sp_locklogin

Locks an SAP ASE account so that the user cannot log in, or displays a list of all locked accounts.

Syntax

sp_locklogin login | NULL | wildcard_string , "lock" | "unlock",
	[except_login_name | except_role_name]
	[, number_of_inactive_days]

Or:

sp_locklogin

Parameters

Examples

Usage

There are additional considerations when using sp_locklogin:
  • Without any parameters, sp_locklogin displays all locked logins.

  • The syslogins columns lockdate, locksuid and lockreason are updated at time of locking/unlocking a login.

  • Conditions for using sp_locklogin are:
    • No wild cards are allowed for exceptions.

    • Existing functionality is undisturbed.

    • The exception specified is first matched against logins. If such a login does not exist, then the exception is checked against roles.

    • A value of NULL for a login means “all” logins.

    • You see an error if the login name or exception you specify does not exist.

    • Nothing happens if the specified “effective set” of logins to be locked is empty.

    • If the exception is NULL, the set of logins specified (through the login parameter) is locked.

    • High-availability Failover only – in versions of SAP ASE earlier than 15.0, sp_locklogin checked to see if the login to be locked or unlocked existed on a remote high-availability server by verifying that the the suid (server user ID) of that login existed on the server.

      In SAP ASE version 15.0, sp_locklogin checks both the suid as well as the login name.

    • You see an error if you specify any word other than lock or unlock.

See also create login, alter login in Reference Manual: Commands.

Permissions

The permission checks for sp_locklogin differ based on your granular permissions settings.

SettingDescription
Enabled

With granular permissions enabled, you must be a user with manage any login privilege. To unlock login account which was locked because of maxfailedlogin, you must be a user with change password privilege.

Disabled

With granular permissions disabled, you must be a user with sso_role.

Auditing

Values in event and extrainfo columns from the sysaudits table are:

InformationValues
Event

38

Audit option

exec_procedure

Command or access audited

Execution of a procedure

Information in extrainfo
  • Roles – Current active roles

  • Keywords or options – NULL

  • Previous value – NULL

  • Current value – NULL

  • Other information – All input parameters

  • Proxy information – Original login name, if set proxy in effect