Changing Database User Name Passwords - System Administration - On-Premises - English - Foundation 22.1 - OnBase - Essential - Premier - Standard - external - Standard - Premier - Essential

On-Premises System Administration

Platform
OnBase
Product
System Administration - On-Premises
Release
Foundation 22.1
License
Standard
Premier
Essential
Note:

As of OnBase 18, ADO.NET connection strings are used for connecting to databases except in the OnBase Client and the Configuration module. If you are changing user name or password information for anything outside of OnBase Client or the Configuration module, edit the ADO.NET connection string. For more information on configuring ADO.NET connection strings, see the Application Server module reference guide.

Note:

You must be licensed for one of the following to change database user name passwords: Change Password, Encrypted Alpha Keywords, or Encrypted Disk Groups.

Note:

If you have User Account Control (UAC) enabled, the Configuration module must be launched with administrator privileges in order to complete all the steps in the process below.

From within the Configuration module, you can change the passwords for the following OnBase user names:

User Name

Description

Required Files

HSI

Controls database access for the OnBase Client and Configuration modules.

The HSI user account is used to create new tables, indexes, and users and to grant permissions. When a workstation first logs on to the OnBase Client, additional database user accounts are created for it using this user account.

The HSI user account must exist and must be the owner of all OnBase database objects.

  • OnBase Client executable file

  • OnBase Configuration executable file

HSICORE

Controls database access for OnBase Core Services modules for OnBase versions 6.2 through 7.2.

  • dmcore.dll

  • Hyland.Core.GrabIcon.dll

  • OBCorePlatMgmt.dll

Note:

Microsoft .NET Framework 3.5 or later is required for the dmcore.dll file to be created.

HSINET

Controls database access for OnBase Core Services modules for OnBase versions 8.0 and later.

  • Hyland.Core.GrabIcon.dll

  • OBCorePlatMgmt.dll

VIEWER

Controls database access for modules that allow SQL statements to be run against the database. The VIEWER user account only allows SQL SELECT statements to be executed. This user account should be used for Report Services, Reporting Dashboards, creating and testing ODBC sources, and external reporting by third-party applications.

  • Hyland.Core.GrabIcon.dll

Note:

The required file for the viewer is dependent on licensing. The following process provides information on changing the viewer password when the Hyland.Core.GrabIcon.dll is required. See applicable module reference guides for information on using other methods for changing the viewer password. For example, Report Services employs a different method for changing the viewer password, whereas Reporting Dashboards uses this method.

The above passwords are also stored in the OnBase database. To successfully complete the password change process, you must change the passwords stored in the files listed above, as well as the passwords stored in the OnBase database. When you change the passwords stored in the files listed above, you generate new instances of these files. These files must then be deployed, replacing previous instances of these files, for users to access OnBase.

CAUTION:

Before changing database user name passwords, it is strongly recommended you back up your database.

To change one or more of the database user name passwords:

  1. Lock your OnBase database and ensure that there are no users in the system.
    Note:

    For more information on locking the database, see Locking the OnBase System.

  2. Stop all OnBase instances, processes, and services.
  3. Stop the OnBase database. This ensures that all users are logged out of the system and all instances, processes, and services are stopped.
  4. Restart the OnBase database.
  5. Apply the -ROMANZO switch to the Configuration module shortcut.
    CAUTION:

    Before using features enabled by the -ROMANZO switch, ensure that you understand the feature and implications of any changes to your system. Contact your service provider with any questions regarding these features. Features enabled by the -ROMANZO switch should not be made available to the casual user. Remove the -ROMANZO switch after completing necessary actions.

  6. Log on to the Configuration module as the user and/or workstation configured during the system lockout.
  7. Select Utils | Rotate Database Password and KEK (key encryption key).

    The Rotate Database Password and KEK (key encryption key) dialog box is displayed.

  8. Click Add. Navigate to the folder containing your OnBase Client executable. Select the executable and click Open. The OnBase Client executable is added to the Executable Files list.
    In a default installation, this file is located at C:\Program Files\Hyland\ OnBase Client.
  9. To generate the selected executables without rotating passwords, select Generate Executables Only and skip to step 16.
  10. If your solution includes an OnBase Application Server, select the Generate Core dll check box and complete the Core KEK Rotation Parameters:
    Note:

    By selecting this option and performing the steps below, you are choosing to create a new version of Hyland.Core.GrabIcon.dll. If you would like to back up the original version, place it another directory, or rename it to something else before completing the process.

    1. Enter the path to the GrabIcon.NET.exe file in the Core KEK Rotation Utility Path (GrabIcon.NET.exe) field, or select a path using the Browse button.
      Note:

      This file is not included in your OnBase installation. Contact your first line of support to obtain the GrabIcon.NET.exe executable.

      Note:

      The GrabIcon.NET.exe executable requires Microsoft .NET Framework 3.5 or later to be installed.

    2. Enter the build version of your OnBase Application Server in the Version field.
  11. In the Passwords section, select Show Passwords to display passwords as they are entered in the fields.
    Note:

    When connecting to an Oracle database, place double quotes ('') around the passwords.

  12. To change the HSI database password, select the Change HSI Password check box. Type a new password in the HSI field.
  13. To change the HSICORE and HSINET database passwords, select the Change Core Password check box. Type a new HSICORE password in the HSICORE field. Type a new HSINET password in the HSINET field.
  14. To change the viewer account password, select the Change Viewer Password check box. The viewer account is a database account that allows only SQL SELECT statements to be executed. It is used by areas of OnBase that allow SQL statements to be run against the database. Type a new password in the VIEWER field to change the viewer account password.
    Note:

    KEK functionality is disabled unless your system is licensed for either Encrypted Alpha Keywords or Encrypted Disk Groups. For more information on KEK rotation, see the Encrypted Alpha Keywords or Platter Management module reference guide.

  15. A readme text file is created by default in the directory containing the new executables and DLL file. To add custom text to the readme file, enter any important comments or notes into the Comments field.
  16. Click Update. The Enter Database Credentials dialog box is displayed.
  17. Select an option and enter the database credentials to use for updating database passwords for the system. The specified user must be assigned the appropriate privileges on the database server.
  18. Click Proceed.
    Once the update process is complete, you are prompted to re-launch the Configuration module. Before attempting to re-launch the Configuration module, complete the steps in Deploying Newly Created Database User Name Passwords.
  19. Click OK.
  20. From the Rotate Database Password and KEK (key encryption key) dialog box, click Cancel.
  21. Close the Configuration module.
    Note:

    You are unable to log back into the Configuration module at this point; you must first deploy the newly created passwords. For more information on deploying the newly created passwords, see the following section.