You can set advanced security and maintenance settings for individual databases or database sets. You can also set security and maintenance options globally to apply to all databases except where you have explicitly defined a database-specific setting. If you use a combination of global and database-specific settings, the database‑specific settings take precedence over the global settings.
If you are not using global security settings or want to override global settings on specific databases, you can set the following advanced security and maintenance options on a case‑by-case basis:
- Allow multiple password checkouts
- Enable periodic password rotation
- Enable password rotation after checkin
- Minimum password age
- Password complexity profile
- Enable periodic password history cleanup
To set database-specific advanced options:
- In the Admin Portal, click Resources, then click Databases to display the list of databases.
- Select the database to display the database-specific details.
- Click Advanced.
- Select settings for any or all of the advanced database options.
- Click Save.
For more information about how to set the database-specific options, click the information icon in the Admin Portal.
- Select No if only one administrator is allowed check out the password for a selected database account at any given time. If you select No, the administrator must check the password in and have a new password generated before another administrator can access the database with the updated password.
- Select Yes if you want to allow multiple users to have the database account password checked out at the same time for a selected database. If you select Yes, multiple administrators can check out the password for the database without waiting for the account password to be checked in.
- Select Yes if you want to rotate managed passwords automatically at the interval you specify.
- Select No if you want to prevent password rotation for the selected database.
- If you select Yes, you should also specify the Password rotation interval in days. Type the maximum number of days to allow between automated password changes for managed accounts. You can set this policy to comply with your organization's password expiration policies. For example, your organization might require passwords to be changed every 90 days. You can use this policy to automatically update managed passwords at a maximum of every 90 days. If the policy is not defined, passwords are not rotated.
After you check out a managed password for a database, you can specify whether the managed password is rotated after it is checked in.
Select Yes to allow password rotation after password check in. Select No to not allow password rotation after it is checked in. Select *--* to use the default setting from the Security Settings in the Settings tab.
Specify the minimum number of days that a managed password must have been in use before it can be rotated.
Select an existing password generation profile or add a new profile for the selected database. If you don’t select or add a profile, the default password generation profile for the database type is used. For more information about adding and editing password complexity profiles, see Configuring password profiles.
- Select Yes to automatically delete retired passwords from the password history after a given number of days.
- Select No to prevent the from automatically deleting retired passwords from the password history at a set interval.
- If you select yes, you can also specify the maximum number of days of password history to keep. For example, if you have a requirement to keep a record of passwords used for three years, you might set the cleanup interval to 1096 days to maintain the password history for that period of time. If you select the default setting, retired passwords are automatically deleted after 365 days. You cannot set a cleanup interval less than 90 days.