Change User Groups

This section explains how to manage user groups in Exasol.

This procedure is carried out using ConfD.

User groups are used to manage which administrative tasks a user can do in Exasol. You can change the type of tasks users can do by changing the user group they belong to, or by adding them to additional groups. When you first create a user, you must specify at least one group in which to add the user. This will be the user's primary group.

The ability to run ConfD jobs is determined by which group the user belongs to. You should therefore select a primary group that is able to perform all or most of the jobs that the user will need to run regularly. To determine which group a user must belong to in order to run a specific job, see the description of the respective job in the ConfD reference documentation.

Only the primary group can be defined when you create a user. You can then change the user’s primary group or add them to additional groups as needed.

To identify available groups, use the ConfD job group_list. The following is a list of the groups provided by Exasol:

Group Description
exaadm Exasol system administrator
exabfsadm Exasol BucketFS administrator
exadbadm Exasol database administrator
exastoradm Exasol storage administrator
exausers Exasol users
root The root user

Prerequisites

To perform this task you must be a member of the exaadm group.

Procedure

The following examples use the command-line tool confd_client in a Linux terminal connected to a database node. For more information about how to use this tool, see ConfD.

Placeholder values are indicated with UPPERCASE characters. Replace the placeholders with your own values.

  1. Connect to EXAClusterOS (COS) using c4 connect -t<DEPLOYMENT>/cos. For example:

    c4 connect -t1/cos

    If you do not specify a node, you will be connected to the first node in the deployment. If the cluster is configured with an access node, the first node is the access node (usually n10). The COS command prompt will tell you which node you are currently connected to:

    [root@n10 ~]#

    For more information about c4 commands, see Exasol Deployment Tool (c4).

  2. To modify the groups the user belongs to, use the ConfD job user_modify:

    confd_client -c user_modify -a '{username: USERNAME, group: NEW_PRIMARY_GROUP, additional_groups: [GROUP1, GROUP2...]}'

Verification

To view the groups a user belongs to, use the ConfD job user_list:

confd_client -c user_list

In the following example, admin4 has a primary group of exabfsadm and also belongs to exausers.

admin4:
 additional_groups:
  - exausers
  authorized_keys: []
  group: exabfsadm
  id: 1004
  login_enabled: true

See Also