Teradata don't have a command to lock a specific user account for wrong password attempts. By default, the DBC.SysSecDefaults table contains the set of global controls that restrict the usage and content of passwords for all users. However, we can lock a user in two other ways.
1. Using revoke logon command. This command will prevent the specific user from logging in.
> revoke logon on all from username;
To unlock the user, and allow the user to log in again.
> grant logon on all to username;
2. Using CREATE or MODIFY PROFILE to Set Password Controls for Users.
You can use a CREATE or MODIFY PROFILE statement to override global password control parameters defined in SysSecDefaults, and apply a password control only to those users assigned to the profile, for
example:
CREATE PROFILE profile_name
[ AS parameter_setting [ ... ,parameter_setting ] ] ;
MODIFY PROFILE profile_name AS
parameter_setting [ ... ,parameter_setting ];
The following is the existing PASSWORD parameter_setting:
PASSWORD [ATTRIBUTES] =
{ (attribute = <val> | NULL, [ ... ,attribute = <val> | NULL]) |
NULL }
where attribute is one of the following in any order:
EXPIRE = n
MINCHAR = n
MAXCHAR = n
DIGITS = c
SPECCHAR = c
RESTRICTWORDS = c
MAXLOGONATTEMPTS = n
LOCKEDUSEREXPIRE = n
REUSE = n