(imported topic written by SystemAdmin)
When we were setting Bigfix up a long time ago, I was using my corporate id as a master operator, which does not fit with our naming scheme today. I deleted this user and tried recreating him as a normal operator but I get this message:
A user with the same name was once a master operator. You cannot create a non-master operator with this name.
Is there any way around this? We need to implement our corporate naming scheme.
Thanks,
(imported comment written by StacyLee)
This used to be allowed I think pre V.6 but you cannot change from a MO to NMO using the same name.
See:
http://support.bigfix.com/bes/changes/fullchangelist-6.0.txt
Look specifically for the BES Server Section:
We had that as an issue here and had to use a different name.
(imported comment written by BenKus)
Yes… unfortunately, due to the way that we use the OpenSSL components, the name of the user is part of the the identification of the certificate that is used in the digital signatures on all actions, Fixlets, etc. In the past we hit very troublesome signature issues when users would delete and then create a new user with the same name. So we had to design a protection to prevent people from shooting themselves in the foot.
It will take a significant re-architecture to eliminate this annoying issue of not being able to make the change, but hopefully we will get it done within a couple major version updates.
Sorry about that…
Ben
(imported comment written by BenKus)
I think our next major release (after the upcoming release) will likely do some of the rearchitecting that will help this… but it will still be a while… Sorry…
Ben
(imported comment written by DeviousDog91)
Still waiting for this to be fixed, any update on how long this will take. It seems rather silly and Illogical that you cannot change a user account from a MO to a NMO account and vice versa, especially when the BES Admin is the only account which can change these setting anyhow.
When you delete an MO account it should be deleted, I guess this is why you use the wording Remove User!!! and not delete user 
.
Additionally you should make a note on the user creation dialogue box, which states that when you create a MO account the username cannot be renamed or removed from the database and cannot change roles to NMO permissions. Informing people after the fact, means that there is a lack of information.
I have now just built my new BES server and now cannot fix your limitations of poor ACLs.
(imported comment written by BenKus)
We are now working on the changes to our authentication scheme… It will still be a while… I will try to confirm with the developers to see if this will fix the issue going forward…
Ben
(imported comment written by BenKus)
So… I check into this and it seems that even though we are redoing some of our authentication, this issue remains at the moment… I have escalated this bug to see if we can fix it at the same time as our other work, but for the moment, it remains just as before that it is a known limitation that you cannot delete a master operator and then make a non-master with the same name.
As a way of empathizing with everyone: I hate when products that I use have silly limitations like this one too… But in this case it is just not easy to fix and it is hard when there are so many things we want to add to BigFix to make it better and going back and removing this limitation would mean that we couldn’t get a whole new big feature…
Sorry… but we will see what we can do…
Ben
(imported comment written by MattBoyd)
DeviousDog, I realize that hindsight is 20/20, but you may want to consider adopting a practice where all master operators have separate console operator accounts.
All of our master operators have always had a separate console operator account, and we rarely use our MO accounts for anything more than provisioning tasks and globally activating analyses. For just about everything else, we use console operator accounts. This prevents us from unintentionally taking actions that would affect the entire environment.
Since you’re less likely to have more master operators than console operators, I’d suggest a different naming scheme for master operator accounts… something different from the corporate/organizational user naming scheme. I agree that this limitation is annoying, but I think it can be avoided.