on 2019 Apr 25 4:33 AM
After creating a new login and giving the SYS_OFFLINE_RESET_PASSWORD_ROLE role it is no problem to change the DBA password offline in 17.0.10.5750 via
"%SQLANY17%\\bin64\\dbeng17.exe" -orp "UID=DBA;NEWPWD=newpassword;AUTHUID=DBAReset;AUTHPWD=sybase" d:\\backdoor.db
But if the database file is AES encrypted that didn't work.
1) If I use the same statement as with an unencrypted database I got "Missing database encryption key for database 'd:\\backdoor.db'." - This is from my point of view correct. 2) Now I want to submit the encryption key via
"%SQLANY17%\\bin64\\dbeng17.exe" -orp "UID=DBA;NEWPWD=newpassword;AUTHUID=DBAReset;AUTHPWD=sybase;DBKEY=xxxxxx" d:\\backdoor.db
or
"%SQLANY17%\\bin64\\dbeng17.exe" -orp "UID=DBA;NEWPWD=newpassword;AUTHUID=DBAReset;AUTHPWD=sybase" d:\\backdoor.db -ek "xxxxxx"
Both variants didn't work, I got the messages "Invalid offline reset passwort parameter" and "No database option is not allowed with -orp server option".
Is it possible to use offline dba password reset with an encrypted database? Or do I need a fully deployed role-based access control model, where the DBA user has granted the CHANGE PASSWORD privilege to the correct power users together with an encrypted database.
Many thanks!
Request clarification before answering.
Encrypted databases are not currently supported with this feature. Engineering case# 819146 opened to address this.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
46 | |
9 | |
8 | |
6 | |
5 | |
5 | |
4 | |
4 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.