change: DIRECT
A comma separated list of identifiers that specify
authentication methods that are not allowed for this server.
Possible identifiers are:
'SCRAMSHA256V2': Challenge/Response using a SHA256 hash algorithm (with server proof)
'SCRAMSHA256' : Challenge/Response using a SHA256 hash algorithm
'SCRAMMD5' : Challenge/Response using a MD5 hash algorithm
'BASIC' : Passwords are sent using a reversible crypt algorithm
If DenyAuthentication is empty, then all authentication methods are allowed.
default: "NO"
possible values: "YES" "NO"
change: RUNNING
new in 7.9.11.01
Allow the logging of access of a user to a database object, if it is configured for the combination of user, database object and the operation. With this parameter it is possible to switch on and off the auditing at a single point without affect configured audit settings. Possible values are: 'YES' : configured audit settings will be used during execution of SQL statements 'NO' : no auditing will happen at all (8 byte character)
default: "NO"
possible values: "YES" "NO"
change: OFFLINE
new in 7.9.11.01
Defines whether the kernel dump files are encrypted or not. The parameter works in conjunction with the parameter 'EncryptionAlgorithm'. To enable it, the parameter 'EncryptionAlgorithm' must not be 'NONE'.
default: "NONE"
possible values: "NONE" "AES256-CBC"
change: OFFLINE
new in 7.9.11.01
Defines encryption algorithm that is used to encrypt data container like volumes, backups etc. If the value is change, it has no efect on already created container. &if $LC_STATE == DEV Possible values are: 'NONE' : No encryption 'AES256-CBC': Advanced Encryption Standard 256 Bits with Cipher Block Chaining &else Possible values are: 'NONE' : No encryption &endif
default: NO
possible values: "YES" "NO"
change: OFFLINE
new in 7.9.11.01
Defines whether the kernel trace file is encrypted or not. The parameter works in conjunction with the parameter 'EncryptionAlgorithm'. To enable it, the parameter 'EncryptionAlgorithm' must not be 'NONE'.
default: 0
change: DIRECT
new in 7.9.10.00
The number of last used passwords that the user is not allowed to reuse when changing the current password. The value 0 allows the user to reuse the last password.
default: 0
change: DIRECT
new in 7.9.10.00
The number of days after which a user's password expires
A value of 0 means the password expiration is disabled.
The lower and upper limits are:
0 <= MaximumPasswordLifetime <= 3650
A user administrator can exclude users from this password check with the following
SQL statement:
ALTER USER DISABLE PASSWORD LIFETIME
However, this is not recommended for database users that correspond to real people.
Use it for technical users only.
A user administrator can re-enable the password lifetime check for a user with the
following SQL statement:
ALTER USER ENABLE PASSWORD LIFETIME
To exclude the DBM operator use the following DBM command:
user_put PASSWORD_LIFETIME=DISABLE
The password lifetime check can be re-enabled for the DBM operator with following
statement:
user_put PASSWORD_LIFETIME=ENABLE
default: 0
change: DIRECT
new in 7.9.10.00
The minimum number of days that must elapse before a user can change the password
A value of 0 means the password has no minimum lifetime
The lower and upper limits are:
0 <= MinimumPasswordLifetime <= 31
default: 1
change: DIRECT
Minimum number of password characters.
The lower and upper limits are:
1 <= MinPasswordLength <= 256
change: DIRECT
new in 7.9.11.01
A list of words that are not allowed as passwords or parts of passwords. The password exclude list is a blank separated list of words that are not allowed as passwords or parts of passwords (the string comparison is done case-insensitive). E.g. "SAP TRUE FALSE" All blank characters within this parameter string will be interpreted as separator.
change: DIRECT
new in 7.9.10.00
Defines the character types that the password must contain and how many (minimum).
The following character types are allowed in passwords:
- Lowercase letter (a-z)
- Uppercase letter (A-Z)
- Numerical digits (0-9)
- Special characters
Any character except blank and double quote that is not an uppercase letter, a lowercase letter,
or a numerical digit is considered a special character.
If configuring this parameter, you can use any character allowed in a password (see above).
The characters can be in any order.
Aa1, that is, at least one uppercase letter, at least one number, and at least one lowercase letter
This value example could also be represented by a1A, hQ5, or 9fG.
To enforce the use of a specific number of a particular character type, specify the character type multiple times.
For example, if passwords must contain at least 3 digits, you could specify the layout with a123A or 789fG.
To enforce the use of at least one of each character type including special characters, you specify A1a_ or 2Bg?.
All blank or double quote characters within this parameter string will be silently ignored.
default: "SDBSRV.pse"
change: RUNNING
new in 7.9.11.01
The name of the PSE container file for the volume encryption.
A Personal Certificate Environment (PSE) is a container for X.509 certificates. It contains
- A private RSA/DSA key,
- The corresponding X.509 public key certificate,
- The certificate chain (CA certificates including the root certificate),
- Certificate list used as trust anchors for certificate verification (the root certificate of the
own certificate chain is always used as trust anchor).
The path where the file must be located is defined by the kernel parameter 'PSEPath'.
(char(256))
default: <GlobalDataPath>/sec
change: OFFLINE
new in 7.9.11.01
Path where the PSE container for the volume encryption can be found.
The container name is defined by the kernel parameter 'PSEFileName'.
(char(256))
change: OFFLINE
new in 7.9.11.01
The SAP support identifier used to allow the access to encrypted trace and dump files.
- The subject of a corresponding X.509 public key certificate
(char(256))
default: depends on operating system or instance type
possible values: "YES" "NO"
change: OFFLINE
Specifies whether Windows operating system security descriptor is to be used for file backups.
UseBackupSecurityDescriptor = 'YES' or 'NO'
'YES': Use Windows security descriptor on file backups
'NO' : Do not use Windows security descriptor on file backups (e.g., backing up to Samba share)
(char(8))