You can configure a role to lock automatically after a certain number of failed role-activation attempts using the max failed_logins option, or manually using alter role rolename lock. Adaptive Server stores information about locked roles in the syssrvroles system table:
lockdate – indicates when the role was locked. lockdate is set to the datetime when the role was locked.
locksuid – indicates who locked the role.
lockreason – indicates why the role was locked. lockreason is coded into an integer that can be represented with an internationalized message. Each reason has a message in the MSGDB database added to identify the reason in the local language.
Adaptive Server resets these to NULL when a role is unlocked.
The values and descriptions are:
Values for lockreason |
Value for locksuid |
Description of lockreason of role |
---|---|---|
NULL |
NULL |
Role has not been locked |
1 |
suid of caller of alter role |
Role locked by suid by manually executing alter role rolename lock |
2 |
suid of user whose last attempted role activation led to the role getting locked |
Role locked by Adaptive Server due to failed-role activation attempts reaching maximum number of failed logins |
If you are using high availability functionality, both
the primary and companion servers are updated when you update the syssrvroles columns.