Encrypted database file and offline DBA password reset

After creating a new login and giving the SYS_OFFLINE_RESET_PASSWORD_ROLE role it is no problem to change the DBA password offline in 17.0.10.5750 via

"%SQLANY17%\bin64\dbeng17.exe" -orp "UID=DBA;NEWPWD=newpassword;AUTHUID=DBAReset;AUTHPWD=sybase" d:\backdoor.db

But if the database file is AES encrypted that didn't work.

1) If I use the same statement as with an unencrypted database I got "Missing database encryption key for database 'd:\backdoor.db'." - This is from my point of view correct. 2) Now I want to submit the encryption key via

"%SQLANY17%\bin64\dbeng17.exe" -orp "UID=DBA;NEWPWD=newpassword;AUTHUID=DBAReset;AUTHPWD=sybase;DBKEY=xxxxxx" d:\backdoor.db

"%SQLANY17%\bin64\dbeng17.exe" -orp "UID=DBA;NEWPWD=newpassword;AUTHUID=DBAReset;AUTHPWD=sybase" d:\backdoor.db -ek "xxxxxx"

Both variants didn't work, I got the messages "Invalid offline reset passwort parameter" and "No database option is not allowed with -orp server option".

Is it possible to use offline dba password reset with an encrypted database? Or do I need a fully deployed role-based access control model, where the DBA user has granted the CHANGE PASSWORD privilege to the correct power users together with an encrypted database.

Many thanks!

encryption server-options

asked 25 Apr '19, 03:33

Robert Krats...
116●6●7●15
accept rate: 0%

Have you tried to use -ep to supply the DBKEY via prompt?

(25 Apr '19, 04:08) Volker Barth

I did, but it didn't work. You'll get the message "The specified server option is not allowed with -orp server option". Using

GRANT CHANGE PASSWORD TO DBAReset;

will work. But this requires an online connection.

(25 Apr '19, 04:33) Robert Krats...

Replies hidden

So it seems the new feature "Offline reset password" is not fully implemented...

FWIW, I wasn't aware of those changes in 17.0.10.5745, I had expected to read about them in the according Readme file - but apparently one has to study the "What's New" section in the SAP Help Portal...

(25 Apr '19, 04:49) Volker Barth

I stumble about the "What's New" section...

You are right in the readme file is no entry.

(25 Apr '19, 05:06) Robert Krats...

flat view

One Answer:

active answers oldest answers newest answers popular answers

Encrypted databases are not currently supported with this feature. Engineering case# 819146 opened to address this.

permanent link

answered 25 Apr '19, 09:50

Chris Keating
7.8k●49●128
accept rate: 32%

converted 25 Apr '19, 10:20

Volker Barth
40.2k●361●550●822

Thanks Chris

(25 Apr '19, 10:07) Robert Krats...

This issue has been fixed and will be in an upcoming software update that is 17.0 Build 5788 or newer.

(02 May '19, 14:03) Chris Keating

Replies hidden

V17.0.10.5820 has been publised yesterday:)

(19 Jun '19, 05:09) Volker Barth

flat view

Your answer

toggle preview

community wiki:

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "title")
image?![alt text](/path/img.jpg "title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Question tags:

encryption ×46
server-options ×14

question asked: 25 Apr '19, 03:33

question was seen: 3,199 times

last updated: 19 Jun '19, 05:09

SAP SQL Anywhere

Encrypted database file and offline DBA password reset

Follow this question

Related questions