CONFIDENTIAL AND PROPRIETARY: For use by MICROS Associates, Agents, and Clients Only
Copyright
2014 MICROS Systems, Inc. All rights reserved. No part of this publication may be reproduced,
photocopied, stored on a retrieval system, or transmitted without the express prior written
consent of the publisher. MICROS Systems, Inc. retains the right to update or change the
contents of this document without prior notice. MICROS Systems, Inc. assumes no responsibility
for the contents of this document.
OPERA is a trademark of MICROS Systems, Inc.
On Oracle and the On Oracle logo are trademarks of Oracle Corporation.
Information in this document is subject to change without notice.
MICROS Systems, Inc. makes no warranty of any kind with regard to this material, including but
not limited to the implied warranties of marketability and fitness for a particular purpose.
MICROS Systems, Inc. shall not be liable for errors contained herein or for incidental or
consequential damages in connection with the furnishing, performance, or use of this material.
Author:
Contributors:
PAGE 2
CONFIDENTIAL AND PROPRIETARY
APRIL 2014
Table of Contents
INTRODUCTION.............................................................................................4
OPERATING SYSTEM ACCOUNTS....................................................................5
ORACLE USER ACCOUNTS ..............................................................................7
ORACLE OPERA ACCOUNTS ............................................................................9
CHANGING AN ORACLE USER PASSWORD ...................................................10
CHANGING PASSWORD USING OAPPCFGED ................................................12
OPERA CLUSTER SOLUTION.........................................................................16
OEDS ...........................................................................................................17
OXI..............................................................................................................18
OPERA USER ACCOUNTS ..............................................................................19
CHANGING SYS PASSWORD WITH DATAGUARD ..........................................20
PAGE 3
CONFIDENTIAL AND PROPRIETARY
APRIL 2014
Introduction
Purpose
This document describes what types of password protected user accounts are used in an OPERA system.
The implications of making changes to the passwords, and the procedures for changing selected passwords.
Intended Audience
This document is intended for all staff of Micros-Fidelio, its partners, customers and contractors which deal
with system security. This document should not be released for general usage.
PAGE 4
CONFIDENTIAL AND PROPRIETARY
APRIL 2014
Domain Accounts
Domain\administrator: The password of this account is generally not known to Micros-Fidelio staff. It
may be changed by the customer at will. It may be used in the backup system and the customer should
take that into consideration before making the change.
Domain\operasupport: This account may go under a different name. It is the account which is known
to Micros Fidelios OPERA support team to allow them to log on to the servers. It is normally a simple
domain user with local administrator privileges on the OPERA servers. If this password is changed, the
customer must put in place a process whereby the property has access to the password at all
times should the need for support arise. MICROS Fidelios OPERA support team they may not be able to
offer support at the time of the call without being given the password to this or a similar account.
Domain\operaservice: This account may go under a different name. It is the account which runs
OPERA services on some older systems. Normally, it is a simple domain user with local administrator
privileges on the OPERA servers. If this password is to be changed, MICROS Fidelios OPERA support team
must be informed beforehand in order for advice to be given. The OPERA services will need to be
reconfigured to use the new password.
Domain\BackupUser: This account may go under a different name. It is the account which is set up to
run the backup services on the backup server and will also often be used for inter-server communication by
the backup processes. It is often a domain administrator and will always be a domain backup operator.
It may be changed but the backup configuration and services may require updating with the new password.
Other domain accounts: It is unlikely that changing the password of other domain accounts will have any
effect on the OPERA system, but each installation could have unique circumstances that should be reviewed
when formulating plans and procedures for regular password changes.
Local Accounts
Local \administrator: This account was created when the operating system was installed.
Other local accounts: It is unlikely that changing the password of other local accounts will have any effect
on the OPERA system, but each installation could have unique circumstances that should be reviewed when
formulating plans and procedures for regular password changes.
PAGE 5
CONFIDENTIAL AND PROPRIETARY
APRIL 2014
Domain Accounts: On the domain controller use the User Maintenance Tool to change the password. In
programs which use the password, such as Backup Exec, amend the configuration with the new password.
Local Accounts: Use the Local Users section of the Computer Management Tool to amend the password. In
programs which use the password, such as Backup Exec, amend the configuration with the new password.
PAGE 6
CONFIDENTIAL AND PROPRIETARY
APRIL 2014
PAGE 7
CONFIDENTIAL AND PROPRIETARY
APRIL 2014
PAGE 8
CONFIDENTIAL AND PROPRIETARY
APRIL 2014
OXI: The OXI password can be changed. Following the change the Application Server configuration will
need to be updated;
The OXI and OPERA synonyms will have to be refreshed.
