General Extended Security Support By Name By Class History

SAP MaxDB Database Parameters (7.9.10.03, Security)


DenyAuthentication

change: DIRECT

 A comma separated list of identifiers that specify
 authentication methods that are not allowed for this server.

 Possible identifiers are:

 'SCRAMSHA256V2': Challenge/Response using a SHA256 hash algorithm (with server proof) 
 'SCRAMSHA256'  : Challenge/Response using a SHA256 hash algorithm
 'SCRAMMD5'     : Challenge/Response using a MD5 hash algorithm
 'BASIC'        : Passwords are sent using a reversible crypt algorithm
 
 If DenyAuthentication is empty, then all authentication methods are allowed.

LastUsedPasswords

default: 0

change: DIRECT

new in 7.9.10.00

 The number of last used passwords that the user is not allowed to reuse when changing the current password.
   
 The value 0 allows the user to reuse the last password.
  

MaximumPasswordLifetime

default: 0

change: DIRECT

new in 7.9.10.00

 The number of days after which a user's password expires

 A user administrator can exclude users from this password check with the following
 SQL statement: 
 ALTER USER  DISABLE PASSWORD LIFETIME. However, this is recommended
 for technical users only, not database users that correspond to real people.
  
 A user administrator can re-enable the password lifetime check for a user with the 
 following SQL statement: ALTER USER  ENABLE PASSWORD LIFETIME. 

 A value of 0 means the password expiration is disabled

 The lower and upper limits are:
     0 <= MaximumPasswordLifetime <= 3650

MinimumPasswordLifetime

default: 0

change: DIRECT

new in 7.9.10.00

 The minimum number of days that must elapse before a user can change the password
 
 A value of 0 means the password has no minimum lifetime

 The lower and upper limits are:
     0 <= MinimumPasswordLifetime <= 31

MinPasswordLength

default: 1

change: DIRECT

 Minimum number of password characters.

 The lower and upper limits are:
     1 <= MinPasswordLength <= 256

PasswordBlacklist

change: DIRECT

new in 7.9.10.00

 A list of words that are not allowed as passwords or parts of passwords.
 
 The password blacklist is a blank separated list of words that are not allowed as passwords or parts of passwords
 (the string comparison is done case-insensitive). 
 
 E.g. "SAP TRUE FALSE"   
  
 All blank characters within this parameter string will be interpreted as separator.  
   

PasswordLayout

change: DIRECT

new in 7.9.10.00

 Defines the character types that the password must contain and how many (minimum).

 The following character types are allowed in passwords: 
  
    - Lowercase letter (a-z)
    - Uppercase letter (A-Z)
    - Numerical digits (0-9)
    - Special characters
     
    Any character except blank and double quote that is not an uppercase letter, a lowercase letter, 
    or a numerical digit is considered a special character.
    
  If configuring this parameter, you can use any character allowed in a password (see above).
  The characters can be in any order.
  
  Aa1, that is, at least one uppercase letter, at least one number, and at least one lowercase letter 
  This value example could also be represented by a1A, hQ5, or 9fG.

  To enforce the use of a specific number of a particular character type, specify the character type multiple times. 
  For example, if passwords must contain at least 3 digits, you could specify the layout with a123A or 789fG.
   
  To enforce the use of at least one of each character type including special characters, you specify A1a_ or 2Bg?.
  
  All blank or double quote characters within this parameter string will be silently ignored.
   

UseBackupSecurityDescriptor

default: depends on operating system or instance type

possible values: "YES" "NO"

change: OFFLINE

 Specifies whether Windows operating system security descriptor is to be used for file backups.

 UseBackupSecurityDescriptor = 'YES' or 'NO'

 'YES': Use Windows security descriptor on file backups
 'NO' : Do not use Windows security descriptor on file backups (e.g., backing up to Samba share)

 (char(8))