Skip to content

Change Passwords for Privacera Service Users

Privacera includes a set of built-in service accounts that platform components use to communicate with the portal. If your organization has a compliance requirement to rotate default passwords, this page explains how to safely change the password for each service user.

Changing a service user password requires a two-step update

Updating the password in the portal UI alone is not enough for privacera_service_dataserver and privacera_service_discovery. You must also update the credentials in the corresponding service's configuration and restart it. Skipping this step will break the service's connection to the portal.

Service Users Covered

The following built-in portal users are covered on this page. The admin and padmin users are covered separately in Change Your Password.

User Used By Safe to Change?
privacera_service_dataserver DataServer service Yes — requires configuration steps and a DataServer restart
privacera_service_discovery Discovery service Yes — requires configuration steps if Discovery is deployed; no impact if not deployed
privacera Kerberos/Hive integrations, Discovery configuration Deprecated — present on 9.2.27.1 and earlier only; see below

Before You Begin

  • You must be signed in as an Admin in the Privacera Portal.
  • Coordinate the password change with the team responsible for the DataServer or Discovery service before proceeding, so they can update the service configuration and restart at the same time.

Change the privacera_service_dataserver Password

The DataServer service uses this account to connect to the portal. Changing this password without updating the DataServer configuration will break the DataServer's connection to the portal across your deployment.

Step 1 — Update the password in the portal

  1. Sign in as an Admin to the Privacera Portal UI.
  2. Navigate to Settings > User Management.
  3. Locate privacera_service_dataserver and select Edit in the Action column.
  4. In the dialog, scroll to the Old Password field and select Edit.
  5. Enter the old password, then enter and confirm the new password. If you do not have the current password, contact Privacera Support.
  6. Select Save.

Step 2 — Update the DataServer configuration

  1. SSH into the instance where Privacera Manager is installed.

  2. Open or create the custom-vars configuration file for the DataServer:

    Bash
    1
    vi ~/privacera/privacera-manager/config/custom-vars/vars.password.yml

  3. Add or update the following variables with the new password:

    YAML
    1
2
    DATASERVER_PORTAL_LOGIN_USER_NAME: "privacera_service_dataserver"
DATASERVER_PORTAL_LOGIN_USER_PASS: "<new_password>"

  4. Save the file.

Step 3 — Apply the changes and restart DataServer

Run the following commands to apply the updated configuration:

Bash
1
2
cd ~/privacera/privacera-manager
./privacera-manager.sh setup

Then upgrade the DataServer:

Bash
1
2
cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade

Step 4 — Verify

If you have Data Inventory > File Explorer configured, confirm the file listing loads correctly. A successful listing confirms that DataServer reconnected to the portal with the new credentials.

Change the privacera_service_discovery Password

If Discovery is not deployed

If your deployment does not include the Privacera Discovery component, you can change the password in the portal UI (Step 1 below) without any further action. There is no downstream service to update.

Step 1 — Update the password in the portal

  1. Sign in as an Admin to the Privacera Portal UI.
  2. Navigate to Settings > User Management.
  3. Locate privacera_service_discovery and select Edit in the Action column.
  4. In the dialog, scroll to the Old Password field and select Edit.
  5. Enter the old password, then enter and confirm the new password. If you do not have the current password, contact Privacera Support.
  6. Select Save.

Step 2 — Update the Discovery service configuration (if Discovery is deployed)

  1. SSH into the instance where Privacera Manager is installed.

  2. Open the Discovery configuration file:

    Bash
    1
    vi ~/privacera/privacera-manager/config/custom-vars/vars.password.yml

  3. Add or update the following variables:

    YAML
    1
2
    DISCOVERY_PORTAL_SERVICE_USERNAME: "privacera_service_discovery"
DISCOVERY_PORTAL_SERVICE_PASSWORD: "<new_password>"

  4. Save the file.

Step 3 — Apply the changes and restart Discovery

Bash
1
2
3
cd ~/privacera/privacera-manager
./privacera-manager.sh setup
./pm_with_helm.sh upgrade

Step 4 — Verify

After the restart, confirm that scan scheduling and scan status updates work as expected under Discovery > Scan Status. You can also check the notifications in the Privacera Portal to confirm the password change was applied successfully.

The privacera User

Deprecated — removed after 9.2.27.1

The built-in privacera portal user was deprecated and is no longer present in releases after 9.2.27.1. If you are on 9.2.27.1 or earlier and still have this user, follow the steps below to change or remove it before upgrading.

The privacera account is a built-in portal user with the ROLE_DISCOVERY_ALL role.

Check your deployment before making changes

This user may be referenced by Kerberos-based HDFS or Hive integrations, DataZone default delegated admin settings, and Discovery component configuration. Review the checklist below before making any changes.

Before changing or deleting this user, confirm the following:

  • DataZone is not using privacera as the default delegated admin (privacera.datazone.default.delegated.admin)
  • No active HDFS or Hive integrations are using privacera as the Kerberos service principal
  • The Discovery configuration does not reference PRIVACERA_USER=privacera or hive.jdbc.username=privacera

If none of the above apply to your deployment, it is safe to proceed.

To change the password

  1. Sign in as an Admin to the Privacera Portal UI.
  2. Navigate to Settings > User Management.
  3. Locate privacera and select Edit in the Action column.
  4. In the dialog, scroll to the Old Password field and select Edit.
  5. Enter the old password, then enter and confirm the new password. If you do not have the current password, contact Privacera Support.
  6. Select Save.

To delete the user

If you have confirmed no active integrations reference this user:

  1. Sign in as an Admin to the Privacera Portal UI.
  2. Navigate to Settings > User Management.
  3. Locate privacera and select Delete in the Action column.
  4. Confirm the deletion.

Note

The privacera portal user and the OS-level privacera Unix user are separate. Deleting the portal user does not affect the OS user or the portal process.