Table 9-5 lists the restrictions that can be specified for passwords.

Table 9-5 Restrictions that can be specified for passwords

Item	Description
Set a minimum password length	You can set a minimum length for a password (minimum number of bytes).
Prohibit specification of authorization identifier	You can prohibit use of one's authorization identifier as a password.
Prohibit only one type of characters*	You can prohibit passwords that consist of only one type of characters (for example, only uppercase alphabetic characters, or only numeric characters, etc.).

^* Only the following types of characters can be used in passwords:

• Uppercase alphabetic characters: A to Z, #, @, \
• Lowercase alphabetic characters: a to z
• Numeric characters: 0 to 9

Reference note

You cannot set password character string restrictions for individuals users. The settings you specify here apply to all users of HiRDB (including DBA privilege holders and auditors).

When you set restrictions on passwords, the account of any user who violates a restriction is placed in password-invalid account lock state. Users placed in this status can no longer connect (CONNECT) to HiRDB.

Such a user's password must be changed in order to release the password-invalid account lock state.

Before setting restrictions on passwords, you should check how many user accounts are likely to be placed in password-invalid account lock state due to restriction violations.

If a password set for a new user with a GRANT DBA, GRANT AUDIT, or GRANT CONNECT statement violates a restriction, the GRANT statement will not execute.

You use CREATE CONNECTION SECURITY to set restrictions on password character strings.