Skip to main content
Skip table of contents

Enforcement of Password Change and Deletion Feature for the Default qp-admin Account

Overview

This document details a significant security enhancement in QueryPie: the feature to delete the default qp-admin account, added in version 10.2.8, along with the background, operational details, and important considerations. Previously, qp-admin account was created by default and could not be deleted, leading to ongoing concerns about account exposure and the potential for security vulnerability exploitation. To mitigate these risks, version 10.2.8 and later include security-focused improvements such as the default account deletion feature and a mandatory password change upon initial login.

Conditions for Deleting qp-admin Account

  • The system must always have at least one account with Owner permissions, regardless of the authentication method (Auth Provider) in use.

    • This prevents a scenario where no Owner account exists if users synced via an external IdP (like Okta or LDAP) are deleted from the IdP.

  • If this condition is not met (i.e., there are no Owner accounts using the QueryPie authentication method), the Delete button for qp-admin account will be disabled.

Deleting qp-admin Account

  1. Navigate to the Admin > General > User Management > Users menu.

  2. Select qp-admin account from the list.

  3. Click the Delete button.

  4. The system will validate the conditions, and if met, the account will be deleted

Warning

  • Once qp-admin account is deleted, it cannot be recovered.

  • To delete qp-admin account, at least one Owner account using the QueryPie authentication method must exist.

Conditions for Forcing qp-admin Account Password Change

  • Upon upgrading to QueryPie version 10.2.8, the password for qp-admin account is automatically expired.

  • A password reset is required when logging in with qp-admin account after the upgrade.

  • The password change is mandatory at the time of the first login post-upgrade.

Changing qp-admin Account Password

  1. When logging in with qp-admin account, a password expiration notification screen will be displayed.

  2. Set a new password as prompted. After successfully setting a new password, you can log in normally.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close