Login Policies (IQ/SQL Anywhere)
IQ (v15.0 and higher) and SQL Anywhere (v12 and higher) define the rules to be followed when establishing a user’s database connection in a database object called a login policy. PowerDesigner models login policies as extended objects with a stereotype of <<LoginPolicy>>.
You can create a login policy in any of the following ways:
-
Select
Model 
Login Policies 
to access the List of Login Policies, and click the Add a Row tool. -
Right-click the model (or a package) in the Browser, and select
New Login Policy .
You can modify an object's properties from its property sheet. To open a login policy property sheet, double-click its Browser entry in the Login Policies folder.
|
Name |
Description |
|---|---|
|
Password life time |
Specifies the maximum number of days before a password must be changed. Scripting name: PasswordLifeTime |
|
Password grace time |
Specifies the number of days before password expiration during which login is allowed but the default post_login procedure issues warnings. Scripting name: PasswordGraceTime |
|
Password expires |
Specifies that the user's password will expire in the next login. Scripting name: PasswordExpiryOnNextLogin |
|
Locked |
Specifies that users are prohibited from establishing new connections. Scripting name: Locked |
|
Maximum connections |
Specifies the maximum number of concurrent connections allowed for a user. Scripting name: MaxConnections |
|
Maximum failed logins |
Specifies the maximum number of failed attempts, since the last successful attempt, to login to the user account before the account is locked. Scripting name: MaxFailedLoginAttempts |
| Auto unlock time |
[v16 and higher] Specifies the time period after which locked accounts not granted the MANAGE ANY USER system privilege are automatically unlocked. Scripting name: AutoUnlockTime |
|
Maximum days since login |
Specifies the maximum number of days that can elapse between two successive logins by the same user. Scripting name: MaxDaysSinceLogin |
|
Maximum non-dba connections |
Specifies the maximum number of concurrent connections that a user without DBA authority can make. This option is only supported in the root login policy. Scripting name: MaxNonDBAConnections |
| Change password dual control |
[v16 and higher] Specifies that two users, each granted the CHANGE PASSWORD system privilege, are required to change the password of another user. Scripting name: ChangePasswordDualControl |
| Default logical server |
[v16 and higher] Specifies the server to which the user using this login policy connects when the connection string specifies no logical server. Scripting name: DefaultLogicalServer_disp |
| Root auto unlock time |
[v16 and higher] Specifies the time period after which locked accounts granted the MANAGE ANY USER system privilege are automatically unlocked. Scripting name: RootAutoUnlockTime |
|
Name |
Description |
|---|---|
|
Primary / Secondary server |
Specify the names of the primary and secondary LDAP servers (see LDAP Servers (IQ)). Scripting name: LDAPPrimaryServer, LDAPSecondaryServer |
|
Auto fallback period |
Specifies the time period, in minutes, after which automatic failback to the primary server is attempted. Scripting name: LDAPAutoFailbackPeriod |
|
Failover to standard authentication |
Permits standard authentication when authentication via the LDAP server fails due to system resources, network outage, connection timeouts, or similar system failures. Scripting name: LDAPFailoverToStd |
|
Record LDAP DN refresh time |
Updates the ldap_refresh_dn value in the system table with the current time, stored in Coordinated Universal Time (UTC) Scripting name: LDAPRefreshDN |