The default 'admin' user is created during the initial installation with its default password 'admin_password'. This password, like for any UDMG user is encrypted in the database with the AES passphrase file that is referenced in the configuration file.
If you have lost of forgotten the password for this administrator user (or any other user that was created for admin purpose), you can follow the following steps to reset it.
There is no command to directly reset the password, nor to create a new admin user but is is possible to import the definition a a new admin user with the minimum permissions for updating the admin user password.
This is necessary only if you don't have access to the system with any other user having at least the permission to edit user data (Write User permission).
Otherwise, simply login with that user and navigate to the Users page to change the 'admin' password:
Temporary administrator user (simple way)
For the following steps, it is required that you have access to the UDMG Server installation and be able to run the udmg-server
in the same condition as the running service. This means reading both the configuration file and the passphrase file.
Create a JSON file with the definition for creating a new user, granting it the permission to manage users, and assigning it to the Generic user group.
import-user-and-grp-admin_fix.json{ "users": [ { "username": "admin_fix", "password": "admin_fix", "permissions": { "users": "rw-" } } ], "userGroups": [ { "id": 1, "name": "Generic", "businessServiceName": "Generic", "members": [ "user::admin_fix" ] } ] }
The username and password can be set to your convenience, make sure to put the same username in both sections.
The order of the sections is important, the user is first created then assigned to the user group.Load the file with the import command of udmg-server:
Linux command:
$ /opt/udmg/bin/udmg-server import -v -v -v -c /opt/udmg/etc/udmg-server/server.ini -s import-user-and-grp-admin_fix.json
Windows command:> "C:\UDMG\UDMG Server\udmg-server.exe" import -v -v -v -c "C:\UDMG\UDMG Server\server.ini" -s import-user-and-grp-admin_fix.json
Command Output[Info ] Starting database service... [Info ] Startup successful [Info ] Import Partners - All [Info ] Import Server - All [Info ] Import Rules - All [Info ] Import Users - All [Debug ] No user found with conditions (username='admin_fix' AND owner='sb-mft-01') [Info ] Created user admin_fix [Info ] Import Business Services - All [Info ] User Groups - All [Info ] Promoted user group with name 'Generic' and UUID '' has a different UUID than the original 'Generic' with UUID 'fcd0e5ea-4828-499c-a30e-145cafb57485'. [Info ] Updated user group Generic [Debug ] No user group membership found with conditions (group_id='fcd0e5ea-4828-499c-a30e-145cafb57485' AND user_id=18) [Info ] Local Accounts - All Import successful. [Info ] Shutting down... [Info ] Shutdown complete
Use either
udmg-client
or UDMG Admin UI to reset the administrator user password. The 'admin_fix' user can now view and edit user data.
Here is an example to reset the admin password, make sure to use the correct port number for your configuration.Reset password with udmg-clientudmg-client -a http://admin_fix:admin_fix@localhost:8080 user update -p 'THE_NEW_PASSWORD' 'admin' The user admin was successfully updated.
Recommended: delete the 'admin_fix' user once the access to the normal administrator account is recovered.
Note
To avoid lockout situation where no user can edit users, the system does not allow to delete the last user with the Write User permission, nor to revoke the permission from the last user having it.
Temporary administrator user (isolated way)
It is also possible to completely isolate the temporary user into a dedicated user group (and business service).
A user must belong to a user group and a user group must be linked to a business service. The below procedure is creating the 3 entities to isolate the fix from the business configuration and allow for a completely safe and clean removal once the administrator access is recovered.
This can be preferred in a production environment to avoid any tampering of the Generic user group and the Generic business service entities.
Create a JSON file with the definition for creating a new user, a new business service, a new group, granting it the permission to manage users, and assigning it to the Generic user group.
import-user-and-bs-admin_fix.json{ "users": [ { "username": "admin_fix", "password": "admin_fix", "permissions": { "users": "rw-" } } ], "businessServices": [ { "name": "admin_fix", } ], "userGroups": [ { "name": "admin_fix", "businessServiceName": "admin_fix", "members": [ "user::admin_fix" ] } ] }
Load the file with the import command of udmg-server:
Linux command:
$ /opt/udmg/bin/udmg-server import -v -v -v -c /opt/udmg/etc/udmg-server/server.ini -s import-user-and-bs-admin_fix.json
Windows command:> "C:\UDMG\UDMG Server\udmg-server.exe" import -v -v -v -c "C:\UDMG\UDMG Server\server.ini" -s import-user-and-bs-admin_fix.json
Command Output[Info ] Starting database service... [Info ] Startup successful [Info ] Import Partners - All [Info ] Import Server - All [Info ] Import Rules - All [Info ] Import Users - All [Debug ] No user found with conditions (username='admin_fix' AND owner='sb-mft-01') [Info ] Created user admin_fix [Info ] Import Business Services - All [Info ] Created business service admin_fix [Info ] User Groups - All [Info ] Created user group admin_fix [Debug ] No user group membership found with conditions (group_id='acaf15fc-95aa-4438-a916-283d56dfdb4e' AND user_id=20) [Info ] Local Accounts - All Import successful. [Info ] Shutting down... [Info ] Shutdown complete
Use either
udmg-client
or UDMG Admin UI to reset the administrator user password. The 'admin_fix' user can now view and edit user data.Recommended: delete the 'admin_fix' user, user group and business service once the access to the normal administrator account is recovered.
Cleanup$ udmg-client user delete admin_fix The user admin_fix was successfully deleted. $ udmg-client sb_usr delete admin_fix The user group admin_fix was successfully deleted. $ udmg-client sb_biz delete admin_fix The business service admin_fix was successfully deleted.
Create or promote a new admin user
To create another admin user, with the same set of permission as the default 'admin' user, use the udmg-client user add
command with the special permission 'superuser
'.
It can also be set when updated an existing user with the user update
command.
This requires to execute the udmg-client with a user having the Write User permission.
$ udmg-client user add -u admin_new -p password_new -r superuser The user admin_new was successfully added. $ udmg-client user get admin_new ● User: admin_new User groups: Generic Email: Login Type: local Permissions: ├─Transfers: rw- ├─Servers: rwd ├─Partners: rwd ├─Rules: rwd ├─Users: rwd ├─Administration: rwd ├─Pgp: rwd ├─Audit: rwd └─Shared Accounts: rwd