I described in another post http://www.liferay.com/web/guest/community/forums/-/message_boards/message/3998501 the issue if a portal instance is no longer accessible by a known account, even by the server administrator.

That post describes a method for hacking tables and recover access to that portal instance. But that is not a clean solution.

I think a cleaner and smarter solution for this is to add the administrator role the capability to access the control panel of a portal instance by impersonating the administrator role of that portal instance to let him perform recovery actions.

As the portal instances portlet is only available in the main portal instance, and that instance should be always be kept under tight control, the administrator impersonating capability should not be a security risk but a useful panic recovery tool.

Aniceto