Change User Groups

To perform this task, you must be a member of the exaadm group.

The group a user belongs to determines the role they serve in your organization. This section explains how you can change the type of tasks users can do by changing the group they belong to or adding them to additional groups.

When you first create a user, you must specify at least one group in which to add the user. This will be the user's primary group. The ability to run ConfD jobs is determined by which group the user belongs to. Therefore, select a primary group that is able to perform all or most of the jobs needed by the user.

To determine which group a user must belong to in order to run a specific job, see the individual job's topic in ConfD.

Only the primary group can be listed when creating a user. All other groups will be ignored. If a user's job function changes significantly, you can change the user's primary group or add the user to additional groups.

To identify available groups, use the ConfD job group_list. The following is a list of groups provided by Exasol:

  • exaadm: The Exasol administrator

  • exabfsadm: Exasol BucketFS administrator

  • exadbadm: Exasol database administrator

  • exastoradm: Exasol storage administrator

  • exausers: Exasol users

  • root: The root user

Prerequisites

There are no prerequisites.

Procedure

This procedure is carried out using ConfD.

The ConfD examples are written in Bash on a Linux terminal running the Exasol tool confd_client, which is accessed by connecting to EXAClusterOS on the database nodes using Exasol Deployment Tool (c4). You can also interact with ConfD from an external tool using Python and XML-RPC. For more information, see ConfD.

Placeholder values are indicated with UPPERCASE characters. Replace the placeholders with your own values.

  1. Connect to EXAClusterOS (COS) using c4 connect -t<DEPLOYMENT>/cos. For example:

    c4 connect -t1/cos

    If you do not specify a node, you will normally be connected to the first node in the deployment. If the cluster is configured with an access node, the first node is the access node (usually n10). The COS command prompt indicates which node you are currently connected to. 

    [root@n10 ~]#

    For more information about c4 commands, see Exasol Deployment Tool (c4).

  2. To modify the groups the user belongs to, run the ConfD job user_modify:

    confd_client -c user_modify -a '{username: USERNAME, group: NEW_PRIMARY_GROUP, additional_groups: [GROUP1, GROUP2...]}'

Verification

To view the groups a user belongs to, run the ConfD job user_list: 

confd_client -c user_list

In the following example, admin4 has a primary group of exabfsadm and also belongs to exausers. 

admin4:
 additional_groups:
  - exausers
  authorized_keys: []
  group: exabfsadm
  id: 1004
  login_enabled: true

See Also