In IQ 12.x and below, we had the sp_iqlocklogins stored procedure that we could use to quickly lock and unlock user accounts. Starting in v15 of IQ, that stored procedure was replaced with a login policy.
First we need to create the locked_users policy (taken from sybooks:
CREATE LOGIN POLICY locked_users locked=ON;
Now we can simply assign the login(s) to the locked_users policy:
alter user darthvader login policy locked_users;
If at some point Darth has been a good boy or he has us in a force choke hold, we can unlock his login:
alter user darthvader login policy root;
The default login policy is root.
What if you have hundreds of users to lock and unlock?
We need to make sure we can undo locking the logins:
select 'alter user ' + sul.name + ' login policy ' + lp.login_policy_name + ';' from sys.sysuserlist sul, sys.sysuser su, sys.sysloginpolicy lp where sul.user_group = 'N' and sul.dbaauth = 'N' and sul.name not in ('EXTENV_MAIN', 'EXTENV_WORKER') and su.user_name = sul.name and su.login_policy_id = lp.login_policy_id;
Produces unlock script:
alter user darthvader login policy root; alter user bilbo login policy root;
Lock all non DBA role logins:
select 'alter user ' + name + ' login policy locked_users;' from sysuserlist where user_group = 'N' and dbaauth = 'N' and name not in ('EXTENV_MAIN', 'EXTENV_WORKER');
Produces lock script:
alter user darthvader login policy locked_users; alter user bilbo login policy locked_users;