All Products
Search
Document Center

ApsaraDB RDS:Configure a password policy for an account

Last Updated:Oct 08, 2024

An account password policy is configured on your server running the Windows operating system to manage account passwords. ApsaraDB RDS for SQL Server allows you to configure a password policy for an account of your ApsaraDB RDS for SQL Server instance to manage the password age in a fine-grained manner. This helps improve the account security.

Prerequisites

The RDS instance meets the following requirements:

  • The RDS instance uses a general-purpose or dedicated instance type. Shared instance types are not supported. For more information, see Instance families.

  • The RDS instance uses the subscription or pay-as-you-go billing method. Serverless RDS instances are not supported. For more information, see Serverless ApsaraDB RDS for SQL Server instances.

  • The RDS instance does not run SQL Server 2008 R2.

Usage notes

When you create an account and apply the password policy that you configured for the account, the password cannot contain the username of the account. For example, if the username is Test240903, you cannot set the password to Test240903abc.

Step 1: Configure a password policy

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

  2. In the left-side navigation pane of the page that appears, click Accounts.

  3. On the page that appears, click Account Password Policy. In the dialog box that appears, configure the parameters, select a policy, and then click OK.

    You can configure one or both of the Maximum password age usage time and Minimum password usage time parameters.

    Parameter

    Description

    Valid value (Unit: days)

    Maximum password usage time

    The period of time that a password can be used before the password must be changed.

    0 to 999

    Minimum password usage time

    The period of time that a password must be used before the password can be changed.

    Note

    The value of this parameter cannot be greater than the value of the Maximum password usage time parameter.

    0 to 998

    Example

    If you want to reset a password every 90 days and use a password for at least 30 days after password change, you can set the Maximum password usage time parameter to 90 and the Minimum password usage time parameter to 30.

    image

Step 2: Apply a password policy

During the account creation

You can apply a password policy to a standard, privileged, or system admin account when you create the account. For more information, see Create a privileged account or a standard account and Create a system admin account.

image

After the account creation

After an account is created, you can choose Accounts > User Account to apply the password policy to the required account.

image

References

  • You can call an API operation to configure a password policy for an account of an ApsaraDB RDS for SQL Server instance. For more information, see ModifyAccountSecurityPolicy.

  • You can call an API operation to modify the password policy for an account of an ApsaraDB RDS for SQL Server instance. For more information, see ModifyAccountCheckPolicy.

  • You can call an API operation to create an account for an ApsaraDB RDS for SQL Server instance and apply a password policy to the account. For more information, see CreateAccount.