Need to update passwords in the SAS Intelligence Platform? No problem, as long as you follow a few important steps.
The SAS Platform includes a number of service accounts, both internal and external, needed by its various components. As part of administering the SAS Platform, the passwords for these service accounts (managed passwords) have to be periodically updated.
Updating Managed Passwords
Before I discuss updating passwords, I want to remind you to take a full backup using the SAS Deployment Backup and Recovery tool. You can use the batch commands or the SAS Backup Manager interface in SAS Environment Manager, your choice.
Now that you have a backup, let’s discuss updating passwords for the service accounts. The list of accounts will vary depending on exactly what software is installed and configured in your environment. Some examples of service accounts include:
The best tool for the job of updating these service account passwords is the SAS Deployment Manager. It takes care of updating instances of passwords in a variety of locations: metadata, configuration files, databases, etc. The tool does not do all of the coordination for you. If you have multiple machines in your SAS Platform, you will need to run the SAS Deployment Manager on each machine while being mindful of a few key requirements.
These requirements are laid out in the “Update a Managed Password” section in the SAS 9.4 Intelligence Platform: Security Administration Guide.
The basic sequence for updating passwords is:
NOTE: These basic steps work for all accounts EXCEPT for sasevs@saspw. The sasevs@saspw account has special requirements.
Of course, that’s just a basic outline. You’ll need to read through all of the steps in the “Update Managed Passwords” section in detail. Be sure to carefully read any “Notes” and in particular, this one:
Note: The procedure to update the SAS Environment Manager identity password is different from the process detailed here. For more information, see SAS Environment Manager: User’s Guide.
This note is key. The sasevs@saspw account needs to be updated in a different sequence than prescribed for the other managed passwords. A quick look in the SAS Environment Manager: User’s Guide and we find the following steps:
Updating Passwords for SAS Environment Manager Metadata Identities To update the password for the sasevs@saspw
account, follow these steps:
1. Stop SAS Environment Manager and all SAS Environment Manager agents on the system.
2. On the middle-tier machine, use the SAS Deployment Manager to change the password for the sasevs account.
3. Use the SAS Deployment Manager to update the sasevs password on the machines in the other tiers in the
4. Restart SAS Environment Manager and the SAS Environment Manager agents.
The important difference when updating the sasevs@saspw password is that you need to start on the machine hosting the SAS Environment Manager, typically referred to as the middle tier machine.
Hopefully this helps you understand a bit more about the process and be successful updating managed passwords.