After creating a new login and giving the SYS_OFFLINE_RESET_PASSWORD_ROLE role it is no problem to change the DBA password offline in 17.0.10.5750 via "%SQLANY17%\bin64\dbeng17.exe" -orp "UID=DBA;NEWPWD=newpassword;AUTHUID=DBAReset;AUTHPWD=sybase" d:\backdoor.db But if the database file is AES encrypted that didn't work. 1) If I use the same statement as with an unencrypted database I got "Missing database encryption key for database 'd:\backdoor.db'." - This is from my point of view correct. 2) Now I want to submit the encryption key via "%SQLANY17%\bin64\dbeng17.exe" -orp "UID=DBA;NEWPWD=newpassword;AUTHUID=DBAReset;AUTHPWD=sybase;DBKEY=xxxxxx" d:\backdoor.db or "%SQLANY17%\bin64\dbeng17.exe" -orp "UID=DBA;NEWPWD=newpassword;AUTHUID=DBAReset;AUTHPWD=sybase" d:\backdoor.db -ek "xxxxxx" Both variants didn't work, I got the messages "Invalid offline reset passwort parameter" and "No database option is not allowed with -orp server option". Is it possible to use offline dba password reset with an encrypted database? Or do I need a fully deployed role-based access control model, where the DBA user has granted the CHANGE PASSWORD privilege to the correct power users together with an encrypted database. Many thanks! |
Encrypted databases are not currently supported with this feature. Engineering case# 819146 opened to address this. Thanks Chris
(25 Apr '19, 10:07)
Robert Krats...
This issue has been fixed and will be in an upcoming software update that is 17.0 Build 5788 or newer.
(02 May '19, 14:03)
Chris Keating
Replies hidden
V17.0.10.5820 has been publised yesterday:)
(19 Jun '19, 05:09)
Volker Barth
|
Have you tried to use -ep to supply the DBKEY via prompt?
I did, but it didn't work. You'll get the message "The specified server option is not allowed with -orp server option". Using
GRANT CHANGE PASSWORD TO DBAReset;
will work. But this requires an online connection.
So it seems the new feature "Offline reset password" is not fully implemented...
FWIW, I wasn't aware of those changes in 17.0.10.5745, I had expected to read about them in the according Readme file - but apparently one has to study the "What's New" section in the SAP Help Portal...
I stumble about the "What's New" section...
You are right in the readme file is no entry.