Profile Management v11

Advanced Server allows a database superuser to create named profiles. Each profile defines rules for password management that augment password and md5 authentication. The rules in a profile can:

• count failed login attempts
• lock an account due to excessive failed login attempts
• mark a password for expiration
• define a grace period after a password expiration
• define rules for password complexity
• define rules that limit password re-use

A profile is a named set of password attributes that allow you to easily manage a group of roles that share comparable authentication requirements. If the password requirements change, you can modify the profile to have the new requirements applied to each user that is associated with that profile.

After creating the profile, you can associate the profile with one or more users. When a user connects to the server, the server enforces the profile that is associated with their login role. Profiles are shared by all databases within a cluster, but each cluster may have multiple profiles. A single user with access to multiple databases will use the same profile when connecting to each database within the cluster.

Advanced Server creates a profile named default that is associated with a new role when the role is created unless an alternate profile is specified. If you upgrade to Advanced Server from a previous server version, existing roles will automatically be assigned to the default profile. You cannot delete the default profile.

The default profile specifies the following attributes:

A database superuser can use the ALTER PROFILE command to modify the values specified by the default profile. For more information about modifying a profile, see Altering a Profile.