After publishing the Users module for the first time, a default administrator user is created that will have administrator access to all applications. This user has username admin and the default password is also admin.
Most security policies advise against having default accounts (especially administrator accounts), therefore it’s advisable to disable the default administrator.
To disable the default admin account:
- Login into Users with a different administrator account.
- Select the default administrator account (username admin and name Administrator).
- In the right panel of the Administrator user detail screen, select the option Set as Inactive.
IMPORTANT NOTE: Do not rename the default administrator user or remove the default roles from it. OutSystems recently identified that the default admin user will be recreated after restarting the Deployment Controller service of the environment (for example, in a server reboot scenario).
This was identified as a defect and a fix is expected to be included in the OutSystems platform in the release 10.0.8xx.x, scheduled to be released in March 2018.
After the fix is applied, you’ll be able to rename and revoke all roles from the default administrator.