When a user account is permanently locked in GBase 8a due to excessive failed login attempts, a DBA can unlock it with the ALTER USER ... ACCOUNT UNLOCK command. This operation requires the CREATE USER privilege.
1. The Unlock Command
Syntax:
ALTER USER <username> ACCOUNT UNLOCK;
Example: User u1 is permanently locked after 6 consecutive wrong passwords. The administrator logs in as gbase and runs:
ALTER USER u1 ACCOUNT UNLOCK;
u1 can then reconnect with the correct password.
2. Required Privileges
Running ALTER USER ... ACCOUNT UNLOCK requires the CREATE USER privilege (or ALL PRIVILEGES).
- The root and gbase users have this privilege by default and can unlock any account.
- A regular DBA must be explicitly granted
CREATE USER:
GRANT CREATE USER ON *.* TO 'dba_user'@'%';
Even with this privilege, the DBA's own account remains subject to the lockout policy.
3. Manual Unlock vs Automatic Unlock
| Feature | Manual Unlock | Automatic Unlock |
|---|---|---|
| Trigger | DBA runs ALTER USER ... UNLOCK
|
Controlled by login_attempt_times and login_locked_time parameters |
| Applies to | Permanent lockout caused by login_attempt_max
|
Temporary lockout caused by login_attempt_times
|
| Privileges needed | CREATE USER |
None, handled by the system |
When login_attempt_max permanently locks a user, manual intervention is the only recovery path. Keeping this command in your toolkit ensures you can quickly restore access in a gbase database environment.
Top comments (0)