Change User Groups

This article explains how to manage user groups in Exasol.

This procedure is carried out using ConfD.

User groups are used to manage which administrative tasks a user can do in Exasol. You can change the type of tasks users can do by changing the user group they belong to, or by adding them to additional groups. When you first create a user, you must specify at least one group in which to add the user. This will be the user's primary group.

The ability to run ConfD jobs is determined by which group the user belongs to. You should therefore select a primary group that is able to perform all or most of the jobs that the user will need to run regularly. To determine which group a user must belong to in order to run a specific job, see the description of the respective job in the ConfD reference documentation.

Only the primary group can be defined when you create a user. You can then change the user’s primary group or add them to additional groups as needed.

To identify available groups, use the ConfD job group_list. The following is a list of the groups provided by Exasol:

Group Description
exaadm Exasol system administrator
exabfsadm Exasol BucketFS administrator
exadbadm Exasol database administrator
exastoradm Exasol storage administrator
exausers Exasol users
root The root user

Prerequisites

To perform this task you must be a member of the exaadm group.

Procedure

The following examples use ConfD through the command-line tool confd_client, which is available on all database nodes. You can also access ConfD through XML-RPC in your own Python programs. For more information, see ConfD.

Placeholder values are indicated with UPPERCASE characters. Replace the placeholders with your own values.

  1. Connect to EXAClusterOS (COS) on the cluster using c4 connect -t <DEPLOYMENT>[.<NODE>]/cos. For example:

    ./c4 connect -t 1.11/cos

    If you do not specify a node, c4 will connect to the first active node in the deployment. If the cluster is configured with an access node, the first node is the access node (usually n10).

    For more information about how to use c4 connect, see How to use c4.

  2. To modify the groups the user belongs to, use the ConfD job user_modify with the following parameters:

    Parameter name Data type Description
    username string Name of the user to modify
    group string, integer Group ID or group name for the user’s primary group
    additional_groups list Comma-separated list of group names of additional groups that the user should be a member of.

    For example:

    confd_client user_modify username: admin4, group: exabfsadm, additional_groups: [exastoradm, exausers]

Verification

To view the groups that a user belongs to, use the ConfD job user_list:

confd_client user_list

In the following example, the user admin4 has the primary group exabfsadm and also belongs to exastoradm and exausers:

confd_client user_list
...
admin4:
 additional_groups:
  - exastoradm
  - exausers
...
  group: exabfsadm
  id: 1004
  login_enabled: true

See also