CREATE PROFILE v14
Name
CREATE PROFILE
— Create a profile.
Synopsis
Description
CREATE PROFILE
create a profile. Include the LIMIT
clause and one or more space-delimited parameter/value
pairs to specify the rules enforced by EDB Postgres Advanced Server.
EDB Postgres Advanced Server creates a default profile named DEFAULT
. When you use the CREATE ROLE
command to create a role, the new role is associated with the DEFAULT
profile. If you upgrade from a previous version of EDB Postgres Advanced Server to EDB Postgres Advanced Server 10, the upgrade process creates the roles in the upgraded version to the DEFAULT
profile.
You must be a superuser to use CREATE PROFILE
.
Include the LIMIT
clause and one or more space-delimited parameter/value
pairs to specify the rules enforced by EDB Postgres Advanced Server.
Parameters
profile_name
The name of the profile.
parameter
The password attribute for the rule to monitor.
value
The value the parameter
must reach before an action is taken by the server.
EDB Postgres Advanced Server supports these values for each parameter:
FAILED_LOGIN_ATTEMPTS
specifies the number of failed login attempts that a user can make before the server locks them out of their account for the length of time specified by PASSWORD_LOCK_TIME
. Supported values are:
- An
INTEGER
value greater than0
. DEFAULT
— The value ofFAILED_LOGIN_ATTEMPTS
specified in theDEFAULT
profile.UNLIMITED
— The connecting user can make an unlimited number of failed login attempts.
PASSWORD_LOCK_TIME
specifies the length of time that must pass before the server unlocks an account that was locked because of FAILED_LOGIN_ATTEMPTS
. Supported values are:
- A
NUMERIC
value of0
or greater. To specify a fractional portion of a day, specify a decimal value. For example, use the value4.5
to specify 4 days, 12 hours. DEFAULT
— The value ofPASSWORD_LOCK_TIME
specified in theDEFAULT
profile.UNLIMITED
— The account is locked until manually unlocked by a database superuser.
PASSWORD_LIFE_TIME
specifies the number of days that the current password can be used before the user is prompted to provide a new password. Include the PASSWORD_GRACE_TIME
clause when using the PASSWORD_LIFE_TIME
clause to specify the number of days to pass after the password expires before connections by the role are rejected. If you don't specify PASSWORD_GRACE_TIME
, the password expires on the day specified by the default value of PASSWORD_GRACE_TIME
, and the user isn't allowed to execute any command until a new password is provided. Supported values are:
- A
NUMERIC
value greater of0
or greater. To specify a fractional portion of a day, specify a decimal value. For example, use the value4.5
to specify 4 days, 12 hours. DEFAULT
— The value ofPASSWORD_LIFE_TIME
specified in theDEFAULT
profile.UNLIMITED
— The password doesn't have an expiration date.
PASSWORD_GRACE_TIME
specifies the length of the grace period after a password expires until the user is forced to change their password. When the grace period expires, a user is allowed to connect but isn't allowed to execute any command until they update their expired password. Supported values are:
- A
NUMERIC
value of0
or greater. To specify a fractional portion of a day, specify a decimal value. For example, use the value4.5
to specify 4 days, 12 hours. DEFAULT
— The value ofPASSWORD_GRACE_TIME
specified in theDEFAULT
profile.UNLIMITED
— The grace period is infinite.
PASSWORD_REUSE_TIME
specifies the number of days a user must wait before reusing a password. Use the PASSWORD_REUSE_TIME
and PASSWORD_REUSE_MAX
parameters together. If you specify a finite value for one of these parameters while the other is UNLIMITED
, old passwords can never be reused. If both parameters are set to UNLIMITED
, there are no restrictions on password reuse. Supported values are:
- A
NUMERIC
value of0
or greater. To specify a fractional portion of a day, specify a decimal value. For example, use the value4.5
to specify 4 days, 12 hours. DEFAULT
— The value ofPASSWORD_REUSE_TIME
specified in theDEFAULT
profile.UNLIMITED
— The password can be reused without restrictions.
PASSWORD_REUSE_MAX
specifies the number of password changes that must occur before a password can be reused. Use the PASSWORD_REUSE_TIME
and PASSWORD_REUSE_MAX
parameters together. If you specify a finite value for one of these parameters while the other is UNLIMITED
, old passwords can never be reused. If both parameters are set to UNLIMITED
there are no restrictions on password reuse. Supported values are:
- An
INTEGER
value of0
or greater. DEFAULT
— The value ofPASSWORD_REUSE_MAX
specified in theDEFAULT
profile.UNLIMITED