01-22-2015 07:00 AM
My CM has renewed SAS 9.3 License on all servers (Metadata and Compute servers) and we found the SASadm account getting locked from that period. I have done RCA for that an dfound that the SID file has upgraded through Deployment manager at the time of Renewal.
So I am worndering if we have not upgrade the Metadata through Deployment Manager, can we get SASAdmin account loking issues. If that is correct how this will impact, please help.
01-22-2015 08:01 AM
That your CM has renewed the SAS 9.3 license not being aware of the impact causing lockings a is a bad change process implementation.
Using a Deployment Wizard for adjusting installations is as bad for that without doing the normal change management steps.
Normally this process should not change the password of sasasdm@saspw that is the assumption of the SAS-inst process descritption.
The issue will be that common change processes are requiring changing the password/blocking thef high privileged accounts like eg sasadm@saspw when a change is done (Cobit / ITIL etc).
Ask whether they have followed that standard change process guideline.
There are solutions that have the sasadm@saspw being stored in some configuration file. The goal updating SAS metadata on behalf of that solution process.
You can come into conflicts with security guys because of this.
01-22-2015 09:34 AM
Thank you very much and I really appreciate for your help.
From the document you have provide I can see the point number 26 pointed that Deployment Wizard will determine the pre-existing SAS files are locked. This has been done through sasadm@saspw account.
If the user not run the Deployment manager with the step "Update SID file in Metadata" on SASMetadata server, can not update the license on all files whcih are locked and there is chance of getting recursive lock on the same when you try access teh same.
"The deployment wizard scans your machine to determine whether any pre-existing SAS files are locked or do not have Write permission. If the wizard lists any files in the text box, then while the wizard is running, quit SAS and add Write permission to the files listed".
Correct me if I am wrong.
As per my understading improper start of SAS Services and impropaer installation of license may lock the sasadm@saspw account.
01-22-2015 11:35 AM
I can see the next time when the team run Deployment manager to update SID File in Metadata, the updatepasswords.hmtl. file has been generated. But unfortunately I can't access the file to chesk what are the configuaration files and accounts passwords are updated.
Is that some thing related to the query what I am looking for?
01-22-2015 12:15 PM
As described the update license does not have the instruction to change the password.
But that could be done as part of common change policies.
If that file is of that date that is an indication the did that.