After creating a new login and giving the SYS_OFFLINE_RESET_PASSWORD_ROLE role it is no problem to change the DBA password offline in 17.0.10.5750 via

"%SQLANY17%\bin64\dbeng17.exe" -orp "UID=DBA;NEWPWD=newpassword;AUTHUID=DBAReset;AUTHPWD=sybase" d:\backdoor.db

But if the database file is AES encrypted that didn't work.

1) If I use the same statement as with an unencrypted database I got "Missing database encryption key for database 'd:\backdoor.db'." - This is from my point of view correct. 2) Now I want to submit the encryption key via

"%SQLANY17%\bin64\dbeng17.exe" -orp "UID=DBA;NEWPWD=newpassword;AUTHUID=DBAReset;AUTHPWD=sybase;DBKEY=xxxxxx" d:\backdoor.db

or

"%SQLANY17%\bin64\dbeng17.exe" -orp "UID=DBA;NEWPWD=newpassword;AUTHUID=DBAReset;AUTHPWD=sybase" d:\backdoor.db -ek "xxxxxx"

Both variants didn't work, I got the messages "Invalid offline reset passwort parameter" and "No database option is not allowed with -orp server option".

Is it possible to use offline dba password reset with an encrypted database? Or do I need a fully deployed role-based access control model, where the DBA user has granted the CHANGE PASSWORD privilege to the correct power users together with an encrypted database.

Many thanks!

asked 25 Apr, 03:33

Robert%20Kratschmann's gravatar image

Robert Krats...
71115
accept rate: 0%

Have you tried to use -ep to supply the DBKEY via prompt?

(25 Apr, 04:08) Volker Barth

I did, but it didn't work. You'll get the message "The specified server option is not allowed with -orp server option". Using

GRANT CHANGE PASSWORD TO DBAReset;

will work. But this requires an online connection.

(25 Apr, 04:33) Robert Krats...
Replies hidden

So it seems the new feature "Offline reset password" is not fully implemented...

FWIW, I wasn't aware of those changes in 17.0.10.5745, I had expected to read about them in the according Readme file - but apparently one has to study the "What's New" section in the SAP Help Portal...

(25 Apr, 04:49) Volker Barth

I stumble about the "What's New" section...

You are right in the readme file is no entry.

(25 Apr, 05:06) Robert Krats...

Encrypted databases are not currently supported with this feature. Engineering case# 819146 opened to address this.

permanent link

answered 25 Apr, 09:50

Chris%20Keating's gravatar image

Chris Keating
4.3k2474
accept rate: 32%

converted 25 Apr, 10:20

Volker%20Barth's gravatar image

Volker Barth
33.5k330483711

Thanks Chris

(25 Apr, 10:07) Robert Krats...

This issue has been fixed and will be in an upcoming software update that is 17.0 Build 5788 or newer.

(02 May, 14:03) Chris Keating
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×38
×12

question asked: 25 Apr, 03:33

question was seen: 815 times

last updated: 02 May, 14:03