Show TOC

CREATE LOGIN POLICY StatementLocate this document in the navigation structure

Creates a login policy in the database.

Syntax
CREATE LOGIN POLICY <policy-name> policy-option

policy-option - (back to Syntax)
   policy-option-name = policy-option-value

policy-option-name - (back to policy-option)
  AUTO_UNLOCK_TIME 
   | CHANGE_PASSWORD_DUAL_CONTROL
   | DEFAULT_LOGICAL_SERVER 
   | LOCKED 
   | MAX_CONNECTIONS 
   | MAX_DAYS_SINCE_LOGIN 
   | MAX_FAILED_LOGIN_ATTEMPTS 
   | MAX_NON_DBA_CONNECTIONS
   | PAM_FAILOVER_TO_STD 
   | PAM_SERVICENAME
   | PASSWORD_EXPIRY_ON_NEXT_LOGIN 
   | PASSWORD_GRACE_TIME 
   | PASSWORD_LIFE_TIME 
   | ROOT_AUTO_UNLOCK_TIME 
   | LDAP_PRIMARY_SERVER 
   | LDAP_SECONDARY_SERVER 
   | LDAP_AUTO_FAILBACK_PERIOD 
   | LDAP_FAILOVER_TO_STD 
   | LDAP_REFRESH_DN

policy-option-value - (back to policy-option)
   { UNLIMITED | DEFAULT | <value> }
Parameters

(back to top)

  • policy-name the name of the login policy. Specify root to modify the root login policy.
  • policy-option-name the name of the policy option. See Login Policy Options and LDAP Login Policy Options for details about each option.
  • policy-option-value the value assigned to the login policy option. If you specify UNLIMITED, no limits are used. If you specify DEFAULT, the default limits are used. See Login Policy Options and LDAP Login Policy Options for supported values for each option.
Applies to
Simplex and multiplex.
Examples

(back to top)

  • Example 1

    creates the Test1 login policy. This login policy has an unlimited password life and allows the user a maximum of five attempts to enter a correct password before the account is locked.

    CREATE LOGIN POLICY Test1 
    password_life_time=UNLIMITED
    max_failed_login_attempts=5;
Usage

(back to top)

If you do not specify a policy option, values for this login policy come from the root login policy. New policies do not inherit the MAX_NON_DBA_CONNECTIONS and ROOT_AUTO_UNLOCK_TIME policy options.

Permissions

(back to top)

Requires MANAGE ANY LOGIN POLICY system privilege.

The following system privileges can override the noted login policy options:

Exception System Privilege Login Policy Option
SERVER OPERATOR or DROP CONNECTION system privilege

MAX_NON_DBA_CONNS

MAX_CONNECTIONS

MANAGE ANY USER system privilege

LOCKED

MAX_DAYS_SINCE_LOGIN