Skip to content

Lock Application Owner Account

In order to make an IFS Cloud installation more secure you have the possibility to lock the Application Owner oracle account and the IFS User as Application Owner. This means that it is not possible to log on to either SQLPlus or any IFS client as Application Owner. if Application Owner is not locked it is able to be able to run almost everything in IFS Cloud.

By locking/disabling Application Owner makes IFS Cloud more secure because you cannot (unless you are SYS or SYSTEM) do changes to standard business logic such as deploy new versions or remove or add database objects. Furthermore there is one more important password less to keep safe.

In order to lock Appowner account, administrators need to lock both oracle account and IFS User from Solution Manager > Users and Permissions > Users too. It is not recommended to remove IFS User equivalent to appowner as if someone recreated it, that user has access to almost everything. Always keep the user disabled. The possibility of creating/using appowner as IFS User to be obsolete soon. Note: To lock Application Owner is an optional step to improve security, this step not required in order to run IFS Cloud. There is no support to manage oracle users from the solution manager.

How to Lock the Application Owner

When you should lock Application Owner account you have two possibilities either to do it from SQLPlus or from IFS Cloud.

SQLPlus

Log on to SQLPlus as SYS and enter the following command:

to Unlock the Application Owner

SQLPlus

Log on to SQLPlus as SYS and enter the following command:

Installing, upgrading or patching of IFS Cloud

If you need to install new code, must perform an upgrade of IFS Cloud or even have to patch some code you need to unlock Application Owner account in order to be able to complete this task.