An account password policy is configured on your server running the Windows operating system to manage account passwords. ApsaraDB RDS for SQL Server allows you to configure a password policy for an account of your ApsaraDB RDS for SQL Server instance to manage the password age in a fine-grained manner. This helps improve the account security.
Prerequisites
The RDS instance meets the following requirements:
The RDS instance uses a general-purpose or dedicated instance type. Shared instance types are not supported. For more information, see Instance families.
The RDS instance uses the subscription or pay-as-you-go billing method. Serverless RDS instances are not supported. For more information, see Serverless ApsaraDB RDS for SQL Server instances.
The RDS instance does not run SQL Server 2008 R2.
Usage notes
When you create an account and apply the password policy that you configured for the account, the password cannot contain the username of the account. For example, if the username is Test240903
, you cannot set the password to Test240903abc
.
Step 1: Configure a password policy
Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the left-side navigation pane of the page that appears, click Accounts.
On the page that appears, click Account Password Policy. In the dialog box that appears, configure the parameters, select a policy, and then click OK.
You can configure one or both of the Maximum password age usage time and Minimum password usage time parameters.
Parameter
Description
Valid value (Unit: days)
Maximum password usage time
The period of time that a password can be used before the password must be changed.
0 to 999
Minimum password usage time
The period of time that a password must be used before the password can be changed.
NoteThe value of this parameter cannot be greater than the value of the Maximum password usage time parameter.
0 to 998
Step 2: Apply a password policy
During the account creation
You can apply a password policy to a standard, privileged, or system admin account when you create the account. For more information, see Create a privileged account or a standard account and Create a system admin account.
After the account creation
After an account is created, you can choose
to apply the password policy to the required account.References
You can call an API operation to configure a password policy for an account of an ApsaraDB RDS for SQL Server instance. For more information, see ModifyAccountSecurityPolicy.
You can call an API operation to modify the password policy for an account of an ApsaraDB RDS for SQL Server instance. For more information, see ModifyAccountCheckPolicy.
You can call an API operation to create an account for an ApsaraDB RDS for SQL Server instance and apply a password policy to the account. For more information, see CreateAccount.