Locks an Adaptive Server account so that the user cannot log in, or displays a list of all locked accounts.
sp_locklogin login | NULL | wildcard_string , "lock" | "unlock", [except_login_name | except_role_name] [, number_of_inactive_days]
Or:
sp_locklogin
without any parameters, displays all locked logins.
is the name of the account to be locked or unlocked.
locks all logins except the sa_role.
is any string with wildcards that identifies a set of logins.
specifies whether to lock or unlock the account.
is the name of login that is exempted from being locked.
is the name of role that is exempted from being locked. For example, all logins in a role that are to be exempted.
is the number of days, from 1 to 32,767, that an account has been inactive.
Locks the login account for the user “charles”:
sp_locklogin charles, "lock"
Locks all logins except those with the sa_role:
sp_locklogin "all", "lock", sa_role
Displays a list of all locked accounts:
sp_locklogin
Locks all login accounts that have not authenticated within the past 60 days:
sp_locklogin 'all', 'lock', NULL, 60
This command has no effect if the sp_passwordpolicy option “enable last login updates” is set to “0”.
Without any parameters, sp_locklogin displays all locked logins.
The syslogins columns lockdate, locksuid and lockreason are updated at time of locking/unlocking a login.
Conditions for using sp_locklogin are:
No wild cards are allowed for exceptions.
Existing functionality is undisturbed.
The exception specified is first matched against logins. If such a login does not exist, then the exception is checked against roles.
A value of NULL for a login means “all” logins.
You see an error if the login name or exception you specify does not exist.
Nothing happens if the specified “effective set” of logins to be locked is empty.
If the exception is NULL, the set of logins specified (through the login parameter) is locked.
Sybase high-availability Failover only – in versions of Adaptive Server earlier than 15.0, sp_locklogin checked to see if the login to be locked or unlocked existed on a remote high-availability server by verifying that the the suid (server user ID) of that login existed on the server.
In Adaptive Server version 15.0, sp_locklogin checks both the suid as well as the login name.
You see an error if you specify any word other than lock or unlock.
Only a System Security Officer can execute sp_locklogin.
Values in event and extrainfo columns from the sysaudits table are:
Event |
Audit option |
Command or access audited |
Information in extrainfo |
---|---|---|---|
38 |
exec_procedure |
Execution of a procedure |
|
System procedures sp_addlogin, sp_droplogin, sp_modifylogin, sp_password