Changing password on Guardium Collector.

Resolving The Problem

To resolve the issue, always change the password on the Central Manager, followed by a distribute authentication config with the portal user sync. .

Portal user sync always runs from CM to the Collector and not from Collector to CM (even though it allows user to change the password on the Collector level).

NOTE: Though the capability is there, it is not supported!

By design, the Guardium portal user sync runs from Central Manager to the Collector.
It is proper code behavior that sync only runs one way and therefore, changes made on the Collector will not reflect. By default, changes from the CM push every 30 minutes. If a password was changed on the Collector, each 30 minutes, the new password would be overridden by the old one stored on CM.

The reason for the portal user sync design being this way is security related. Other reasons are data redundancy and inconsistencies can occur.
For example, let's say a user changes the password on one Collector to Guardium@123. Next he/she tries to log to another collector, but now has to use his/her old password to log into the second Collector. Setting and changing the password from the CM allows the application to maintain password consistency. Changing the password on the Collector itself, can and will cause redundancy and data inconsistency.

NOTE: If there is any concerns about having the user log onto the CM for the password change, changing the password on the CM level does not impact anything permission wise. The user will still only be able to access the reports which you have permitted for him/her, even if logging into the CM itself.