It's possible that the user was loaded and cached in the system so any db change you made would not take effect till that user was reloaded from the database. If during that time the user changes any of their details they could overwrite any database level modification you made.
Perhaps another approach like using webservices or a plugin with a custom action/url that could trigger the modification might work better for you.
My business process involves interfacing to an accounting system and locking out a user either completely or just from a specific security group.
Trying to use Webservices is beyond me to implement.
If I can do it from the database level is possible, what causes a user's data to be reloaded?
If a user has been loaded that user will stay in the cache until one of the following is true:
The user is deleted
The user is ejected from the cache because the cache is full (LRU policy)
The cache expires the user's entry (6 hours by default)
Jive's applications expect full control of the database - they do not expect any external process to modify database values and thus there are no triggers to update application state if an 'external' database modification is made.