Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 14 Oracle Analytics Lounge
- 214 Oracle Analytics News
- 42 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 78 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
Relax Password Restrictions for FDI Data Validation User to Allow Secure Special Characters
Currently, the Oracle Fusion Data Intelligence (FDI) platform enforces a strict password policy for the Data Validation user, which prohibits the use of any special characters (including commonly accepted secure characters like _ and -).
This restriction is outlined in Oracle documentation as:
“Ensure that the password for this user doesn’t contain any special characters or space.”
However, this limitation conflicts with industry-standard security policies, including ours, which require the use of at least one special character in all application credentials. It reduces password entropy, weakens compliance with security best practices (e.g. NIST, ISO 27001), and creates administrative burdens by forcing exceptions for FDI.
Impact:
- Weakens security posture due to mandatory use of simpler, less secure passwords
- Introduces inconsistency with organisation-wide password enforcement policies
- May cause obscure validation errors if the restriction is unintentionally violated (especially since the system does not explicitly reject the password at creation)
- Results in user frustration and troubleshooting overhead
Proposed Enhancement:
- Allow a safe subset of special characters, such as @ ,
_,-, and!, in the Data Validation user password - Clearly document which characters are supported and explicitly enforce validation during password setup
- Alternatively, allow organizations to configure allowable password policies via a parameter or governance setting
Business Justification:
This change would:
- Strengthen security by allowing complex, standards-compliant passwords
- Align with organizational security frameworks
- Reduce operational issues caused by unclear or overly restrictive password policies
We urge Oracle to prioritise this enhancement for improved security, usability, and compliance alignment.
Comments
-
Hi @user1565808 - The password security in FDI follows what is allowed for passwords within Fusion Applications, so as such, we are archiving this idea since the Fusion Data Intelligence Product Management team does not have "jurisdiction" over this area.
You are welcome to repost this idea in the Cloud Customer Connect Cross Applications Idea Lab for Fusion Applications for visibility there.
0 -
Thanks for the response, Jamie. With respect, I don’t believe this limitation stems from Fusion Applications user management — the Data Validation user is not a standard Fusion user but rather an FDI configuration user. The restriction appears to be enforced at the FDI platform level (during validation or connection setup), not by Fusion HCM/ERP.
As such, this is an FDI-specific concern affecting automation and integration. I'd appreciate this being reconsidered by the FDI team, as the limitation does not seem to be inherited from Fusion, and the impact is clearly felt in FDI pipelines and service account security.
0
