System administrators and system security officers can:
Use |
To |
|---|---|
sp_addlogin |
Specify the expiration interval for a login password at creation |
sp_modifylogin |
Change the expiration interval for a login password. sp_modifylogin affects only user roles, not system roles. |
create role |
Specify the expiration interval for a role password at creation (only the system security officer can issue create role) |
alter role |
Change the expiration interval for a role password (only the system security officer can issue alter role) |
The following rules apply to password expiration for logins and roles:
A password expiration interval assigned to individual login accounts or roles overrides the global password expiration value. This allows you to specify shorter expiration intervals for sensitive accounts or roles, such as system security officer passwords, and more relaxed intervals for less sensitive accounts such as an anonymous login.
A login or role for which the password has expired is not directly activated.
The password expires at the time of day when the password was last changed after the number of days specified by password expiration interval has passed. password expiration interval specifies the password expiration interval in days. It can be any value between 0 and 32767, inclusive. For example, if you create a new login on August 1, 2007 at 10:30 AM, with a password expiration interval of 30 days, the password expires on August 31, 2007 at 10:30 AM
For details on the syntax and rules for the commands and system procedures, see the Reference Manual.
