User roles

Depending on your role, you can get access to different user interfaces in the system to complete your tasks.

The users of Cloud Pak for Data System can be classified into three broad categories:
System users
System users are the users who can access the hardware platform. They can monitor and manage system operations such as system health, resource management, hardware, software, etc.
Two roles are available:
  • System administrator with default user apadmin
  • System users with default permissions. They cannot run any commands that require root privileges.
System administrators will typically use the Cloud Pak for Data System web console for monitoring and system management. They can also ssh to the nodes of the system and run various administrative commands, as described in System command line.

System users can be managed with the apsysusermgmt command as described in Managing users from CLI.

Application users
These are the users that access the main application installed on the system, whether it is Cloud Pak for Data or Netezza.
  • The users of the Cloud Pak for Data application who might be assigned different roles, for example:
    • Business Analyst
    • Data Engineer
    • Data Scientist
    • Data Steward
    Cloud Pak for Data users connect to data, govern it, find it, and use it for analysis. They will typically use the Cloud Pak for Data standalone web console to perform their tasks. You can edit the default roles or create new roles if the default set of permissions don't align with your business needs. The default Cloud Pak for Data user (admin) is automatically assigned all of the roles. You can manage Cloud Pak for Data users from the Cloud Pak for Data administration console. For more information, see Cloud Pak for Data documentation.
  • Netezza users

    For more information, refer to the Netezza documentation.

Internal users
Users who are strictly used only internally by the platform, and whose accounts are managed internally in a secure way by the platform itself, without any external involvement. These users are not exposed and should not be used to access the system. Modifying the attributes of internal users can leave the system in a non-working state. Examples:
root user of the platform nodes
With a strong focus on security and ease of operation, it is by design that customer local Linux users are not given unrestricted access to the host operating system.

At installation, the customer is provided with root user password to use on control nodes and NPS container if required. It is absolutely critical to security that the customer changes the default password for the root user on all control nodes and NPS container using the passwd command as soon as possible.

All tasks which require escalated privileges should be completed as apadmin Linux user, or as users added to the ibmapadmin Linux group. This group has sufficient access to administer the platform, and automate maintenance tasks. If the user requires root privileges they must be added to the ibmapadmin group by the system administrator and access root commands through sudo.

Users in hardware components
For example, admin user in the network switch.