You can manage password security in the by using a variety of settings and managing user states.Documentation Index
Fetch the complete documentation index at: https://docs.ocient.com/llms.txt
Use this file to discover all available pages before exploring further.
Password Security Settings
includes password security settings to meet specific security requirements or preferences. Five settings are available to configure your password security.| Security Setting | Description |
|---|---|
password_minimum_length | The minimum length of passwords. The maximum password length supported by the Ocient System is 32. |
password_complexity_level | An integer value representing the password complexity algorithm. Supported values are: 1 — Level 1. The password must contain at least one upper case character, lower case character, and number.2 — Level 2. In addition to the requirements specified in level 1, the password must contain at least one non-alphanumeric character. |
password_no_repeat_count | The number of unique passwords that a user must use before they can reuse a password. Even if this setting is set to 0, when the system determines that the password lifetime has been reached, you must change the password to a unique value. |
password_lifetime_days | The password must be changed after this number of days. After the password is older than this period, the user changes to the PASSWORD_EXPIRED state on their next login. |
password_invalid_attempt_limit | The number of login attempts with an invalid password before a user changes to the DISABLED state. |
Except for the
password_no_repeat_count setting, a value of 0 for any of these settings means that the system ignores that setting.Password Security Setting Hierarchy and Precedence
You can set all these settings at the system, database, or group levels. The Ocient System uses the most restrictive value. For example, ifpassword_minimum_length is 8 at the system level, 10 at the database level, and 12 at the group level, the system applies the value 12 to the user.
You can only add a user to a group after you create the user in the system. Upon user creation,
password_minimum_length, password_complexity_level, and password_no_repeat_count settings are based only on system- and database-level settings.System Catalog Table for Security Settings
Thesys.security_settings system catalog table shows current security settings. The table contains settings for only databases and groups if any settings are non-zero.
After setting the password_invalid_attempt_limit value, you can inspect the value using the sys.security_settings system catalog table.
SQL
The
sys.users system catalog table contains information about users, their current state, and details about their security status, such as the last time the password was updated or the number of failed login attempts.Password Recovery
The Ocient System does not enable you to recover a password. If you forget your password, contact the user who has the Security Administrator or Database Administrator role. Users with those roles can set a new password.User States
Ocient local users, not SSO-based users, are in one of these states:ENABLEDDISABLEDPASSWORD_EXPIRED
ENABLED State
Enabled users have normal access privileges to the system. They can connect and execute SQL statements. This state is the default state for all users.
DISABLED State
A disabled user cannot connect to the system, and if they are currently connected, they cannot execute any SQL statements. Users become disabled automatically if they exceed the password_invalid number of failed password attempts.
An administrator must set the state of the user to ENABLED for the user to resume access.
PASSWORD_EXPIRED State
This state enables a user to log on. However, the only SQL statement they can execute is ALTER USER <example_user> SET PASSWORD='yyyy'. The user receives a warning that their password is expired when they authenticate.
Whenever the password_lifetime_days number of days has elapsed after the last time the password changed, the system automatically transitions a user to the PASSWORD_EXPIRED state on their next login.
You can inspect the last password change timestamp in the password_updated_at column in the sys.users system catalog table.