I'd like to see a configurable limit to the number of concurrent logins for a given user.
While a read-only generic account might have a generous (or unlimited) number of logins, privileged accounts should always be RBAC and should have limited concurrent sessions.
How successive logins are handled would be important. Rather than simply being blocked, they should provide the option of disconnecting or clearing the original session, perhaps modelled on how Checkpoint works, perhaps even with an option of falling back to read-only generic account.
Why is this a good idea?
Security
- discourages sharing of privileged local accounts.
- helps to limit overall concurrent users so as to avoid performance issues
- others perhaps........
Limit should be able to be set per
