A login or role can be locked when:
Its password expires, or
The maximum number of failed login attempts occur, or
The System Security Officer locks the login or role manually.
Locking and unlocking logins
The System Security Officer can use sp_locklogin to lock or unlock a login manually. (This is not new functionality, but is mentioned here for comparison to the new methods available for locking and unlocking roles.)
For example:
sp_locklogin "joe" , "lock"
sp_locklogin "joe" , "unlock"
Information about the lock status of a login is stored in the status column of syslogins.
For details on the syntax and rules for using sp_locklogin, see sp_locklogin.
Locking and unlocking roles
The System Security Officer can use alter role to lock or unlock a role manually.
For example:
alter role physician_role lock
alter role physician_role unlock
Information about the lock status of a role is stored in the status column of syssrvroles.
For details on the syntax and rules for using lock and unlock, see alter role.
Unlocking logins and roles at server start-up
Automatic login lockouts can cause a site to end up in a situation in which all accounts capable of unlocking logins (System Administrators and System Security Officers) are locked. In these situations, use the -u flag with the dataserver utility to unlock a specific login or role when you start Adaptive Server.
For details on the syntax and rules for using the -u flag, see the Utility Guide.
