Overview
This document is one of the major updates for QueryPie security enhancement, providing guidance on the background, operation method, and precautions for the deletion functionality of the default account qp-admin newly added in version 10.2.8. Previously, the qp-admin account was created by default in the system and could not be deleted, but this led to continuous concerns about account exposure and potential exploitation of security vulnerabilities. To address these risks, security-focused improvements have been introduced from this version, including default account deletion functionality and mandatory password changes upon initial login.
qp-admin Account Deletion Conditions
- At least one account with Owner privileges must exist in the system regardless of the authentication method (Auth Provider).
- This is because if users are integrated with OKTA and LDAP, there may be cases where no Owner accounts exist when deleted from IdP.
- If conditions are not met (no QueryPie authentication method Owner users), the delete button is disabled.
qp-admin Account Deletion Method
- Access Admin > General > User Management > Users menu.
- Select the qp-admin account.
- Click the
Deletebutton. - After condition verification, delete processing is performed.
Precautions
- Recovery is not possible after qp-admin account deletion.
- At least one QueryPie authentication method Owner user must exist for deletion.
qp-admin Account Password Change Enforcement Conditions
- When upgrading to 10.2.8, the qp-admin account password is automatically expired.
- Password reset is required upon login.
- Password change is enforced at the time of initial login.
qp-admin Account Password Change Method
- When logging in with the qp-admin account, a password expiration notification screen is displayed.
- After setting a new password, normal login is possible.
Last updated on