EducationSoftwareStrategy.com
StrategyCommunity

Knowledge Base

Product

Community

Knowledge Base

TopicsBrowse ArticlesDeveloper Zone

Product

Download SoftwareProduct DocumentationSecurity Hub

Education

Tutorial VideosSolution GalleryEducation courses

Community

GuidelinesGrandmastersEvents
x_social-icon_white.svglinkedin_social-icon_white.svg
Strategy logoCommunity

© Strategy Inc. All Rights Reserved.

LegalTerms of UsePrivacy Policy
  1. Home
  3. Topics

KB486957: Enhanced Command Manager Script Security Checks available with September 2024 MicroStrategy ONE release

Scott Rowley

Director, Application Security Engineering • MicroStrategy

MicroStrategy's September 2024 release comes with opt-in security enhancements to Command Manager scripts. This article details how to opt-in.

Users of Strategy Command Manager can opt-in for stricter privilege checks starting with the September 2024 release.  This impacts scripts which use the ALTER USER command.  Strategy is making this change opt-in for the September 2024 release and plans to make it the default behavior in a later release.  Strategy recommends all customers opt-in and regularly update to the latest available version of Strategy for the strongest security posture available.
 

How can I opt-in starting with the September 2024 release?

In the September 2024 release, Strategy is defaulting to the existing platform behavior, with no changes to how ALTER USER scripts execute.  The following steps can be followed to enable a feature flag to use the stricter privilege checks.  These steps should be performed on each Intelligence Server machine in your cluster.  This change does not need to be applied on command manager client machines.
 

Windows

  1. Edit the Registry

    1. Press Windows + R key
    2. Type regedit and hit enter to open the Registry Editor
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MicroStrategy\DSS Server\DeploymentFeatureFlags
  3. Create a new String Value
    1. Name: EnforceCommandManagerUserPrivileges
    2. Value: true
  4. Restart the Intelligence Server service

Linux

  1. Edit the MSIReg.reg file

    1. nano /opt/mstr/MicroStrategy/MSIReg.reg
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MicroStrategy\DSS Server\DeploymentFeatureFlags
  3. Add a new line with "EnforceCommandManagerUserPrivileges"="true"
  4. Restart the Intelligence Server service

How can I opt-out starting with the September 2024 release?

Strategy plans to default to the stricter checks at some point in the future.  Users of the September 2024 release who have opted in and now wish to retain the previous behavior can follow the steps above to add the feature flag and set EnforceCommandManagerUserPrivileges to a value of "false".  If no feature flag parameter is present, the releases default behavior will be followed.
 

Comment

0 comments

Details

Knowledge Article

Published:

September 9, 2024

Last Updated:

October 10, 2024