Siebel Security Guide > Changing and Managing Passwords >

About Default Accounts

The Siebel installation process and the seed data provided with Siebel Business Applications create several default accounts. These accounts are used to manage and maintain your Siebel implementation. You assign passwords to these accounts when they are created. However, to safeguard the security of your implementation, change the passwords for these accounts regularly or delete any accounts you do not require.

Database Accounts

The following database accounts are created during the Siebel installation process. If you are using an Oracle or Microsoft SQL Server database, then you create these accounts when you run the grantusr.sql script. If you are using a DB2 database, then the database administrator manually creates these accounts. You must ensure these accounts have been created in the RDBMS and you must assign passwords to these accounts before you can configure the Siebel database:

• Siebel administrator database account (default user ID is SADMIN)
• A database account for users who are authenticated externally (default user ID is LDAPUSER)
• A database table owner (DBO) account

For information on creating and assigning passwords to the SADMIN, database table owner, and LDAPUSER accounts, see Siebel Installation Guide for the operating system you are using. For information on changing and managing the passwords for the SADMIN and database table owner accounts, see the following topics:

• Changing System Administrator Passwords on Microsoft Windows
• Changing the Siebel Administrator Password on UNIX
• Changing the Table Owner Password
• Troubleshooting Password Changes By Checking for Failed Server Tasks

For additional information on the LDAPUSER account, see About Creating a Database Login for Externally Authenticated Users.

Siebel User Accounts

The following Siebel application user account records are provided as seed data during the Siebel installation process. These user accounts are not installed with default passwords and their use is optional:

• A seed system administrator user record (SADMIN)
• A seed employee user record for customer users (PROXYE)
• Seed guest accounts: GUESTCST (customer applications), GUESTCP (Siebel Partner Portal), GUESTERM (Siebel Financial Services ERM)

You can use a seed guest account as the Siebel user account for the anonymous user. To use a seed guest account, you must set the following parameters, either when configuring the SWSE logical profile (recommended), or by editing the eapps.cfg file manually:

• AnonUserName. Set this parameter to the user ID of the anonymous user, for example, GUESTCST.
• AnonPassword. Set this parameter to the password associated with the anonymous user.

  If the EncryptedPassword parameter is set to True in the eapps.cfg file, then the password value entered for the AnonPassword parameter must be encrypted.

  The anonymous user password is written to the eapps.cfg file in encrypted form by default if you add or change this value using the Siebel Configuration Wizard. If, however, you must manually change or add an encrypted value for the AnonPassword parameter in the eapps.cfg file, then use the encryptstring.exe utility to generate the encrypted value. For information on this task, see Encrypting Passwords Using the encryptstring Utility.

For information on defining the anonymous user when you configure the SWSE logical profile, see Siebel Installation Guide for the operating system you are using. For additional information on configuring the anonymous user, see Configuring the Anonymous User.