A complete user-access security model includes authentication, authorization, and accountability. Accurate identification of users and permissions management is often considered most important for security, but accountability should not be understated. For example, if all administrative activities are performed using a single, shared login, it is nearly impossible to know who performed specific actions in order to establish accountability. Shared accounts reduce the effectiveness of non-repudiation to uncover malicious actions and defend innocent parties.
A simple but effective method of increasing security is to remove the ability of an attacker to access the system using default credentials or a shared accounts. Unique accounts for all users not only restrict access for individuals, but can help to recover from malicious or unwanted actions through non-repudiation.
In an OnBase environment, the default Manager and Administrator accounts should be disabled, with administrative functions being carried out by unique accounts for each user with administrative access.
When logging in to a new database using the Manager or Administrator accounts you are forced to change the default passwords. If the Administrator account still has the default password when logging in for the first time as Manager, the Administrator account is automatically disabled when the password for the Manager account is changed. To keep the Administrator account enabled, you must log in as Administrator first and change the default password before logging in as Manager.
OnBase also uses default database credentials when installing, which should be changed after installation. For additional information, see Database Access.