search cancel

Differences between locked and inactive users


Article ID: 228882


Updated On:


CA Automic One Automation


The documentation for some time has been fairly vague on the difference between a locked and inactive USER within AWA.  A couple of questions come to mind:

  1. What is the technical difference, if any, between a locked account and an inactive account?
  2. The documentation states: "A new User is active by default. Activate User is locked to deactivate it." What does this mean?


Release : 12.3

Component : Documentation


What is the difference between locked and inactive? 

There is no functional difference between locked and inactive as far as whether a user can login.  To be able to log on to the system, the user must be active and not locked. If either of these flags is set, access is denied. The 'User is locked' option was introduced with the support of LDAP authorizations around 2006.  A USER object can become locked or inactive the following ways:

  • An admin can set a user to inactive
  • An admin can set a user to locked
  • A user can lock their own account by inputting an incorrect password too many times
  • A user can be locked by an external system (e.g. LDAP). 

There are options in the AWI to show users who are locked, and there are options to show users who are inactive so that Administrators have a way to distinguish between manually altered users by the administrator (inactive) vs. automatically disabled users (locked). This is especially useful in context of LDAP connections, where the user in AE is synced with the state of the LDAP server.


Regarding the second question: The documentation states: "A new User is active by default. Activate User is locked to deactivate it." What does this mean?

It is not clear why this was put in the documentation and it has been there for a very long time.  It will be removed in the future.