Password attributes of profile is not working

Database
Teradata Employee

Password attributes of profile is not working

I have a user test1 whose parent is ADM (which has profile assigned with minchar 12) and test1 is created using userid DBADMIN which doesn't have any profile assigned. 

 

ADM user is in DBADMIN user and no other user in above hierarchy has any profile assigned.

 

I am able to modify test1 user as 8 char password but it should not be the case as minchar attribute is taken from parent profile where it is 12 char.

 

But when I am setting temp password for test1 user and trying to login, on popup it is not allowing me to set 8 char password.

 

What is happeing here?


Accepted Solutions
Teradata Employee

Re: Password attributes of profile is not working

Those password-related profile settings don't apply to password modifications TO the users with the profile BY other users.

They are enforced for password modifications BY the users with the profile TO any user they are authorized to modify (by default, the user itself and its children).

 

I don't know how you would reach this understanding from the wording above, though.

1 ACCEPTED SOLUTION
6 REPLIES
Senior Apprentice

Re: Password attributes of profile is not working

Hi,

It seems that you are expecting the parent's profile to be inherited by a child. That does not happen.

 

When you create a user, if you want that user to have a profile you have to explicitly assign the profile to the user. If you look at the definition of user 'test1' you should find that 'profile' is NULL (i.e. they don't have one).

 

On the login question, is there anything set in dbc.syssecdefaults? This contains the system-wide defaults for password controls. With no profile those will control the password for the user.

 

HTH

Dave

Ward Analytics Ltd - information in motion
www: http://www.ward-analytics.com
Teradata Employee

Re: Password attributes of profile is not working

According to my understanding five password attribbbutes from profile work only on child not on user itself. Here is a screenshot from teradata security admin manual:

Capture.JPG

 

Although my test user also have similar profile as ADM user.


DaveWellman wrote:

Hi,

It seems that you are expecting the parent's profile to be inherited by a child. That does not happen.

 

When you create a user, if you want that user to have a profile you have to explicitly assign the profile to the user. If you look at the definition of user 'test1' you should find that 'profile' is NULL (i.e. they don't have one).

 

On the login question, is there anything set in dbc.syssecdefaults? This contains the system-wide defaults for password controls. With no profile those will control the password for the user.

 

HTH

Dave


 

Junior Contributor

Re: Password attributes of profile is not working

I don't know what this is supposed to describe, what's this first level user? Never heard of it.

 

Seems to be bug in the documentation.

Teradata Employee

Re: Password attributes of profile is not working

I am gussing First level user means user himself and rest level are his children.

Teradata Employee

Re: Password attributes of profile is not working

Those password-related profile settings don't apply to password modifications TO the users with the profile BY other users.

They are enforced for password modifications BY the users with the profile TO any user they are authorized to modify (by default, the user itself and its children).

 

I don't know how you would reach this understanding from the wording above, though.

Teradata Employee

Re: Password attributes of profile is not working

Thanks Fred. Now all testing I did start making sense.


Fred wrote:

Those password-related profile settings don't apply to password modifications TO the users with the profile BY other users.

They are enforced for password modifications BY the users with the profile TO any user they are authorized to modify (by default, the user itself and its children).

 

I don't know how you would reach this understanding from the wording above, though.