON, OFF
  • Default OFF
  • Applies to

    all users except those with the MANAGE ANY USER system privilege.
MAX_CONNECTIONS

The maximum number of concurrent connections allowed for a user. You can specify a per-logical-server setting for this option.

  • Values 0 – 2147483647
  • Default UNLIMITED
  • Applies to all users except those with the SERVER OPERATOR or DROP CONNECTION system privilege.
MAX_DAYS_SINCE_LOGIN

The maximum number of days that can elapse between two successive logins by the same user.

  • Values 0 – 2147483647
  • Default UNLIMITED
  • Applies to all users except those with the MANAGE ANY USER system privilege.
MAX_FAILED_LOGIN_ATTEMPTS

The maximum number of failed attempts, since the last successful attempt, to log in to the user account before the account is locked.

  • Values 0 – 2147483647
  • Default UNLIMITED
  • Applies to all users.
MAX_NON_DBA_CONNECTIONS

The maximum number of concurrent connections that a user without SERVER OPERATOR or DROP CONNECTION system privileges can make. This option is supported only in the root login policy.

  • Values 0 – 2147483647
  • Default UNLIMITED
  • Applies to all users except those with the SERVER OPERATOR or DROP CONNECTION privilege.
PAM_FAILOVER_TO_STD

Use standard authentication if PAM authentication is enabled but the PAM library is unavailable due to a system failure. Authentication failures returned by PAM do not fail over to standard authentication.

  • Values ON, OFF
  • Default ON
  • Applies to all users.
PAM_SERVICENAME

The PAM service name to use when authenticating. The service name identifies the rule set to be used by PAM during validation. If empty (the default), do not use PAM. The database server continues to function when PAM support is unavailable. See Enabling PAM User Authentication in Adminstration: User Management and Security.
PASSWORD_EXPIRY_ON_NEXT_LOGIN

If set ON, the user's password expires at the next login.

  • Values ON, OFF
  • Default OFF
  • Applies to all users.
Note This functionality is not currently implemented when logging in to SAP IQ Cockpit. However, when logging in to SAP IQ outside of SAP IQ Cockpit (for example, using Interactive SQL), users are then prompted to enter a new password.
PASSWORD_GRACE_TIME

The number of days before password expiration during which login is allowed but the default post_login procedure issues warnings.

  • Values 0 – 2147483647
  • Default 0
  • Applies to all users.
PASSWORD_LIFE_TIME

The maximum number of days before a password must be changed.

  • Values 0 – 2147483647
  • Default UNLIMITED
  • Applies to all users.
ROOT_AUTO_UNLOCK_TIME

The time period after which locked accounts that are granted the MANAGE ANY USER system privilege are automatically unlocked. You can define this option only in the root login policy.

  • Values 0 – UNLIMITED
  • Default 15
  • Applies to all users who are granted the MANAGE ANY USER system privilege.