Question & Answer
Question
How do you restrict the number of concurrent sessions for users or groups?
Answer
For security or workload management reasons, you may want to restrict certain users or groups to a limited number of concurrent sessions. Beginning with NPS Release 4.6.5, you can use the login contraints feature to achieve this.
Before you can restrict the number of concurrent sessions, the Login Constraints feature must be enabled. To check if it has been enabled, run the following SQL command:
- show enable_login_constraints;
If the feature is enabled, you may continue with this document. If not, see the document referenced below.
Adding concurrent session constraints to a user
To impose a concurrent session constraint, you may do so when creating the user or group or you can alter an existing user or group. To create a user with a concurrent session constraint, you can run the following command:
- SYSTEM(ADMIN)=> create user user1 with password '123456' concurrent sessions 1;
CREATE USER
Attempts made by this user to exceed the fixed number of concurrent sessions will fail with the error message shown below.
- [nz@cs-spubox6 ~]$ nzsql -u user1 -pw 123456
nzsql: FATAL 1: Access denied: too many concurrent sessions for user 'USER1'
To alter an existing user by adding or modifying a limit of two concurrent sessions, run a command similar to the one shown below:
- SYSTEM(ADMIN)=> alter user user1 with concurrent sessions 2;
ALTER USER
Adding concurrent session constraints to a group
To create a group and define a maximum number of concurrent sessions for any user belonging to that group, you can run the following command:
SYSTEM(ADMIN)=> create group group1 with concurrent sessions 1;
CREATE GROUP
Attempts made by any member of this group (not having a higher concurrent session limit) to exceed the fixed number of concurrent sessions will fail with the error message shown below.
- [nz@cs-spubox6 ~]$ nzsql -u user1 -pw 123456
nzsql: FATAL 1: Access denied: too many concurrent sessions for user 'USER1'
To alter an existing user by adding or modifying a limit of two concurrent sessions, run a command similar to the one shown below:
- SYSTEM(ADMIN)=> alter group group1 with concurrent sessions 2;
ALTER GROUP
Group membership and the Login Constraints feature
If a user without an explicit login constraint is a member of group which has a concurrent session limit defined, that user will be restricted according to that group's setting. If a user is a member of multiple groups which have different concurrent session limitations, the user will be restricted to the lowest number of sessions as defined within each of the groups.
If a user has a specific concurrent session constraint associated with it, that number will be used instead of any of the limits that exist within each of the groups that user is a member of.
For example, alpha_user, beta_user, and chi_user are members of group1 which has a concurrent session limit of two. beta_user is also a member of group2 which has a concurrent session limit of one. beta_user is limited to one concurrent session while alpha_user is limited to two.
chi_user was created with a concurrent session constraint of three so even though group1 is limited to two sessions, chi_user can have three concurrent sessions.
| Users | Member of | Concurrent Session |
| alpha_user, beta_user, chi_user | group1 | 2 |
| beta_user | group2 | 1 |
| chi_user | 3 |
| User | Maximum Number of Concurrent Sessions |
| alpha_user | 2 |
| beta_user | 1 |
| chi_user | 3 |
Related Information
[{"Product":{"code":"SSULQD","label":"IBM PureData System"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":null,"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.0.0","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Historical Number
NZ982944
Was this topic helpful?
Document Information
Modified date:
17 October 2019
UID
swg21571215