sp_locklogin

Description

Locks an Adaptive Server account so that the user cannot log in, or displays a list of all locked accounts.

Syntax

sp_locklogin login | NULL | wildcard_string , "lock" | "unlock",
	[except_login_name | except_role_name]
	[, number_of_inactive_days]

Or:

sp_locklogin

Parameters

sp_locklogin

without any parameters, displays all locked logins.

loginame

is the name of the account to be locked or unlocked.

wildcard_string

is any string with wildcards that identifies a set of logins.

NULL

all logins, including the sa_role, are locked.

lock | unlock

specifies whether to lock or unlock the account.

except_login_name

is the name of login that is exempted from being locked.

except_role_name

is the name of role that is exempted from being locked. For example, all logins in a role that are to be exempted.

number_of_inactive_days

is the number of days, from 1 to 32,767, that an account has been inactive.

Examples

Example 1

Locks the login account for the user “charles”:

sp_locklogin charles, "lock"

Example 2

Locks all logins except those with the sa_role:

sp_locklogin NULL, "lock", sa_role

Example 3

Displays a list of all locked accounts:

sp_locklogin

Example 4

Locks all login accounts that have not authenticated within the past 60 days:

sp_locklogin NULL, 'lock', NULL, 60

NoteThis command has no effect if the sp_passwordpolicy option “enable last login updates” is set to “0”.

Usage

Permissions

The permission checks for sp_locklogin differ based on your granular permissions settings.

Granular permissions enabled

With granular permissions enabled, you must be a user with manage any login privilege. To unlock login account which was locked because of maxfailedlogin, you must be a user with change password privilege.

Granular permissions disabled

With granular permissions disabled, you must be a user with sso_role.

Auditing

Values in event and extrainfo columns from the sysaudits table are:

Event

Audit option

Command or access audited

Information in extrainfo

38

exec_procedure

Execution of a procedure

  • Roles – Current active roles

  • Keywords or options – NULL

  • Previous value – NULL

  • Current value – NULL

  • Other information – All input parameters

  • Proxy information – Original login name, if set proxy in effect

See also

Commands create login, alter login