BOB: Business Objects Board
Not endorsed by or affiliated with SAP

Register | Login 

Follow BOB on Twitter! 
Follow BOB on Twitter! (Opens a new window)  

General Notice: No events within the next 45 days.

XIr2 Password reset for admin account
3 members found this topic helpful
Goto page Previous  1, 2
 
Search this topic... | Search CMC... | Search Box
Register or Login to Post    Forum Index -> Security and User Administration -> CMC  Previous TopicPrint TopicNext Topic
Author Message
Orange
Forum Enthusiast
Forum Enthusiast



Joined: 18 Sep 2006

Posts: 1264
Location: Seattle


flag
PostPosted: Tue May 13, 2008 5:20 am 
Post subject: Re: XIr2 Password reset for admin account

rob_bo wrote:
(...)In the end, we noticed that even though the BO "servers" were up and running in the CCM, they were all still DISABLED in the central management console (CMC). We had to enable them here ASWELL and then everything was working. (...)

This is normal and documented behaviour when you remove the current keycode before entering the new one. Nothing to do, as you have noticed, with the administrator account.


diane1969 wrote:
(...)I do find it quite remarkable how relatively easy it is to reset the default Enterprise Administrator account by simply deleting a record off a db table!(...)

Fair point, a number of applications have the same issue. However, it should still be pretty secure as your DB access is probably restricted, isnt it?

diane1969 wrote:
(...)moer so given that once deleted the new Administrator account doesn't even have a new password but is instead blank! It's like someone writing a cheque but not bothering to sign it.(...)

Again: fair point - but that's the way the product works even when installing it. you always end up with an administrator with a blank password. Thankfully they have finally changed this in 3.0

_________________
Berend -
SAP Business Objects Platform consultant and trainer
Back to top
Diane1969
Principal Member
Principal Member



Joined: 18 Jan 2007

Posts: 213
Location: Birmingham


flag
PostPosted: Tue May 13, 2008 6:21 am 
Post subject: Re: XIr2 Password reset for admin account

Orange wrote:



diane1969 wrote:
(...)I do find it quite remarkable how relatively easy it is to reset the default Enterprise Administrator account by simply deleting a record off a db table!(...)

Fair point, a number of applications have the same issue. However, it should still be pretty secure as your DB access is probably restricted, isnt it?


Yes our SQL Server db is secure with restricted access to nominated users; and of course there's the Event Logs that will trace user activity on the DB. But it would still have been nice to have an additonal tier of security at this end.

Orange wrote:

diane1969 wrote:
(...)moer so given that once deleted the new Administrator account doesn't even have a new password but is instead blank! It's like someone writing a cheque but not bothering to sign it.(...)

Again: fair point - but that's the way the product works even when installing it. you always end up with an administrator with a blank password. Thankfully they have finally changed this in 3.0


I'm glad they've updated this in 3.0 (Haven't installed yet but have heard very good things)

Cheers
Back to top
rob_bo
Principal Member
Principal Member



Joined: 04 Aug 2005

Posts: 191


flag
PostPosted: Mon May 19, 2008 6:29 am 
Post subject: Re: XIr2 Password reset for admin account

Orange wrote:
rob_bo wrote:
(...)In the end, we noticed that even though the BO "servers" were up and running in the CCM, they were all still DISABLED in the central management console (CMC). We had to enable them here ASWELL and then everything was working. (...)

This is normal and documented behaviour...


Maybe...but BO support analysts couldnt figure it out for us either! (Does anyone else get frustrated by expensive "support" that rarely actually resolves the problems you have?) icon_rolleyes.gif


Orange wrote:
diane1969 wrote:
(...)moer so given that once deleted the new Administrator account doesn't even have a new password but is instead blank! It's like someone writing a cheque but not bothering to sign it.(...)

Again: fair point - but that's the way the product works even when installing it. you always end up with an administrator with a blank password. Thankfully they have finally changed this in 3.0


So how does it now work in 3 if you make the same mistake? (Or do you mean just with installation?)

_________________
Thanks
Rob
--------------------------------------------------
Back to top
Sebastien Goiffon
Forum Fanatic
Forum Fanatic



Joined: 29 Sep 2004
ASUG Icon
Posts: 6477
Location: Boston, MA


flag
PostPosted: Mon May 19, 2008 6:33 am 
Post subject: Re: XIr2 Password reset for admin account

Whan you pay the maintenance it includes the support but also the upgrades ...

I don't know how it works in 3.0 but probably in the same way icon_wink.gif Nothing change on the security model concerning user management.

BR
Sebastien

_________________
BI4.3 inside scoop
BI4.3: Back to the future
BO or BOBJ� that is the question

360Suite: Helping BI managers to achieve Excellence
Back to top
Orange
Forum Enthusiast
Forum Enthusiast



Joined: 18 Sep 2006

Posts: 1264
Location: Seattle


flag
PostPosted: Mon May 19, 2008 6:53 am 
Post subject: Re: XIr2 Password reset for admin account

Orange wrote:
quote:028483ac40="Orange"]
diane1969 wrote:
(...)moer so given that once deleted the new Administrator account doesn't even have a new password but is instead blank! It's like someone writing a cheque but not bothering to sign it.(...)

Again: fair point - but that's the way the product works even when installing it. you always end up with an administrator with a blank password. Thankfully they have finally changed this in 3.0


So how does it now work in 3 if you make the same mistake? (Or do you mean just with installation?)


Exactly, if during installation you dont' provide a password (and it will warn you for it) it ends up as an account without a password. It cant be much fairer than that. Unless you assign a random password to the administrator which shows up during the installation or something?

_________________
Berend -
SAP Business Objects Platform consultant and trainer

Back to top
sohmc
Principal Member
Principal Member



Joined: 25 Jun 2008

Posts: 100


flag
PostPosted: Wed May 09, 2012 1:42 pm 
Post subject: Re: XIr2 Password reset for admin account

Sorry to bump an old thread, but wanted let people know that this does work for XI 3.1. The Administrator ID number is 12. It looks like BO automatically recreates the record when it starts. I haven't done too much experimentation, but I would assume that this is one of the first things BO service checks for so that all of the folders don't delete themselves.

Doing this, however, does remove all privileges (including removing Administrator from the Administrators group). It may be worth having a second user who is administrator so you can properly set the password again.

_________________
--
Mike Soh
Back to top
Display posts from previous:   
Register or Login to Post    Forum Index -> Security and User Administration -> CMC  Previous TopicPrint TopicNext Topic
Page 2 of 2 All times are GMT - 5 Hours
Goto page Previous  1, 2
 
Jump to:  

Index | About | FAQ | RAG | Privacy | Search |  Register |  Login 

Get community updates via Twitter:

Not endorsed by or affiliated with SAP
Powered by phpBB © phpBB Group
Generated in 0.0299 seconds using 17 queries. (SQL 0.0028 Parse 0.0009 Other 0.0262)
CCBot/2.0 (https://commoncrawl.org/faq/)
Hosted by ForumTopics.com | Terms of Service
phpBB Customizations by the phpBBDoctor.com
Shameless plug for MomentsOfLight.com Moments of Light Logo