User roles
Depending on your role, you can get access to different user interfaces in the system to complete your tasks.
- Application users
- The administrators and users of the Netezza application who might be assigned different roles, and are managed in the NPS web console as described in Netezza documentation for user management.
- Platform users
- These users have access to the hardware platform and they can manage or monitor the hardware and
software in the system. Two roles are available:
- Platform administrator with default user
apadmin
- Platform users with default permissions. They cannot run any commands with root privileges.
apcli
command line for monitoring and system management, as described in System command line. - Platform administrator with default user
- Internal users
- Users who are strictly used only internally by the platform, and whose accounts are managed
internally in a secure way by the platform itself, without any external involvement. These users are
not exposed and should not be used to access the system. Modifying the attributes of internal users
can leave the system in a non-working state. Examples:
root
user of the platform nodes- With a strong focus on security and ease of operation, it is by design that customer local Linux
users are not given unrestricted access to the host operating system.
At installation, the customer is provided with
root
user password to use on control nodes and NPS container if required. It is absolutely critical to security that the customer changes the default password for theroot
user on all control nodes and NPS container using thepasswd
command as soon as possible.All tasks which require escalated privileges should be completed as
apadmin
Linux user, or as users added to theibmapadmin
Linux group. This group has sufficient access to administer the platform, and automate maintenance tasks. If the user requiresroot
privileges they must be added to theibmapadmin
group by the system administrator and access root commands throughsudo
. - Users in hardware components
- For example,
admin
user in the network switch platadmin
andplatuser
in platform nodes- By default, platform users such as
apadmin
and other external LDAP/AD users can only login to the Cloud Pak for Data System control nodes. If you want to login to the worker nodes, perform the following steps:- Log in to the control nodes.
- su as either
platadmin
orplatuser
. - ssh to the worker nodes.
Internal ssh access for
platadmin
andplatuser
is configured as passwordless access.