sp_locklogin

Description

Locks an Adaptive Server account so that the user cannot log in, or displays a list of all locked accounts.

Syntax

sp_locklogin login | NULL | wildcard_string , "lock" | "unlock",
	[except_login_name | except_role_name]
	[, number_of_inactive_days]

Or:

sp_locklogin

Parameters

sp_locklogin

without any parameters, displays all locked logins.

loginame

is the name of the account to be locked or unlocked.

all

locks all logins except the sa_role.

wildcard_string

is any string with wildcards that identifies a set of logins.

lock | unlock

specifies whether to lock or unlock the account.

except_login_name

is the name of login that is exempted from being locked.

except_role_name

is the name of role that is exempted from being locked. For example, all logins in a role that are to be exempted.

number_of_inactive_days

is the number of days, from 1 to 32,767, that an account has been inactive.

Examples

Example 1

Locks the login account for the user “charles”:

sp_locklogin charles, "lock"

Example 2

Locks all logins except those with the sa_role:

sp_locklogin "all", "lock", sa_role

Example 3

Displays a list of all locked accounts:

sp_locklogin

Example 4

Locks all login accounts that have not authenticated within the past 60 days:

sp_locklogin 'all', 'lock', NULL, 60

NoteThis command has no effect if the sp_passwordpolicy option “enable last login updates” is set to “0”.

Usage

Without any parameters, sp_locklogin displays all locked logins.

The syslogins columns lockdate, locksuid and lockreason are updated at time of locking/unlocking a login.

Conditions for using sp_locklogin are:

Permissions

Only a System Security Officer can execute sp_locklogin.

Auditing

Values in event and extrainfo columns from the sysaudits table are:

Event

Audit option

Command or access audited

Information in extrainfo

38

exec_procedure

Execution of a procedure

  • Roles – Current active roles

  • Keywords or options – NULL

  • Previous value – NULL

  • Current value – NULL

  • Other information – All input parameters

  • Proxy information – Original login name, if set proxy in effect

See also

System procedures sp_addlogin, sp_droplogin, sp_modifylogin, sp_password