Setting Account Security Locking Policies
For data security purposes, GaussDB(DWS) provides a series of security measures, such as automatically locking and unlocking accounts, manually locking and unlocking abnormal accounts, and deleting accounts that are no longer used.
Automatically Locking and Unlocking Accounts
- If the consecutive times that a user fails to enter the correct password reach the upper limit 10 during database connection, the system automatically locks the account for account security.
- An account that has been locked for one day is automatically unlocked.
Manually Locking and Unlocking Accounts
Once detecting that an account is stolen or the account is used to access the database without being authorized, administrators can manually lock the account.
The administrator can also manually unlock the account if the account becomes normal again.
For example, run the following command to manually lock and unlock the user user_read:
- To manually lock the account, run the following command:
ALTER USER user_read ACCOUNT LOCK;
If the following information is displayed, the user has been locked:
- To manually unlock the account, run the following command:
ALTER USER user_read ACCOUNT UNLOCK;
If the following information is displayed, the user has been unlocked:
Deleting Accounts that Are No Longer Used
An administrator can delete an account that is no longer used. This operation cannot be rolled back.
When an account to be deleted is in active state, it is deleted after the session is disconnected.
For example, run the following command to delete the account user_read:
DROP USER user_read CASCADE;
If the following information is displayed, the account has been deleted: