ALTER PROFILE v14
Name
ALTER PROFILE
— Alter an existing profile.
Synopsis
Description
Use the ALTER PROFILE
command to modify a user-defined profile. EDB Postgres Advanced Server supports two forms of the command:
- Use
ALTER PROFILE…RENAME TO
to change the name of a profile. - Use
ALTER PROFILE…LIMIT
to modify the limits associated with a profile.
Include the LIMIT
clause and one or more space-delimited parameter/value
pairs to specify the rules enforced by EDB Postgres Advanced Server. Use ALTER PROFILE …RENAME TO
to change the name of a profile.
Parameters
profile_name
The name of the profile.
new_name
The new name of the profile.
parameter
The attribute limited by the profile.
value
The parameter limit.
EDB Postgres Advanced Server supports these values for each parameter:
FAILED_LOGIN_ATTEMPTS
specifies the number of failed login attempts that a user can make before the server locks them out of their account for the length of time specified by PASSWORD_LOCK_TIME
. Supported values are:
- An
INTEGER
value greater than0
. DEFAULT
— The value ofFAILED_LOGIN_ATTEMPTS
specified in theDEFAULT
profile.UNLIMITED
— The connecting user can make an unlimited number of failed login attempts.
PASSWORD_LOCK_TIME
specifies the length of time that must pass before the server unlocks an account that was locked because of FAILED_LOGIN_ATTEMPTS
. Supported values are:
- A
NUMERIC
value of0
or greater. To specify a fractional portion of a day, specify a decimal value. For example, use the value4.5
to specify 4 days, 12 hours. DEFAULT
— The value ofPASSWORD_LOCK_TIME
specified in theDEFAULT
profile.UNLIMITED
— The account is locked until manually unlocked by a database superuser.
PASSWORD_LIFE_TIME
specifies the number of days to use the current password before the user is prompted to provide a new password. Include the PASSWORD_GRACE_TIME
clause when using the PASSWORD_LIFE_TIME
clause to specify the number of days after the password expires before connections by the role are rejected. If you don't specify PASSWORD_GRACE_TIME
, the password expires on the day specified by the default value of PASSWORD_GRACE_TIME
. The user can't execute any command until they provide a new password. Supported values are:
- A
NUMERIC
value of0
or greater. To specify a fractional portion of a day, specify a decimal value. For example, use the value4.5
to specify 4 days, 12 hours. DEFAULT
— The value ofPASSWORD_LIFE_TIME
specified in theDEFAULT
profile.UNLIMITED
— The password doesn't have an expiration date.
PASSWORD_GRACE_TIME
specifies the length of the grace period after a password expires until the user is forced to change their password. When the grace period expires, a user is allowed to connect but isn't allowed to execute any command until they update their expired password. Supported values are:
- A
NUMERIC
value of0
or greater. To specify a fractional portion of a day, specify a decimal value. For example, use the value4.5
to specify 4 days, 12 hours. DEFAULT
— The value ofPASSWORD_GRACE_TIME
specified in theDEFAULT
profile.UNLIMITED
— The grace period is infinite.
PASSWORD_REUSE_TIME
specifies the number of days a user must wait before reusing a password. Use the PASSWORD_REUSE_TIME
and PASSWORD_REUSE_MAX
parameters together. If you specify a finite value for one of these parameters while the other is UNLIMITED
, old passwords can never be reused. If both parameters are set to UNLIMITED
, there are no restrictions on password reuse. Supported values are:
- A
NUMERIC
value of0
or greater. To specify a fractional portion of a day, specify a decimal value. For example, use the value4.5
to specify 4 days, 12 hours. DEFAULT
— The value ofPASSWORD_REUSE_TIME
specified in theDEFAULT
profile.UNLIMITED
— The password can be reused without restrictions.
PASSWORD_REUSE_MAX
specifies the number of password changes that must occur before a password can be reused. Use the PASSWORD_REUSE_TIME
and PASSWORD_REUSE_MAX
parameters together. If you specify a finite value for one of these parameters while the other is UNLIMITED
, old passwords can never be reused. If both parameters are set to UNLIMITED
, there are no restrictions on password reuse. Supported values are:
- An
INTEGER
value of0
or greater. DEFAULT
— The value ofPASSWORD_REUSE_MAX
specified in theDEFAULT
profile.UNLIMITED
— The password can be reused without restrictions.
PASSWORD_VERIFY_FUNCTION
specifies password complexity. Supported values are:
- The name of a PL/SQL function.
DEFAULT
— The value ofPASSWORD_VERIFY_FUNCTION
specified in theDEFAULT
profile.NULL
PASSWORD_ALLOW_HASHED
specifies whether an encrypted password is allowed. If you specify the value as TRUE
, the system allows a user to change the password by specifying a hash-computed encrypted password on the client side. However, if you specify the value as FALSE
, then a password must be specified in a plain-text form to validate without error. Supported values are:
- A
BOOLEAN
valueTRUE/ON/YES/1
orFALSE/OFF/NO/0
. DEFAULT
— The value ofPASSWORD_ALLOW_HASHED
specified in theDEFAULT
profile.
Note
The PASSWORD_ALLOW_HASHED
isn't compatible with Oracle.
Examples
This example modifies a profile named acctg_profile
:
acctg_profile
counts failed connection attempts when a login role attempts to connect to the server. The profile specifies that if a user doesn't authenticate with the correct password in three attempts, the account is locked for one day.
This example changes the name of acctg_profile
to payables_profile
: