Executor: DBA privilege holder
This section explains the procedure for initial set-up of password character string restrictions. You must perform the steps in the order they are shown below, beginning with step (1).
You should evaluate the restrictions that can be set for passwords. The items you should consider are shown in Table 23-3.
Table 23-3 Restrictions that can be set for passwords
Restriction | Explanation |
---|---|
Specifiable minimum in bytes | Specify in bytes the minimum number of characters that can be used for a password. The specifiable range of the minimum number of characters for a password is between 6 and 15. |
Prohibition on use of the authorization identifier | Specify whether or not inclusion of the person's authorization identifier in the password character string is to be prohibited. If prohibition is specified, the following passwords would be prohibited:
|
Prohibition on use of only one type of characters | Specify whether or not use of only one type of characters for a password is to be prohibited. If prohibition is specified, the following passwords would be prohibited:
|
You should check in advance for existing users whose existing password will not conform to the proposed restrictions. Because the nonconforming users will be placed in password-invalid account lock state, they will no longer be permitted to connect to HiRDB. Before establishing restrictions, you should identify the users whose existing password will be in violation of the restrictions. For details about the identification procedure, see 23.5 Checking for users who will be placed in password-invalid account lock state.
Use a GRANT statement to change the password of a user whose existing password does not conform to the password restrictions. Examples follow:
GRANT CONNECT TO USER01 IDENTIFIED BY "f51HD7tc"
GRANT DBA TO ADMIN01 IDENTIFIED BY "gd4A@sPL"
GRANT AUDIT IDENTIFIED BY "a0h7Fc3K"
Use CREATE CONNECTION SECURITY to set the desired password character string restrictions.
An example of specifying CREATE CONNECTION SECURITY follows:
CREATE CONNECTION SECURITY
FOR PASSWORD
MIN LENGTH 8 ...1
USER IDENTIFIER RESTRICT ...2
SIMILAR RESTRICT ...3
Check for users in password-invalid account lock state. For the checking procedure, see 23.4.1(1) Check for users in password-invalid account lock state.