Changing IBM Business Process Manager passwords
When you change passwords, make sure to change them at the provider level and for the authentication aliases that are mapped to the RunAs roles for applications provided by IBM® Business Process Manager.
Before you begin
- The command must be run on the deployment manager node.
- If the deployment manager is stopped, use the wsadmin -conntype none option to run the command in disconnected mode.
- If the deployment manager is running, you must connect with a user ID that has WebSphere Application Server configurator privileges. Do not use the wsadmin -conntype none option.
Start the wsadmin scripting client from the deployment_manager_profile/bin directory. The updateBPMAliasesAndRunAsRolesPasswords command does not write to a log file, but the wsadmin scripting client always writes a profile_root/logs/wsadmin.traceout log file where you will find exception stack traces and other information.
About this task
When you change the password for a user, user IDs that are mapped to RunAs user roles also must be updated.
IBM Business Process Manager provides the following applications that contain users that are mapped to the RunAs roles:
- For Express, Standard, and Advanced deployment environments:
- IBM_BPM_PerformanceDW_supportDeploymentTarget
- IBM_BPM_Teamworks_applicationDeploymentTarget
- For Advanced and AdvancedOnly deployment environments:
- BPEContainer__applicationDeploymentTarget
- TaskContainer__applicationDeploymentTarget
Where the suffix is either the application cluster or the stand-alone server (for the IBM Business Process Manager Express and IBM Integration Designer Unit Test Environment (UTE)), and the support cluster or stand-alone server: _clusterName or _nodeName_serverName.
Procedure
You can change passwords for any user that is stored in the file registry, including the CellAdmin security role (as long as the CellAdmin user is still the same primary administrative account that was specified as the default when IBM BPM was installed). To change passwords, complete the following steps:
The user for the CellAdmin role is also stored in an authentication alias, which by default is named CellAdminAlias. If the BPMConfig command was used to create the IBM BPM profiles, the default name of the authentication alias may have been changed by using the bpm.cell.authenticationAlias.1.name property. If the manageprofiles command was used to create the IBM BPM profiles, the default name of the authentication alias may have been changed by using the optional -adminAliasName parameter.
If you want to change the CellAdminAlias user, ensure that the new user has the appropriate roles as described in the topic IBM Business Process Manager roles.
To change the password for the CellAdmin user that is stored in the authentication alias, complete the following steps:
If you changed the CellAdmin user password, you generally do not need to complete any additional steps, such as running the updateBPMAliasesAndRunAsRolesPasswords command to synchronize the passwords. However, if the factory default settings were changed and the CellAdmin user is now referenced by IBM BPM applications, you need to run the updateBPMAliasesAndRunAsRolesPasswords command by completing the steps below. Similarly, if you changed the password for another user that is used by IBM BPM authentication aliases or RunAs roles for IBM BPM applications, you need to run the updateBPMAliasesAndRunAsRolesPasswords command by completing the following steps.