sp_locklogin

Locks an Adaptive Server account so that the user cannot log in, or displays a list of all locked accounts.

sp_locklogin login | NULL | wildcard_string , "lock" | "unlock",
	[except_login_name | except_role_name]
	[, number_of_inactive_days]

Or:

sp_locklogin

wildcard_string: is any string with wildcards that identifies a set of logins.

except_login_name: is the name of login that is exempted from being locked.

except_role_name: is the name of role that is exempted from being locked. For example, all logins in a role that are to be exempted.

number_of_inactive_days: is the number of days, from 1 to 32,767, that an account has been inactive.

Locks the login account for the user “charles”:

sp_locklogin charles, "lock"

Locks all logins except those with the sa_role:

sp_locklogin NULL, "lock", sa_role

Displays a list of all locked accounts:

sp_locklogin

Locks all login accounts that have not authenticated within the past 60 days:

sp_locklogin NULL, 'lock', NULL, 60

This command has no effect if the sp_passwordpolicy option “enable last login updates” is set to “0”.

Without any parameters, sp_locklogin displays all locked logins.
The syslogins columns lockdate, locksuid and lockreason are updated at time of locking/unlocking a login.
Conditions for using sp_locklogin are:
- No wild cards are allowed for exceptions.
- Existing functionality is undisturbed.
- The exception specified is first matched against logins. If such a login does not exist, then the exception is checked against roles.
- A value of NULL for a login means “all” logins.
- You see an error if the login name or exception you specify does not exist.
- Nothing happens if the specified “effective set” of logins to be locked is empty.
- If the exception is NULL, the set of logins specified (through the login parameter) is locked.
- Sybase high-availability Failover only – in versions of Adaptive Server earlier than 15.0, sp_locklogin checked to see if the login to be locked or unlocked existed on a remote high-availability server by verifying that the the suid (server user ID) of that login existed on the server.
  
  In Adaptive Server version 15.0, sp_locklogin checks both the suid as well as the login name.
- You see an error if you specify any word other than lock or unlock.

Only a system security officer can execute sp_locklogin.

Values in event and extrainfo columns from the sysaudits table are:

Event	Audit option	Command or access audited	Information in extrainfo
38	exec_procedure	Execution of a procedure	Roles – Current active roles Keywords or options – NULL Previous value – NULL Current value – NULL Other information – All input parameters Proxy information – Original login name, if set proxy in effect