Adding database accounts

If you skipped the step for adding a database account when you added or imported a database, provided invalid account information when you added the database, or want to update the database to include additional accounts, you can do so after adding the database by clicking Accounts when viewing the details for the database.

To add a new account for a database:

  1. In the Admin Portal, click Resources > Databases to display the list of databases.
  2. Select the database to display the database-specific details.
  3. Click Accounts, then click Add.
  4. Type the user name and password for a database account you want to use to connect to the currently selected database.
  5. Select the Manage this credential option if you want the Centrify Privileged Access Service to manage the password for the specified account.
  6. Optionally, type a description for the account, then click Add.
  7. Click Save to save the new account for the database.

Managed passwords and password complexity

For any database account you add, you can also choose whether or not you want the Privileged Access Service to manage the account password. If you select Manage this credential, the Privileged Access Service automatically resets the password after the account and database are added and each time the account is checked in.

All managed passwords generated by the Privileged Access Service consist of at least one upper case letter, one lower case letter, one number, and one special character regardless of the database type.

The default password profile for each database type will only include supported special characters. If you clone an existing profile to create a custom password profile, however, you should be aware that some special characters might not be supported on different databases and should not be used in the password.

For example, the following password rules apply when adding Microsoft SQL Server database accounts:

  • Minimum password length: 12 characters.
  • Maximum password length: 32 characters.
  • Supported special characters: ?!@#$%&()*+,-./:<=>[]^_|~

For Oracle database accounts, the following password rules apply:

  • Minimum password length: 12 characters.
  • Maximum password length: 30 characters.
  • Supported special characters: !@#$%&()*+,-./:;<=>?[\]^_{|}~
  • Only characters that are standard ASCII characters are supported.

If you are adding database accounts for SAP Adaptive Server Enterprise, the following password rules apply:

  • Recommended minimum password length is 6 characters.
  • Maximum password length is 30 characters

User names and passwords cannot begin with single quotes or double quotes.

User names and passwords cannot end with white space.

You can also implement advanced password rules that include requiring certain types of characters in the password, disallowing password reuse, and determining when passwords should expire.

You should keep in mind that only the Privileged Access Service will know the managed password being generated and stored. You should not select this option if you don’t want the Privileged Access Service to manage the password for the account.