I am facing problem in redshift where certain user cannot change its password. But users created by it can change their own password.
e.g:
when logged in as 'or_user' (I dont know how this original user was created, but it cant change its password. I tried below:)
select md5('password123' || 'or_user');
ALTER USER or_user WITH PASSWORD 'md5<hash>';
getting 'ERROR:permission denied'
But when I create user 'demo_user' using 'or_user', 'demo_user' is able to change its password, below commands:
ALTER USER demo_user WITH PASSWORD 'md5<hash>'; its getting success.
Additionally when I tried to grant system privilege to or_user using admin I get below error:
GRANT ALTER USER TO or_user;
ERROR: Grant/Revoke system privilege on User is not supported.
I have read postgres/redshift by default user can change there own password.
Maybe or_user does not have ALTER USER permission please help me with GRANT ALTER USER statement and how to find what permission this or_user have in all like CREATE USER, ALTER USER, DROP USER, .... like mostly database permissions.
Related
I've successfully applied a custom password policy for my IAM users in AWS:
aws iam update-account-password-policy --minimum-password-length 64 --allow-users-to-change-password --password-reuse-prevention 24
Next I force a password reset - this also works.
But the when I deliberately try to set the new password to a non-compliant one, I get this rather opaque error at the top of the page (https://us-east-1.signin.aws.amazon.com/changepassword):
Either user is not authorized to perform iam:ChangePassword or entered password does not comply with account password policy set by administrator
Is there a way to configure useful feedback? Such as: Password should be at least 64 characters?
There is currently no way to customize this error message. There is an AWS Developer Forums thread from 2017 that raises this issue, however the response appears to have only been to add "or entered password does not comply with account password policy set by administrator".
Unfortunately your only option is to communicate password complexity requirements through a parallel vector. Alternatively, if you create accounts by setting a temporary password for the user instead of requiring a password reset, you could (outside of AWS) template an email to send that to the user that includes instructions on password complexity.
The API does actually clarify whether it was a password policy issue, however.
I had migrated one user from source wso2 (4.6.0) to target wso2(5.5.0) using insert query in below tables only.
1. UM_USER (The Table contains users username, password etc.)
2. UM_USER_ATRIBUTES (The Table contains user attributes like sn, giveName etc.)
We have using wso2 manage user credential only(user add/delete) that's why we had directly inserted user details
in above tables instead of follows the complete migration step.
we have successfully creating token for migrated user base on password grant_type but unable to login in wso2 admin console using the same credential.
In order to create access tokens, the user doesn't need to have login permission. But in order to log in to management console & dashboard, the particular user should have login permission. Please assign login permission to the user and then login to management console.
is it possible to change an encrypted password with a sql query?
I have a user who for some reason can't log in and can't make her reset password recredentialing work.
This is simple: just use ALTER ROLE with the encrypted password.
ALTER ROLE luser PASSWORD 'md565b6fad0e85688f3f101065bc39552df';
Be aware that the password might end up in the log file if logging is configured appropriately.
I am trying to run JAXR sample in Governance Registry in WSO2 which deals with UDDI support.It say before running I should add a user with UDDIPublisher Permission to scoutv3.properties file .I dont know which username and password I need to add to this file in order to run the sample.Please help.
The role which user belongs to should have UDDIPublisher permission to publish a service to UDDI registry. Therefore you should add a valid username and password in scoutv3.properties file (instead of root/root).
To tryout this sample you can use the admin/admin for userid and password. (admin has all the permissions)
I use mysql c++ wrapper in client side to connect to mysql server. When user establishes connection to mysql server I want to know whether the user have privileges like root (i.e. GRANT ALL PRIVILEGES ON *.* TO 'username'#'%' WITH GRANT OPTION).The SHOW GRANTS FOR CURRENT_USER query gives grants for current user, but i need to parse the string and compare to know whether the current user have privileges like root. I am looking for an alternative options.
You could query the various tables in mysql.* and compare the permissions fields between the accounts. Of course, you'd have to account for variances in the host/user fields, as MySQL considers root#localhost to be a completely different account than root#% and root#10.0.0.1 etc..
select * from mysql.TABLE where User in ('root', 'youraccount', 'someotheraccount');
where TABLE is 'user', 'db', 'func', etc...
Why not just perform a test action that would only be able to be accomplished by a 'root' superuser.. and if it fails you're out of luck, but if it works, you'd be in business?