If enable granular permissions is enabled, Adaptive Server can be locked out only if all logins with the change password privilege lose their passwords. The dataserver command line includes the following parameters to unlock Adaptive Server.
-p login_name – specifies the login name when starting Adaptive Server so this account’s password may be reset. Adaptive Server generates a random password, displays it, encrypts it, and saves it in master..syslogins as a new password for this account. When granular permissions is disabled, the login_name must have sso_role. When granular permission is enabled, the login_name must have change password privilege.
-u login_name – specifies a login name you want to unlock. When granular permissions is disabled, the login_name must have either sso_role or sa_role. When granular permissions is enabled, the login_name must have change password privilege.
-A system_role, --role-logins – specifies the system role name so that a list of login accounts with this role is printed into log file.
-n system_privilege, --permission-logins – specifies the system privilege name so that a list of login accounts with this system privilege is printed into log file.
To unlock a locked-out server, the account name specified with the -u and -p parameters must be a login name that has the change password privilege. Once that user has logged in to the server with the new password, he or she should first reset their own password to a new password then they can reset passwords for other logins.
To generate a list of login accounts that have sso_role when granular permissions is not enabled, use the -A system_role or --role-logins parameter. For example:
$SYBASE/$SYBASE_ASE/bin/dataserver -d master.dat -s server_name-A sso_role
To generate a list of login accounts that has change password privilege when granular permissions is enabled, use the -n system_privilege or --permission-logins parameters. For example:
$SYBASE/$SYBASE_ASE/bin/dataserver -d master.dat -s server_name-n "change password"
