Oracle Database
Microsoft SQL Server
On entering the administrative credentials, the user is denied access
Access Denied when trying to log in to KMS administration panel
In the ClearTrust agent log and the authorization server debug log, the password is mentioned as expired.
In the normal case, the user should be able to reset the password in ClearTrust's Entitlements Manager (admingui). However, if that option is not available, the password expiration dates can be manually adjusted directly in the datastore.
In Microsoft SQL Server, the password record is in the table CT.PASSWORD; in Oracle, the password record is in CT_OWNER.PASSWORD. In both cases, the relevant field is EXPIRATION_DATE. This can be manually adjusted forward to allow the user to log in. Note that if the password has been expired because the lifetime (as calculated by the current date less the date in the PASSWORD_CREATION_DATE field) is greater than the password policy's lifetime, you must also adjust PASSWORD_CREATION_DATE forward to avoid the password being expired for policy reasons, rather than explicitly.
Here's an example on how to update password expiry dates in Oracle db:
Once connected to the db via sqlplus using CT_OWNER credentials, use the following SQL statements to update dates:
1. List all records in PASSWORD table including account names from USERS table:
SELECT USERS.NAME, PASSWORD.USER_ID, PASSWORD.PASSWORD_CREATION_DATE, PASSWORD.EXPIRATION_DATE FROM USERS, PASSWORD WHERE PASSWORD.USER_ID = USERS.ID;
2. Update password creation date and password expiry date for, say, a user with user_id = 4:
UPDATE PASSWORD SET PASSWORD_CREATION_DATE = '01-May-2008', EXPIRATION_DATE = '29-May-2008' WHERE USER_ID = 4;
3. Commit the changes to db:
COMMIT;
Related Articles
Access denied error while running the RSA Authentication Manager 8.x Administration SDK Number of Views "Access Denied" error when attempting to view detailed information on the RSA Via Lifecycle and Governance Users page Number of Views Error message "Access denied - User not a member of any identity source in access policy" in RSA SecurID Access Number of Views Access denied error when running sync-tokens command in Authentication Manager 8.x Number of Views Errors 'Server Timeout' and 'User TIME's access is denied' with RSA Access Manager and RSA SecurID Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
