Administer > System security > Lockout feature

Lockout feature

The lockout feature automatically disables a user account if the user fails to provide the correct password after a specified number of attempts. Your user profile must include the system administration capability word to use this feature.

Enable the user lockout feature

Applies to User roles: System Administrator

The user lockout feature automatically disables a user account if the user fails to provide the correct password after a specified number of attempts.

Note Enabling the user lockout feature is the only way to restrict access from the Windows client. The Attempts Per Login Session settings does not affect Windows clients because the Windows client creates a new session for each login attempt.

To enable the user lockout feature:

  1. Click System Administration > Base System Configuration > Miscellaneous > System Information Record.
  2. Click the Logon Info tab.
  3. In the Use User Lockout section, select Use User Lockout.
  4. In the Attempts Until Lockout field, type the number of login attempts the user has until Service Manager locks out the account.
  5. Select one of the following options:
    • Complete Lockout — select this option to deny the user access to Service Manager until a system administrator resets the lockout.
    • Lock Out Time Period — select this option to deny the user access to Service Manager for a specified period of time.
      Type the time period in the following format: Dayshours:minutes:seconds. For example, 4 03:02:01 locks out the user for 4 days, 3 hours, 2 minutes, and 1 second.
  6. Click Save.

Lock out a user

Applies to User Roles:

System Administrator

To lock out a user:

  1. Click System Administration > Ongoing Maintenance > Operators.
  2. Type or select optional search criteria.
  3. Click Search.
  4. Select the operator to lock out.
  5. Click the Security tab.
  6. Select the Administrative Lockout option
  7. Click Save.

Reset a locked out user

Applies to User Roles:

System Administrator

To reset a locked out user:

  1. Click System Administration > Ongoing Maintenance > Operators.
  2. Type or select optional search criteria.
  3. Click Search.
  4. Select the operator record.
  5. Click the Security tab.
  6. Click More or the More Actions icon, and then select User Lockout Reset.
  7. Click Save.
    Service Manager unlocks the user’s operator record and clears the Failed Login Count, Locked Until, and User has been Locked? fields.

View a user’s lockout history

Applies to User Roles:

System Administrator

To view a user's lockout history

  1. Click System Administration > Ongoing Maintenance > Operators.
  2. Click Search.
  3. Select the operator record to view.
  4. Click the Security tab.

View system level user lockout history

If a system administrator has enabled the Use User Lockout feature in the System Information Record, a user may be locked out for several reasons. For example, the user has attempted to log in with an invalid password more than the number of times defined by the system administrator or the user is locked out by the system administrator.

A specific user's lockout status in displayed in the Security tab of the user's operator record. When a user is locked out, the User has been locked out option is selected and the Lockout Reason field displays the reason (for example, Max Failed Logins).

At the system level, the lockout history of all users is stored in the operatorlockhistory table in the database. To view system level user lockout history, use either of the following ways:

  • Open Database Manager, enter operatorlockhistory in the Table field and then click the Search button.
  • Navigate to Miscellaneous > Dashboard and then open the License Overview dashboard. If the "Operator Lockout History within 7 days" report is not displayed on the dashboard, click Add Content and then click License to add this report to the dashboard. This report uses the operatorlockhistory table as the data source.

 

Related topics

Application profiles
Environment record
User roles
Capability word model
Adding users
Checklist: Adding a new user
Controlling user access and security
Creating operator records
Defining named users
Operator passwords
Operator records
Operator templates
System quiesce: Login restrictions