HI Pradeep,
Authorization code can be defined all the statuses. Assign these 'authorization codes' to the people, who can perform lock/ unlock operation.
Those who are not having the authorization codes will not be able to act on lock functionality.
Take the help of your basis/ security consultant, control it using appropriate authorization object.
OR
Create user status profile, which will allow Locking & unlocking. Define a Authorization code for this user status profile. Then assign this authorization code to the user(s) who is supposed to perform this action.
Explain this to your basis/ securities consultant, After configuring the user status profile & defining the authorization code. He should help you with this.
he can control this via the object B_USERSTAT in roles & authorizations.
Thanks
Yogendra Soni