To prevent a user from logging in to Adaptive Server, you can either lock or drop an Adaptive Server login account. Locking a login is safer than dropping it because locking a login account maintains the suid so that it cannot be reused.
WARNING! Adaptive Server may reuse the server user ID (suid) of a dropped login account when the next login account is created. This occurs only when the dropped login holds the highest suid in syslogins; however, it can compromise accountability if execution of sp_droplogin is not being audited. Also, it is possible for a user with the reused suid to access database objects that were authorized for the old suid.
You cannot drop a login when:
The user is in any database
The login belongs to the last remaining System Security Officer or System Administrator
Task |
Required role |
System procedure |
Database |
|---|---|---|---|
Lock login account, which maintains the suid so that it cannot be reused |
System Administrator or System Security Officer |
sp_locklogin |
master |
Drop login account, which allows reuse of suid |
System Administrator |
sp_droplogin |
master |
