Statement of customer responsibility
The IBM® Integrated Analytics System is an integrated computer system consisting of mixed hardware and software components optimized to serve as a data warehousing appliance. The sub-components that make up the appliance have been developed, tuned, and tested to perfect that workload.
With a strong focus on security and ease of operation, it is by design that customer local Linux users are not given unrestricted access to the host operating system.
All tasks which require escalated privileges should be completed as apuser Linux user, or as users added to the ibmapadmin Linux group. This group has sufficient access to administer the appliance, and automate maintenance tasks.
Performing actions which require escalated privileges outside the scope of self-administration are not permitted. Further, such changes are prevented through technical controls.
Unauthorized changes not only present security risks, but run the risk of degrading performance characteristics and corrupting basic functions of the appliance.
Examples of restricted actions include: creating a different database, dropping a database, adding extra packages/services, editing certain configuration files by hand, modifying services, and modifying kernel settings.
With respect to permitted administration tasks, a suite of command line and GUI tools are provided, which enable self-administration without the need for superuser access or support involvement. Some example of tasks which are permitted include: network changes, upgrades, starting/stopping the appliance, log capture.
If you find a task is restricted, but which you feel is necessary to deploy the appliance into production, contact your IBM representative so that the task can be vetted and potentially allowed in a future release pending analysis for security and scope.