This is connected to a ZBX-13769, but I separate it to independent issue in an attempt to make zabbix users life easier.
Assume that I needed to change credentials (and/or AuthPriv params) for SNMPv3 devices in my network. I did it on devices side and in zabbix frontend too.
And ... I got very bad picture in hosts availability and/or unsupported item alerts (reasons are described in the ZBX-13769).
So, what I observed when performed those tests: similarly to EngineBoot<->EngineID per-process (*poller) memory, the same is actual for credentials!
Yes, each poller process *AFTER very first polling of a device (maybe key filed here is "Security name" with/without combination with EngineID - not tested. Later, below devs confirmed - EngineID involved too) - the process remembers "auth" data in library's cache and reuses it further.
It means that after some zabbix_server uptime, all (likely) poller processes will remember the "auth" data and any updates in frontend (for 4 fields) will not be actually applied. Note: unreachable pollers (likely) will not remember the "auth" data, they likely will catch new values.
The picture visually gets very similar to a case, when you have duplicated EngineIDs in the network.
Changing any of these 4 parameters:
without changing "Security name" - requires server/proxy daemons restart !!!
In other words - if "Security name" is changed as well - those 4 new params WILL BE applied after configuration reload without restart!
I'd add a note to documentation about required server/proxy daemons restart.