Changing IBM Business Automation Workflow passwords
When you change passwords, make sure to change them at the provider level and for the authentication aliases that are mapped to the RunAs roles for applications provided by IBM Business Automation Workflow.
Before you begin
- The command must be run on the deployment manager node.
- If the deployment manager is stopped, use the
wsadmin -conntype none
option to run the command in disconnected mode. - If the deployment manager is running, you must connect with a
user ID that has WebSphere Application Server configurator privileges.
Do not use the
wsadmin -conntype none
option.
Start the wsadmin scripting client from the deployment_manager_profile/bin directory. The updateBPMAliasesAndRunAsRolesPasswords command does not write to a log file, but the wsadmin scripting client always writes a profile_root/logs/wsadmin.traceout log file where you will find exception stack traces and other information.
About this task
When you change the password for a user, user IDs that are mapped to RunAs user roles also must be updated.
IBM Business Automation Workflow provides the following applications that contain users that are mapped to the RunAs roles:
- For Express, Standard, and Advanced deployment environments:
IBM_BPM_PerformanceDW_supportDeploymentTarget
IBM_BPM_Teamworks_applicationDeploymentTarget
- For Advanced and AdvancedOnly deployment environments:
BPEContainer__applicationDeploymentTarget
TaskContainer__applicationDeploymentTarget
Where the suffix is either the application cluster or the stand-alone server (for the IBM Business Process Manager
Express and IBM Integration
Designer Unit Test Environment (UTE)), and the
support cluster or stand-alone server: _clusterName
or
_nodeName_serverName
.
Procedure
You can change passwords for any user that is stored in the file registry, including the CellAdmin security role (as long as the CellAdmin user is still the same primary administrative account that was specified as the default when Business Automation Workflow was installed). To change passwords, complete the following steps:
The users for the CellAdmin and DeAdmin roles are also stored in authentication aliases, which by default are named CellAdminAlias and DeAdminAlias. If the BPMConfig command was used to create the Business Automation Workflow profiles, the default names of the authentication aliases might have been changed by using the bpm.cell.authenticationAlias.1.name property. If the manageprofiles command was used to create the Business Automation Workflow profiles, the default name of the authentication aliases might have been changed by using the optional -adminAliasName parameter.
If you want to change the CellAdminAlias or DeAdminAlias user, ensure that the new user has the appropriate roles as described in the topic Business Automation Workflow security roles.
To change the password for the CellAdmin or DeAdmin user that is stored in the authentication alias, complete the following steps:
If you changed the CellAdmin user password, you generally do not need to complete any additional steps, such as running the updateBPMAliasesAndRunAsRolesPasswords command to synchronize the passwords. However, if the factory default settings were changed and the CellAdmin user is now referenced by Business Automation Workflow applications, you need to run the updateBPMAliasesAndRunAsRolesPasswords command by completing the next steps. Similarly, if you changed the password for another user that is used by Business Automation Workflow authentication aliases or RunAs roles for Business Automation Workflow applications, you need to run the updateBPMAliasesAndRunAsRolesPasswords command by completing the following steps.