Password Policy Configuration Options:
Passwords for the user name/password authentication of database users are subject to certain rules, or password policy.
You can change the default password policy in the Security editor of the SAP HANA studio (recommended) or directly in the password_policy section of the indexserver.ini system properties file.
Note : The password policy parameters for the system database of a multiple-container system are in the namesever.ini file and not the indexserver.ini file.
Additional Information : You must enter a value between 6 and 64.
A user administrator (that is, a user with the system privilege USER ADMIN) can force a user to change his or her password at any time with the following SQL statement: ALTER USER FORCE PASSWORD CHANGE
A user administrator can override this password policy setting for individual users (for example, technical users) with the following SQL statement:
CREATE USER PASSWORD [NO FORCE_FIRST_PASSWORD_CHANGE]
ALTER USER PASSWORD [NO FORCE_FIRST_PASSWORD_CHANGE]
The number of last used passwords that the user is not allowed to reuse when changing his or her current password
Default Value : 5
Additional Information : If you enter the value 0, the user can reuse his or her old password.
The maximum number of failed logon attempts that are possible; the user is locked as soon as this number is reached
Default Value 6
Additional Information You must enter a value of at least 1.
A user administrator can reset the number of invalid logon attempts with the following SQL statement:
ALTER USER RESET CONNECT ATTEMPTS
Note: The first time a user logs on successfully after an invalid logon attempt, an entry is made in the INVALID_CONNECT_ATTEMPTS system view containing the following information:
The number of invalid logon attempts since the last successful logon
The time of the last successful logon
A user administrator can delete information about invalid logon attempts with the following SQL statement:
ALTER USER DROP CONNECT ATTEMPTS
The number of minutes for which a user is locked after the maximum number of failed logon attempts
Default Value 1440
Additional Information :If you enter the value 0, the user is unlocked immediately. This disables the functionality of parameter maximum_invalid_connect_attempts.
A user administrator can reset the number of invalid logon attempts and reactivate the user account with the following SQL statement:
ALTER USER RESET CONNECT ATTEMPTS.
It is also possible to reactivate the user in the user editor of the SAP HANA studio.
To lock a user indefinitely, enter the value -1. In the Security editor of the SAP HANA studio, this corresponds to selecting the Lock indefinitely checkbox. The user remains locked until reactivated by a user administrator as described above.
Passwords for the user name/password authentication of database users are subject to certain rules, or password policy.
You can change the default password policy in the Security editor of the SAP HANA studio (recommended) or directly in the password_policy section of the indexserver.ini system properties file.
Note : The password policy parameters for the system database of a multiple-container system are in the namesever.ini file and not the indexserver.ini file.
1. minimal_password_length :
Default Value : 8Additional Information : You must enter a value between 6 and 64.
2. force_first_password_change :
Defines whether users have to change their initial passwords immediately the first time they log on Default Value : TrueA user administrator (that is, a user with the system privilege USER ADMIN) can force a user to change his or her password at any time with the following SQL statement: ALTER USER
A user administrator can override this password policy setting for individual users (for example, technical users) with the following SQL statement:
CREATE USER
ALTER USER
3. last_used_passwords :
Default Value : 5
Additional Information : If you enter the value 0, the user can reuse his or her old password.
4. maximum_invalid_connect_attempts :
Default Value 6
Additional Information You must enter a value of at least 1.
A user administrator can reset the number of invalid logon attempts with the following SQL statement:
ALTER USER
Note: The first time a user logs on successfully after an invalid logon attempt, an entry is made in the INVALID_CONNECT_ATTEMPTS system view containing the following information:
The number of invalid logon attempts since the last successful logon
The time of the last successful logon
A user administrator can delete information about invalid logon attempts with the following SQL statement:
ALTER USER
5. password_lock_time :
The number of minutes for which a user is locked after the maximum number of failed logon attempts
Default Value 1440
Additional Information :If you enter the value 0, the user is unlocked immediately. This disables the functionality of parameter maximum_invalid_connect_attempts.
A user administrator can reset the number of invalid logon attempts and reactivate the user account with the following SQL statement:
ALTER USER
It is also possible to reactivate the user in the user editor of the SAP HANA studio.
To lock a user indefinitely, enter the value -1. In the Security editor of the SAP HANA studio, this corresponds to selecting the Lock indefinitely checkbox. The user remains locked until reactivated by a user administrator as described above.
No comments:
Post a Comment