Change User Groups
This article explains how to manage user groups in Exasol.
This procedure is carried out using ConfD.
User groups are used to manage which administrative tasks a user can do in Exasol. You can change the type of tasks users can do by changing the user group they belong to, or by adding them to additional groups. When you first create a user, you must specify at least one group in which to add the user. This will be the user's primary group.
The ability to run ConfD jobs is determined by which group the user belongs to. You should therefore select a primary group that is able to perform all or most of the jobs that the user will need to run regularly. To determine which group a user must belong to in order to run a specific job, see the description of the respective job in the ConfD reference documentation.
Only the primary group can be defined when you create a user. You can then change the user’s primary group or add them to additional groups as needed.
To identify available groups, use the ConfD job group_list. The following is a list of the groups provided by Exasol:
Group | Description |
---|---|
exaadm | Exasol system administrator |
exabfsadm | Exasol BucketFS administrator |
exadbadm | Exasol database administrator |
exastoradm | Exasol storage administrator |
exausers | Exasol users |
root | The root user |
Prerequisites
To perform this task you must be a member of the exaadm group.
Procedure
The following examples use ConfD through the command-line tool confd_client, which is available on all database nodes. For more information, see ConfD.
Placeholder values are indicated with UPPERCASE characters. Replace the placeholders with your own values.
-
Connect to EXAClusterOS (COS) on the cluster using
c4 connect -t <DEPLOYMENT>[.<NODE>]/cos
. For example:If you do not specify a node, c4 will connect to the first active node in the deployment.
For more information about how to use
c4 connect
, see How to use c4. -
To modify the groups the user belongs to, use the ConfD job user_modify with the following parameters:
Parameter name Data type Description username
string Name of the user to modify group
string, integer Group ID or group name for the user’s primary group additional_groups
list Comma-separated list of group names of additional groups that the user should be a member of. For example:
Verification
To view the groups that a user belongs to, use the ConfD job user_list:
In the following example, the user admin4 has the primary group exabfsadm and also belongs to exastoradm and exausers:
confd_client user_list
...
admin4:
additional_groups:
- exastoradm
- exausers
...
group: exabfsadm
id: 1004
login_enabled: true