Disabling the default platform administrator
If you are using an enterprise-grade LDAP server for user management, you can further
secure your Cloud Pak for Data system by disabling the
default platform administrator, either admin
or
cpadmin
.
- Who needs to complete this task?
- To complete this task, you must have one of the following roles:
- Cluster administrator
- Instance administrator
- When do you need to complete this task?
- Complete this task if you want to remove the default Cloud Pak for Data administrator.
Before you begin
Best practice: You can run the commands in
this task exactly as written if you set up environment variables. For instructions, see Setting up installation environment variables.
Ensure that you source the environment variables before you run the commands in this task.
The default platform administrator (admin
or cpadmin
) must
switch control of catalogs and categories to other users by performing the following tasks. If you
don't complete these tasks, no one will be able to administer the catalogs or categories.
Action | Required if... | Instructions |
---|---|---|
Add at least one other collaborator with the Admin role to these catalogs:
|
This action is required if either of these services are installed:
|
Managing catalog collaborators |
Add at least one collaborator with the Owner role to these categories:
|
This action is required only if Watson Knowledge Catalog is installed. | Managing category collaborators |
Procedure
To disable the default platform administrator:
What to do next
To re-enable the default password administrator:
- Log in to Red Hat OpenShift Container Platform as a user with sufficient permissions to
complete the
task.
oc login ${OCP_URL}
- Enable the default administrator:
The administrator name is admin
oc exec -it -n ${PROJECT_CPD_INST_OPERANDS} \ $(oc get pod -n ${PROJECT_CPD_INST_OPERANDS} -l component=usermgmt | tail -1 | cut -f1 -d\ ) \ -- bash -c "/usr/src/server-src/scripts/manage-user.sh --enable-user admin"
The administrator name is cpadmin
oc exec -it -n ${PROJECT_CPD_INST_OPERANDS} \ $(oc get pod -n ${PROJECT_CPD_INST_OPERANDS} -l component=usermgmt | tail -1 | cut -f1 -d\ ) \ -- bash -c "/usr/src/server-src/scripts/manage-user.sh --enable-user cpadmin"
- When prompted, specify a new password for the default platform administrator.