Data Domain: Error "Security authorization policy must be enabled to perform this action" when changing the passphrase
Summary: This article explains how to address the error "Security authorization policy must be enabled to perform this action" appearing while trying to change the system passphrase.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
The system passphrase is a key that allows a Data Domain system to be transported with encryption keys on the system. The encryption keys protect the data, and the system passphrase protects the encryption keys. This error occurs when security authorization is not configured correctly on the Data Domain.
Security authorization policy must be enabled to perform this action. Please log into the CLI as a security user and enable the policy.Resolution:
- First, check for a user with the "
security" role using the command 'user show list'.- If a security user is available, the password for that account is required for changing the passphrase.
- If there is no such user, the passphrase cannot be changed.
- Create a security user if necessary. If a security user already exists, that account must be used to create a new one.
sysadmin@DD01# user add secuser role security Enter new password: Re-enter new password: Passwords matched. User "secuser" added. - Check if the authorization policy is enabled for the security user by logging in to the Data Domain with the security user.
secuser@DD01> authorization policy show Runtime authorization policy is disabled - If the authorization policy is not enabled, enable it.
secuser@DD01> authorization policy set security-officer enabled Runtime authorization policy has been enabled. - Log back in as
sysadminto continue with changing the passphrase.- Disable the file system with the command '
filesys disable'. - Run the command '
system passphrase change'.sysadmin@DD01# system passphrase change This command requires authorization by a user having a 'security' role. Please present credentials for such a user below. Username: Password: Enter current passphrase: Enter new passphrase: Re-enter new passphrase: Passphrases matched. The system passphrase has changed - Reenable the file system with the command '
filesys enable'.
- Disable the file system with the command '
Additional Information
- If you are not sure if the passphrase is already set or not, confirm by running the below command. If it responds that the passphrase is already set, type CTRL+C to exit the command.
sysadmin@DD01# system passphrase set **** The system passphrase is already set.- If a passphrase is already set but is not known, contact your contracted support provider for assistance with resetting it (see this article).
- To determine if a minimum length is configured for the passphrase, run the command below:
sysadmin@DD01# system passphrase option show Option Value ---------- --------- min-length (not set) ---------- --------- - If you are still unable to change the passphrase after following this article, contact your contracted support provider.
Affected Products
Data DomainProducts
Data DomainArticle Properties
Article Number: 000013839
Article Type: How To
Last Modified: 07 أبريل 2026
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.