sp_modify_time_range  sp_modifystats

Chapter 1: System Procedures

sp_modifylogin

Description

Modifies the default database, default language, default role activation, login script, full name, the password expiration interval, the minimum password length, and the maximum number of failed logins allowed for a specified Adaptive Server login account.

Syntax

sp_modifylogin {loginame | “all overrides”}, option, value

Parameters

loginame

is the login account to be modified.

"all overrides"

removes the system overrides that were set using the "passwd expiration", "min passwd length", or "max failed_logins" parameters. To remove all the login-specific values, specify:

sp_modifylogin "all overrides", "option", "-1"
option

specifies the name of the option to be changed. Table 1-16 lists valid options and their descriptions.

Table 1-16: sp_modifylogin option variable and definitions

Option

Definition

authenticate with

Authenticates the login. Specify these values:

  • ASE – use Adaptive Server internal authentication using syslogin passwords.

  • LDAP – use external authentication with an LDAP Server.

  • PAM – use external authentication with PAM.

  • ANY – by default, users are authenticated using this authentication method. A user with ANY authentication means that Adaptive Server checks if there is any external authentication mechanism defined, and if there is, it is used. Otherwise, it uses ASE authentication.

defdb

The “home” database to which the user is connected when he or she logs in.

deflanguage

The official name of the user’s default language.

fullname

The user’s full name.

"add default role"

The role or roles to be activated by default at login.

"drop default role"

The role or roles to be dropped from the list of roles activated by default at login. This option affects only user-defined roles, not system roles.

"passwd expiration"

The password expiration interval in days. It can be anyvalue between 0 and 32767, inclusive.

"min passwd length"

The minimum password length required for the specified login. It can be any value between 0 and 30, inclusive. 0 specifies that no password is required. The default is 6.

"max failed_logins"

The number of allowable failed login attempts for the specified login. It can be any value between 0 and 32767, inclusive.

login script

Name of the stored prodecure to run automatically when user logs in.

value

is the value of the option you specified for the option parameter. The value parameter is a character datatype; therefore, quotes are required for positive and negative numeric values.

Examples

Example 1

Changes the default database for “sarah” to pubs2:

sp_modifylogin sarah, defdb, "pubs2"

Example 2

Sets the default language for “claire” to French:

sp_modifylogin claire, deflanguage, "french"

Example 3

Changes the full name of user “clemens” to “Samuel Clemens”:

sp_modifylogin clemens, fullname, "Samuel Clemens"

Example 4

Adds the specialist role to the list of roles activated by default when user csmith logs in:

sp_modifylogin csmith, "add default role", specialist_role

Example 5

Drops the intern role from the list of roles activated by default when user “hpillai” logs in:

sp_modifylogin hpillai, "drop default role", intern_role

Example 6

Changes the maximum number of failed login attempts for the login “joe” to 40:

sp_modifylogin "joe", "max failed_logins", "40"

Example 7

Changes the overrides for maximum failed login attempts of all logins to 3:

sp_modifylogin "all overrides", "max failed_logins", "3"

Example 8

Removes the overrides for maximum failed logins option for all logins:

sp_modifylogin "all overrides", "max failed_logins", "-1"

Example 9

The login account named “nightlyjob” can only authenticate using local ASE authentication, and not an external mechanism such as LDAP or PAM:

sp_modifylogin "nightlyjob", "authenticate with", "ASE" 

Example 10

Runs the proc_p1 script when Bob1 logs in to Adaptive Server:

sp_modifylogin Bob1, 'login script', proc_p1

Usage


Changing a user’s default database


Changing a user’s role activation

Permissions

A user can use sp_modifylogin to change their default database, default language, and full name. Only a System Administrator or System Security Officer can execute sp_modifylogin to change the default database, default language, or full name of another user. Only a System Security Officer can execute sp_modifylogin to activate another user’s roles by default at login, change the password expiration interval, the minimum password length, the maximum number of failed logins allowed, and the login script associated with a specified login.

Auditing

Values in event and extrainfo columns from the sysaudits table are:

Event

Audit option

Command or access audited

Information in extrainfo

38

exec_procedure

Execution of a procedure

  • Roles – Current active roles

  • Keywords or options – NULL

  • Previous value – NULL

  • Current value – NULL

  • Other information – All input parameters

  • Proxy information – Original login name, if set proxy in effect

See also

System procedures sp_activeroles, sp_addalias, sp_addlogin, sp_adduser, sp_displaylogin, sp_displayroles, sp_helprotect,

Commands alter role, create procedure, create role, drop role, grant, revoke, set role





Copyright © 2005. Sybase Inc. All rights reserved. sp_modifystats

View this book as PDF