Database Password Security Settings

you can manage password security in the {{ocienthyperscaledatawarehouse}} by using a variety of settings and managing user states password security settings {{ocient}} includes password security settings to meet specific security requirements or preferences five settings are available to configure your password security security setting description password minimum length the minimum length of passwords the maximum password length supported by the ocient system is 32 password complexity level an integer value representing the password complexity algorithm supported values are 1 — level 1 the password must contain at least one upper case character, lower case character, and number 2 — level 2 in addition to the requirements specified in level 1, the password must contain at least one non alphanumeric character password no repeat count the number of unique passwords that a user must use before they can reuse a password even if this setting is set to 0 , when the system determines that the password lifetime has been reached, you must change the password to a unique value password lifetime days the password must be changed after this number of days after the password is older than this period, the user changes to the password expired state on their next login password invalid attempt limit the number of login attempts with an invalid password before a user changes to the disabled state except for the password no repeat count setting , a value of 0 for any of these settings means that the system ignores that setting password security setting hierarchy and precedence you can set all these settings at the system, database, or group levels the ocient system uses the most restrictive value for example, if password minimum length is 8 at the system level, 10 at the database level, and 12 at the group level, the system applies the value 12 to the user you can only add a user to a group after you create the user in the system upon user creation, password minimum length , password complexity level , and password no repeat count settings are based only on system and database level settings system catalog table for security settings the sys security settings system catalog table shows current security settings the table contains settings for only databases and groups if any settings are non zero after setting the password invalid attempt limit value, you can inspect the value using the sys security settings system catalog table select password invalid attempt limit from sys security settings; the sys users system catalog table contains information about users, their current state, and details about their security status, such as the last time the password was updated or the number of failed login attempts user states ocient local users, not sso based users, are in one of these states enabled disabled password expired enabled state enabled users have normal access privileges to the system they can connect and execute sql statements this state is the default state for all users disabled state a disabled user cannot connect to the system, and if they are currently connected, they cannot execute any sql statements users become disabled automatically if they exceed the password invalid number of failed password attempts an administrator must set the state of the user to enabled for the user to resume access password expired state this state enables a user to log on however, the only sql statement they can execute is alter user \<example user> set password='yyyy' the user receives a warning that their password is expired when they authenticate whenever the password lifetime days number of days has elapsed after the last time the password changed, the system automatically transitions a user to the password expired state on their next login you can inspect the last password change timestamp in the password updated at column in the sys users system catalog table change user state to change the state of the user to these different states, use the docid\ hcnnsmzcvpai1kqlhtzud sql statement related links docid 5vdoeimcg9i6p xff 6b docid\ asr8r6xqiyofgaz5qnbiw docid\ hcnnsmzcvpai1kqlhtzud docid\ xga0pas8wadtq33 a x7v docid\ uacarixqhe493vlhudb5b docid\ hcnnsmzcvpai1kqlhtzud