PASSWORD - Advanced SQL Engine - Teradata Database

SQL Data Definition Language Syntax and Examples

Product
Advanced SQL Engine
Teradata Database
Release Number
17.00
Published
September 2020
Language
English (United States)
Last Update
2021-01-23
dita:mapPath
wgr1555383704548.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
B035-1144
lifecycle
previous
Product Category
Teradata Vantage™

If you specify the PASSWORD or PASSWORD ATTRIBUTES phrase, you must list one or more password control option and specify either a value or NULL (the default) for each.

Password security attributes in a modified profile take effect the next time a profile member user logs on after the modification.

Password controls only affect users authenticated by the database. Externally authenticated users are unaffected.

For detailed description of password control methods, options, and strategies, see “Working with Password Controls” in Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100.

Character-related password format controls do not apply to multibyte client character sets on systems enabled with Japanese language support.
Some password control attribute values are not applicable to first-level profile members, but only to children of profile member users. See Effects of Profile-Based Password Controls.
ATTRIBUTES
Keywords that introduces a set of password control attributes. Following are brief descriptions of the password controls.
attribute_name = value
If you specify a value in a profile for a password control, the value supersedes the global value for profile members.
attribute_name = NULL
If the value for an attribute is NULL or if you do not specify the PASSWORD or PASSWORD ATTRIBUTES phrase, the profile defaults to the global password control settings in DBC.SysSecDefaults.
EXPIRE=n
The number of days to elapse before the password expires.
A value of 0 for n indicates the password never expires.
NULL indicates that the EXPIRE option is not set for the profile.
You can specify any non-zero value to cause new users who are profile members to replace the temporary password specified in their user definitions with a permanent private password at first log on. Users must use the MODIFY USER statement to change their password.
MINCHAR=n
The minimum number of characters in a password string.
The valid range for n is 1-127 UNICODE characters.
NULL indicates that the MINCHAR option is not set for the profile.
MAXCHAR=n
The maximum number of characters in a password string.
The valid range for n is 1-127 UNICODE characters.
NULL indicates that the MAXCHAR option is not set for the profile.
DIGITS=c
Specifies whether at least one digit must appear in a password string.
  • If c is N or n, digits are not permitted in a password string.
  • If c is R or r, At least one digit is required in a password string.
  • If c is Y or y, digits are permitted in a password string, but not required.
  • NULL indicates that the DIGITS option is not set for the profile.
SPECCHAR=c
Specifies whether various characters or the user name are allowed, not allowed, or required in a user password string.
The value for SPECCHAR must be one of the single letter option codes shown in Working with the SPECCHAR Password Control, where the letter code you specify for the SPECCHAR option represents a unique set of possible SPECCHAR rules.
MAXLOGONATTEMPTS=n
Number of incorrect logon attempts allowed before locking the user from further attempts, where n is a value from 0 to 127.
A value of 0 for n indicates never to lock the user.
NULL indicates that the MAXLOGONATTEMPTS option is not set for the profile.
LOCKEDUSEREXPIRE=n
Number of minutes to elapse before unlocking a locked user.
  • If n is 0, Vantage unlocks the user immediately.
  • If n is -1, Vantage locks the user indefinitely.
  • NULL indicates that the LOCKEDUSEREXPIRE option is not set for the profile.
REUSE=n
Number of days to elapse before a password can be reused.
A value of 0 for n allows the password to be reused immediately.
NULL indicates that the REUSE option is not set for the profile.
RESTRICTWORDS=c
Specifies whether certain words are restricted from use within a password string.
The valid values for c are listed below.
  • If c is Y or y, any words listed in DBC.PasswordRestrictions cannot be used in password strings.
  • If c is N or n, use of words listed in DBC.PasswordRestrictions in password strings is allowed.
  • NULL indicates that the RESTRICTWORDS option is not set for the profile.
For details, see Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100 and Teradata Vantage™ - Database Administration, B035-1093.