Securing built-in Aras Innovator Accounts
Copy
It should be noted that the core Aras Innovator database comes with the following five built-in accounts:
- Innovator Admin—the admin username
- Super User—the root username
- Vault Admin—the vadmin username
- Authentication Admin—the authadmin username
- ES Admin—the esadmin username
The Innovator Admin and Super User accounts should be changed to prevent them being used by persons who know something about the default values of these passwords by disabling these accounts and only enabling logon during periods controlled by strict configuration management principals. Users should be made members of the Administrators Identity to have administrative privileges assigned to their own account, rather than using the Innovator Admin or Super User accounts.
The Vault Admin user cannot be disabled if the VaultServer feature of Aras Innovator is being used. The best way to restrict access to this account is to generate a random, sufficiently long password that is difficult to guess, and to store this password in encrypted form in the VaultServerConfig.xml file.
The Authentication Admin account is used to run Aras Innovator server methods that are necessary for authentication. The best way to restrict access to this account is to generate a random, sufficiently long password that is difficult to guess.
The ES Admin user cannot be disabled if Enterprise Search functionality is used. The best way to restrict access to this account is to generate a random, sufficiently long password that is difficult to guess, and to store this password in encrypted form in the service.config file.
The Aras Visual Collaboration solution also uses a designated user called pdftron_user. This user should be accommodated in the Windows Authentication setup as well.