Locking an Adaptive Server login is a way to disable it without removing it from the master database. It may be easier to lock a login rather than delete it for the following reasons:
You cannot delete the login if a user exists for that login in any database.
You cannot delete a user from a database if the user owns any objects in the database or has granted permissions on objects to other users.
Adaptive Server could compromise accountability by reusing a deleted login server user ID (suid) when the next login is created.
You cannot delete the last remaining system security officer or system administrator login.
Another common reason to lock a login is to implement roles. When you first install Adaptive Server, the default “sa” login has all privileges associated with every role. At many installations, after the “sa” login makes the initial role assignments, a user with the system administrator or system security officer role locks the “sa” login, so that no single Sybase Central user has every available privilege and so that actions can be traced.
You can lock an account that is logged in—the user is not locked out until he or she logs out. You can lock an account that owns a database and objects in databases.
Locking or unlocking a login
Select the login icon, then choose File | Properties.
Select the Parameters tab.
Check or clear the Account is Locked check box.
Click OK.
| Copyright © 2009. Sybase Inc. All rights reserved. |
|
|