Add Users

This section explains how to add system administration users.

When you create a user, you must specify at least one group that the user belongs to. Some ConfD jobs are only available to certain roles. You should therefore select a group that is allowed to perform all the ConfD jobs that you expect the user to run.

System administration users are not the same as database users.

This procedure is carried out using ConfD.

Prerequisites

To perform this task you must be a member of the exaadm group.

Procedure

The following examples use ConfD through the command-line tool confd_client, which is available on all database nodes. You can also access ConfD through XML-RPC in your own Python programs. For more information, see ConfD.

Placeholder values are indicated with UPPERCASE characters. Replace the placeholders with your own values.

  1. Connect to EXAClusterOS (COS) using c4 connect -t <DEPLOYMENT>[.<NODE>]/cos. For example:

    c4 connect -t 1/cos

    In most cases it does not matter on which node you access ConfD. If you do not specify a node, c4 will connect to the first active node in the deployment. If the cluster is configured with an access node, the first node is the access node (usually n10). The command prompt in COS indicates which node you are connected to: 

    [root@n10 ~]#

    For more information about how to use c4 connect, see How to use c4.

  2. To identify available groups, use the ConfD job group_list. For example: 

    confd_client group_list
    exaadm:
      id: 499
    exabfsadm:
      id: 496
    exadbadm:
      id: 498
    exasaasadm:
      id: 495
    exastoradm:
      id: 497
    exausers:
      id: 500
    root:
      id: 0
    Group Description
    exaadm Exasol system administrator
    exabfsadm BucketFS administrator
    exadbadm Exasol database administrator
    exastoradm Exasol storage administrator
    exausers Exasol users
    root Root user

  3. To create a user, use the ConfD job user_create with the following parameters:

    Parameter name Data type Description
    username string Name of the new user
    userid integer ID of the new user
    password string Password for the new user
    group string, integer Group ID or group name for the group that the new user should belong to
    login_enabled boolean Boolean value defining if login is allowed (true) or not (false)

    For example: 

    confd_client user_create username: NEW_USER userid: 1001 password: NEW_PASSWORD group: exausers login_enabled: true

Verification

To verify that the new user was created, log out and attempt to log in as the new user. Alternatively, use the ConfD job user_list to list all users in the database. For example:

confd_client user_list
...
NEW_USER:
  group: exausers
  id: 1001
  login_enabled: true
  passwd: <password_hash>
...

See also