Chapter 8. Security Policies

Table of Contents

Security Policy Modifications

The following default policies in Oracle NoSQL Database may be used to tailor system behavior to meet your security requirements:

Security Policy Modifications

You can use the plan change-parameters command in order to change a security policy in the system:

plan change-parameters -security <id>...

Security parameters are applied implicitly and uniformly across all SNs, RNs and Admins.

The following security parameters can be set:

  • sessionTimeout=<Long TimeUnit>

    Specifies the length of time for which a login session is valid, unless extended. The default value is 24 hours.

  • sessionExtendAllowed=<Boolean>

    Indicates whether session extensions should be granted. Default value is true.

  • accountErrorLockoutThresholdInterval=<Long TimeUnit>

    Specifies the time period over which login error counts are tracked for account lockout monitoring. The default value is 10 minutes.

  • accountErrorLockoutThresholdCount=<Integer>

    Number of invalid login attempts for a user account from a particular host address over the tracking period needed to trigger an automatic account lockout for a host. The default value is 10 attempts.

  • accountErrorLockoutTimeout=<Long TimeUnit>

    Time duration for which an account will be locked out once a lockout has been triggered. The default value is 30 minutes.

  • loginCacheTimeout=<Long TimeUnit>

    Time duration for which KVStore components cache login information locally to avoid the need to query other servers for login validation on every request. The default value is 5 minutes.