The OneStream Community is temporarily frozen until June 29th due to the ongoing maintenance. Please read the blog post here to learn more.

Forum Discussion

cap08's avatar
cap08
Contributor
1 year ago
Solved

OneStream Administrator Native User

Hi,  Does OneStream require the OneStream provided 'Administrator' security user?  Can you tell me why it's required and how it is used? Administrator is a Native account, and our audit department ...
Infrastructure
Security
  • T_Kress's avatar
    T_Kress
    1 year ago

    The Administrator user is the only user that exists at the initial install and creation of your OneStream environment.  A random password generator is used to generate a long, complex password for this user, which is then stored in an encrypted vault. OneStream Support uses this ID when you open a support case and grant them permission for troubleshooting or upgrades.

    You can change the password or disable this user, but it is not recommended.  If you need to do so, reach out to OS support.

    Also, this user name is unaffected by inactivity thresholds and password expiration requirements that prevent users from logging in after a specific period elapses or being forced to change their password. And, it cannot be deleted. This is the one user who can always manage artifacts, data, and tools within an environment. 

    The Administrators group is similar.   It is there by default, along with Everyone and Nobody.  You can add people to Administrators group, but you cannot change it's properties.  In a sense to protect you from locking yourself out.  If you did not have a system admin group, you could potentially make security changes to which you could prevent even admins from doing certain things.

TGG_Alex's avatar
TGG_Alex
Contributor II
4 months ago

T_Kress - to clarify, if the Native Administrator account is disabled using the out of box capability available on the system tab, will this prevent OneStream Support from accessing the environment when required?

As pointed out by others, active use of this account versus members of Administrators Group, can convolute accountability of actions performed by users.

 

 

T_Kress's avatar
T_Kress
Icon for OneStream Employee rankOneStream Employee
4 months ago

If you disable this native Administrator user, it will prevent support from logging when required (upgrades, troubleshooting, etc.).   I would not disable or at least re-enable before support is needed for things like an upgrade. 

If you need to change the password, you will want to coordinate with OneStream Support. You will need to schedule a time when your environment will be offline for approximately two hours, to get this password changed and restored in the
encrypted key vault.