To prevent a user from logging in to Adaptive Server, you can either lock or drop an Adaptive Server login account. Locking a login is safer than dropping it because locking a login account maintains the suid so that it cannot be reused.
WARNING! Adaptive Server may reuse the server user ID (suid) of a dropped login account when the next login account is created. This occurs only when the dropped login holds the highest suid in syslogins; however, it can compromise accountability if execution of sp_droplogin is not being audited. Also, it is possible for a user with the reused suid to access database objects that were authorized for the old suid.
You cannot drop a login when:
The user is in any database.
The login is the last remaining user who holds the system security officer or system administrator roles.
Task |
Required role |
System procedure |
Database |
|---|---|---|---|
Lock login account, which maintains the suid so that it cannot be reused |
System administrator or system security officer |
sp_locklogin |
Any. Must be in the master database if the system procedure is being logged for replication |
Drop login account, which allows reuse of suid |
System security officer |
sp_droplogin |
Any. Must be in the master database if the system procedure is being logged for replication |
