Each user has an Oracle ID/password as well as BO. When they change it in WebI, there is no problem. We have changed the code to have the db change as well.
Is it possible to do the same type of thing in full client? Users forget to change it in WebI and change it when prompted in full client. We want some kind of code that will either disable this prompt only in full client or will allow us to update the Oracle password. Is it possible to write a function for this?
I know using a generic BO id/password is a way around this but our customer and our DBAs are completely against it.
One possible option:
Changing Business Objects passwords require updates to the Business Objects Security Repository, so you could trap updates there (update trigger) and then update the Oracle password for that user id…
To do this you would need the password encryption algorithm that is used to encrypt the password before storing in the Business Objects security domain table. I don’t know of any place to get that information.
Now that many companies are needing to become Sarbaine-Oxley compliant, the synching of passwords has become a priority. Has anyone had any new information on this issue? NT Authentication is not an option at my company. I didn’t find anything on the BO Kx, or docs. Thanks.
On the BO 5.1.8 cd I have found a new folder under Freeware called “encryption”. It contains a C++ project that makes it possible to perform the kind of encryption that is needed for the password to BO.
In other words, it is now (in theory) possible to program a password synchronization.
I have tested the demo exe program which is included. It makes an encryption of the word “BusinessObjects”. And this matches exactly the password found in the repository, if you have changed your password to “BusinessObjects”. So the encryption seems to be OK, but I have not (yet) managed to get the C++ project to compile.
Has anybody any experience with this encryption project?
Our solution has been, when setting up our database connection in Supervisor, to use @Variable(‘BOUSER’) for the username and then hardcode a password. This password matches the password in Oracle. Every 90 days or so, the DBA and I simultaneously change the password in Oracle and in the BO connection setup. Using this method we can still see the specific user activity in Oracle.
From the user’s perspective, they are still required to change their password every 90 days, and we have the full password checking active in supervisor. But from the connection persepective, Oracle ignores their password and uses the hardcoded password in the connection.
The problem with this solution is that someone else besides the end-user will know his/her password. From a security standpoint ideally even a DBA or Administrator should not know a user’s password.
NO, the end user does not know this password. Each user creates his/her own password, but this is not the same one as the password used for the connection. Only the DBA and I know this password.
But that is the problem: Ideally only the end-user should know the password that is used to make a DB connection in their name, not the DBA, not the Administrator
I am having similar problems with synchronization of BO & oracle password. Can you please share your jsp code, which changes oracle password when user is changing password in webi? That would be really helpful for me.
(BOB member since 2002-06-20)
(BOB member since 2002-06-08)
(BOB member since 2002-06-20)
(BOB member since 2004-07-22)