Absent Member.. JasonCantrell Absent Member..
Absent Member..
93 views

[OO Support Tip] System Account passwords lost on publish, update, or import.

Issue:

Using Operation Orchestration (OO), what is the expected behavior of System Accounts when exporting or publishing them from one repository to another?

 

Solution:

 The expected behavior when exporting System Accounts varies depending on which version of Operations Orchestration you are using.

Versions 2.X, 7.X and versions 9.X up to and including 9.04: (bold & underline me)

Operations Orchestration was designed to prevent exporting of System Accounts in any manner due to security concerns.

 

Theoretically anyone could take an exported repository, import it into a fresh OO install and use the System Account to do whatever they wanted to within the privileges granted by the credentials in the System Account.

 

Confusion arose around this feature due to a defect in a few versions of the 7.x branch where System Accounts would migrate under certain limited circumstances. This was never intended behavior.

 

Solution: The only solution for versions of Operations Orchestration prior to 9.05 is to re-enter the authentication information in the destination repository.

 

Version 9.05 and later 9.xx versions:

In versions 9.05 of Operations Orchestration and later, a new configuration flag was introduced giving the Operations Orchestration environment administrator the capability of allowing the exporting of System Accounts. The security concerns are still present, however the need to be able to migrate content in controlled environments was recognized and a solution provided.

 

Excerpt from OO 9.06 Release Notes:

 

Preventing System Account Password Reset When Exporting a Repository

Note: The following item was introduced in version 9.05.

 

By default, when a repository containing system accounts is exported, the password is erased. It is now possible to prevent this from happening by adding the following line to the Central.properties and Studio.properties files:

 

dharma.repo.allow.system.accounts.travelling=true

 

Considerations:

Repository content is tracked by its unique UUID. If the UUID for the System Account in the target differs from the UUID for the System Account in the source you will encounter failures in publishing the System Account.

 

Direct link to document here:

http://support.openview.hp.com/selfsolve/document/KM1012801

HP Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
Labels (2)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.