Go-live User accounts/passwords

mtrottier

Well Known Member
Has anyone found a way to “minimize” user accounts/passwords issues during an upgrade go-live?

Example:
We are doing a 8.12 -> 9.0 upgrade. We upgraded DV which brought over all 8.12 user accounts and passwords and have been testing for about a month. During go-live we will copy the tested “Objects” from PY900 to PD900 and convert the production data in PRODDTA and PRODCTL.

Since the original conversion of DV812 users have been added and some existing users have changing their JDE passwords in PD812. By default a go-live PD upgrade plan in 9.0 will not bring over the User accounts/password again from 8.12 so new users or changed passwords will not be reflected in 9.0 after go-live.

Has anyone ever modified the PD upgrade plan to bring over the user accounts again from the previous environment or used other strategies to insure that the latest user account info came across at go-live?
 
I've seen something similar in an upgrade once before. Obviously, SSO is one approach - and Everest Software has a couple of solutions (including a web-based password reset system) that might help.

On one upgrade, I reset all the passwords to a set password, then had all the users log in on the day and force them to change their password upon login using some SQL against the F98OWSEC. Not sure if this is a choice - but it certainly eliminated the password issue !
 
I did this for a client here, under similar circumstances, by using proprietary tools, but I can only offer this as a service rather than software at the moment, because it's kind of sensitive from the security point of view.

On the other hand, I should be able to package this in a secure single tool within days, if there's any demand...
 
We used sql to copy the password and expiry date from source environment to new environment.

We export the list of users we want to change the password by running query against the roles we want to export the user password. We ran it against certain roles since we did not want to change the password for project team and sysadmin users:

SELECT F95921.RLFRROLE, F95921.RLTOROLE FROM SY900.F95921 F95921 WHERE F95921.RLFRROLE In ('role1','role2','role_n') ORDER BY F95921.RLFRROLE

Then used excel concatenate function to create sql for above ids (example below) to run against new environment, one to update password and other to update expiry date.

UPDATE SY900.F98OWSEC T1 SET (T1.SCSRVBLOBA) = (SELECT T2.SCSRVBLOBA FROM SY810.F98OWSEC T2 WHERE T2.SCUSER='<userid>') WHERE T1.SCUSER='<userid>';

UPDATE SY900.F98OWSEC T1 SET (T1.SCSECLST) = (SELECT T2.SCSECLST FROM SY810.F98OWSEC T2 WHERE T2.SCUSER='<userid>') WHERE T1.SCUSER='<userid>';

Sanjiv
 
Back
Top