The forum will be down for maintenance at some point between Friday, September 25, 2020 at 5pm PDT and Sunday, September 27, 2020 at 11:59 PDT. Downtime is unknown but will be minimized.

After creating a new login and giving the SYS_OFFLINE_RESET_PASSWORD_ROLE role it is no problem to change the DBA password offline in 17.0.10.5750 via

"%SQLANY17%\bin64\dbeng17.exe" -orp "UID=DBA;NEWPWD=newpassword;AUTHUID=DBAReset;AUTHPWD=sybase" d:\backdoor.db

But if the database file is AES encrypted that didn't work.

1) If I use the same statement as with an unencrypted database I got "Missing database encryption key for database 'd:\backdoor.db'." - This is from my point of view correct. 2) Now I want to submit the encryption key via

"%SQLANY17%\bin64\dbeng17.exe" -orp "UID=DBA;NEWPWD=newpassword;AUTHUID=DBAReset;AUTHPWD=sybase;DBKEY=xxxxxx" d:\backdoor.db

or

"%SQLANY17%\bin64\dbeng17.exe" -orp "UID=DBA;NEWPWD=newpassword;AUTHUID=DBAReset;AUTHPWD=sybase" d:\backdoor.db -ek "xxxxxx"

Both variants didn't work, I got the messages "Invalid offline reset passwort parameter" and "No database option is not allowed with -orp server option".

Is it possible to use offline dba password reset with an encrypted database? Or do I need a fully deployed role-based access control model, where the DBA user has granted the CHANGE PASSWORD privilege to the correct power users together with an encrypted database.

Many thanks!

asked 25 Apr '19, 03:33

Robert%20Kratschmann's gravatar image

Robert Krats...
964410
accept rate: 0%

Have you tried to use -ep to supply the DBKEY via prompt?

(25 Apr '19, 04:08) Volker Barth

I did, but it didn't work. You'll get the message "The specified server option is not allowed with -orp server option". Using

GRANT CHANGE PASSWORD TO DBAReset;

will work. But this requires an online connection.

(25 Apr '19, 04:33) Robert Krats...
Replies hidden

So it seems the new feature "Offline reset password" is not fully implemented...

FWIW, I wasn't aware of those changes in 17.0.10.5745, I had expected to read about them in the according Readme file - but apparently one has to study the "What's New" section in the SAP Help Portal...

(25 Apr '19, 04:49) Volker Barth

I stumble about the "What's New" section...

You are right in the readme file is no entry.

(25 Apr '19, 05:06) Robert Krats...

Encrypted databases are not currently supported with this feature. Engineering case# 819146 opened to address this.

permanent link

answered 25 Apr '19, 09:50

Chris%20Keating's gravatar image

Chris Keating
5.1k2886
accept rate: 33%

converted 25 Apr '19, 10:20

Volker%20Barth's gravatar image

Volker Barth
36.7k343505761

Thanks Chris

(25 Apr '19, 10:07) Robert Krats...

This issue has been fixed and will be in an upcoming software update that is 17.0 Build 5788 or newer.

(02 May '19, 14:03) Chris Keating
Replies hidden

V17.0.10.5820 has been publised yesterday:)

(19 Jun '19, 05:09) Volker Barth
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×46
×13

question asked: 25 Apr '19, 03:33

question was seen: 2,140 times

last updated: 19 Jun '19, 05:09