CREATE PROFILE
Creates a profile that controls password requirements for users.
Syntax
CREATE PROFILE name LIMIT
... [PASSWORD_LIFE_TIME {life-limit | DEFAULT | UNLIMITED}]
... [PASSWORD_GRACE_TIME {grace_period | DEFAULT | UNLIMITED}]
... [FAILED_LOGIN_ATTEMPTS {login-limit | DEFAULT | UNLIMITED}]
... [PASSWORD_LOCK_TIME {lock-period | DEFAULT | UNLIMITED}]
... [PASSWORD_REUSE_MAX {reuse-limit | DEFAULT | UNLIMITED}]
... [PASSWORD_REUSE_TIME {reuse-period | DEFAULT | UNLIMITED}]
... [PASSWORD_MAX_LENGTH {max-length | DEFAULT | UNLIMITED}]
... [PASSWORD_MIN_LENGTH {min-length | DEFAULT | UNLIMITED}]
... [PASSWORD_MIN_LETTERS {min-letters | DEFAULT | UNLIMITED}]
... [PASSWORD_MIN_UPPERCASE_LETTERS {min-cap-letters | DEFAULT | UNLIMITED}]
... [PASSWORD_MIN_LOWERCASE_LETTERS {min-lower-letters | DEFAULT | UNLIMITED}]
... [PASSWORD_MIN_DIGITS {min-digits | DEFAULT | UNLIMITED}]
... [PASSWORD_MIN_SYMBOLS{min-symbols | DEFAULT | UNLIMITED}]
Note: For all parameters, the special DEFAULT value means that the parameter's value is inherited from the DEFAULT profile. Any changes to the parameter in the DEFAULT profile is reflected by all of the profiles that inherit that parameter. Any parameter not specified in the CREATE PROFILE command is set to DEFAULT.
Parameters
| Name | Description | Meaning of UNLIMITED value |
|---|---|---|
name |
The name of the profile to create, where name conforms to conventions described in Identifiers. |
N/A |
PASSWORD_LIFE_TIME life-limit |
Integer number of days a password remains valid. After the time elapses, the user must change the password (or will be warned that their password has expired if PASSWORD_GRACE_TIME is set to a value other than zero or UNLIMITED). |
Passwords never expire. |
PASSWORD_GRACE_TIME grace-period |
Integer number of days the users are allowed to login (while being issued a warning message) after their passwords are older than the PASSWORD_LIFE_TIME. After this period expires, users are forced to change their passwords on login if they have not done so after their password expired. |
No grace period (the same as zero) |
FAILED_LOGIN_ATTEMPTS login-limit |
Number of consecutive failed login attempts permitted before locking a user's account. |
Accounts are never locked, no matter how many failed login attempts are made. |
PASSWORD_LOCK_TIME lock-period |
Integer value setting the number of days an account is locked after a user's account is locked after too many failed login attempts. After the PASSWORD_LOCK_TIME has expired, the account is automatically unlocked. |
Accounts locked because of too many failed login attempts are never automatically unlocked. They must be manually unlocked by the database superuser. |
PASSWORD_REUSE_MAX reuse-limit |
The number of password changes that need to occur before the current password can be reused. |
Users are not required to change passwords a certain number of times before reusing an old password. |
PASSWORD_REUSE_TIME reuse-period |
The integer number of days that must pass after a password has been set before it can be reused. |
Password reuse is not limited by time. |
PASSWORD_MAX_LENGTH max-length |
The maximum number of characters allowed in a password. Value must be in the range of 8 to 100. |
Passwords are limited to 100 characters. |
PASSWORD_MIN_LENGTH min-length |
The minimum number of characters required in a password. Valid range is 0 to max-length. |
Equal to max-length. |
PASSWORD_MIN_LETTERS min-of-letters |
Minimum number of letters (a-z and A-Z) that must be in a password. Valid ranged is 0 to max-length. |
0 (no minimum). |
PASSWORD_MIN_UPPERCASE_LETTERS min-cap-letters |
Minimum number of capital letters (A-Z) that must be in a password. Valid range is is 0 to max-length. |
0 (no minimum). |
PASSWORD_MIN_LOWERCASE_LETTERS min-lower-letters |
Minimum number of lowercase letters (a-z) that must be in a password. Valid range is is 0 to max-length. |
0 (no minimum). |
PASSWORD_MIN_DIGITS min-digits |
Minimum number of digits (0-9) that must be in a password. Valid range is is 0 to max-length. |
0 (no minimum). |
PASSWORD_MIN_SYMBOLS min-symbols |
Minimum number of symbols (any printable non-letter and non-digit character, such as $, #, @, and so on) that must be in a password. Valid range is is 0 to max-length. |
0 (no minimum). |
Privileges
Must be a superuser to create a profile.
Note: Only the profile settings for how many failed login attempts trigger Account Locking and how long accounts are locked have an effect on password authentication methods such as LDAP or GSS. All password complexity, reuse, and lifetime settings affect only passwords that Vertica manages.
Example
=> CREATE PROFILE sample_profile LIMIT PASSWORD_MAX_LENGTH 20;