Changing the OXI password is a serious change to the OPERA system and must include a comprehensive
field plan so that all properties have a system in place to access and know the password at all times in case
it is needed for MICROS to provide support.
OXIHUB: The OXIHUB password can be changed. Following the change the Application Server
configuration will need to be updated;
The OXIHUB and OPERA synonyms will have to be refreshed.
The OXIHUB Monitor configuration will have to be updated.
Changing the OXIHUB password is a serious change to the OPERA system and must include a
comprehensive field plan so that all properties have a system in place to access and know the password at
all times in case it is needed for MICROS to provide support.
PAGE 9
CONFIDENTIAL AND PROPRIETARY
APRIL 2014
All changes to Oracle OPERA Account passwords must be documented and supplied to MICROS OPERA
Support or other MICROS staff when support is required.
NOTE: We discourage the use of the special characters #, @ and $ from being used in Oracle passwords.
For the SYS user only: After changing the password, go to the ORACLE_HOME\database directory and
confirm that the Oracle password file date/time was changed as well.
For RAC installations, the ALTER USER command will need to be run on each node when changing the SYS
user password. Also confirm on each node, that the password file was changed.
PAGE 10
CONFIDENTIAL AND PROPRIETARY
APRIL 2014
If the password being changed belongs to an OPERA Oracle user, such as OPERA, OXI, OXIHUB, etc, then
the OPERA Application Configuration Editor (OAppCfgED) will need to be used to change the password on
EACH app server and the services restarted. This is done after the password is changed in SQLPlus.
PAGE 11
CONFIDENTIAL AND PROPRIETARY
APRIL 2014
Launch the OAppCfgEd.exe from the \micros\opera\tools directory on the application server.
2.
Prior to the first screen a confirmation pop-up box will appear asking whether you want to open the
OAppCfgEd in read-only mode or write mode. If you open the OAppCfgEd in read-only mode then
you can neither add nor modify the configuration entries.
Select No when asked to confirm whether you want to open the application in Read-only mode.
PAGE 12
CONFIDENTIAL AND PROPRIETARY
APRIL 2014
In the tab labeled Connections, select the schema which had the password changed via SQLPlus
and then click Edit .
4.
In the box labeled Password, type in the new password and then click Update Config .
PAGE 13
CONFIDENTIAL AND PROPRIETARY
APRIL 2014
To verify the configuration is correct, click Check Connect. To confirm a connection to the
database is available when you the word Connected. will appear at the bottom of the output
window.
6.
If you need to update the password for additional schemas, click Back, and then follow the above
steps for each schema you would like to update.
7.
After you have updated the password for all required schemas, click Restart Services .
PAGE 14
CONFIDENTIAL AND PROPRIETARY
APRIL 2014
8.
PAGE 15
CONFIDENTIAL AND PROPRIETARY
APRIL 2014
When the correct password is provided, the database failover will occur and a new password file will be
created on the receiving node using the password provided.
PAGE 16
CONFIDENTIAL AND PROPRIETARY
APRIL 2014
OEDS
After an Opera Oracle user password has been changed via SQLPlus that is used by OEDS, the OEDS
configuration on each OEDS server needs to be changed to reflect the new password.
Go into the OEDS Configuration Editor.
Change the password and then click the Not Connected button.
Now keep clicking Next until exiting out of the OEDS Configuration Editor.
PAGE 17
CONFIDENTIAL AND PROPRIETARY
APRIL 2014
OXI
For OXI
1.
2.
3.
4.
1.
2.
3.
4.
PAGE 18
CONFIDENTIAL AND PROPRIETARY
APRIL 2014
Support
Customers are strongly advised to consult with Micros Fidelio OPERA Account Management
before planning any password changes.
MICROS Fidelio OPERA Support does not perform password changes; therefore clients must put in place a
comprehensive field plan so that all properties have access to passwords at all times in case they are
needed for MICROS support.
Failure to do this may result in MICROS Fidelio OPERA support not being able to provide support.
PAGE 19
CONFIDENTIAL AND PROPRIETARY
APRIL 2014
Note: Below should only be done if unable to copy over current Primary orapwSID file to the Standby
database server(s).
Below is a syntax example, replace SID with the actual SID of the instance. This is to be done from the
command line with the DATABASE home set:
orapwd file=orapwSID password=oracle entries=5 FORCE=Y
After the password has been modified on the standby server(s), ensure that archive logs are being applied
and no errors seen in the alert log.
select sequence#,applied from v$archived_log order by sequence#;
PAGE 20
CONFIDENTIAL AND PROPRIETARY
APRIL 2014