User management
During PowerVC installation, several internal users and groups are created automatically. These users who are created automatically operate within a restricted shell environment. The restricted shell environment limits the access to the commands that are necessary for their respective roles.
Users created during PowerVC installation
The following users are created during the PowerVC installation:
| User | Role | Description |
|---|---|---|
pvcroot |
Super-admin | The pvcroot user acts as a root-equivalent user. The
pvcroot user has full access, including access to perform disruptive operations
within PowerVC. |
pvcscpe |
PESH user | The pvcscpe user is a product engineering shell (PESH) user. This user
can break out of the restricted shell and obtain full root access. This user is used for PowerVC support. |
Groups created during PowerVC installation
The following groups are created during the PowerVC installation:
| Group purpose | Group name | Associated user or users | Description |
|---|---|---|---|
| Appliance user group | pvcoperator |
Any user belonging to the pvcoperator group. |
The pvcoperator group user is responsible for upgrades and patching. You can
perform daily operations but cannot perform disruptive actions, such as, deleting or
uninstalling. |
| Super-admin group | pvcsuperadmin |
Any user belonging to the pvcsuperadmin group. |
The pvcsuperadmin group user is responsible for upgrades and
patching. |
| Viewer group | pvcviewer |
Any user belonging to the pvcviewer group. |
The pvcviewer group user is a read-only user. You can view PowerVC information but cannot modify system
settings or configurations. |
| PESH (engineering) group | pvcviewer |
PESH user (pvcscpe) |
The pvcscpe user is a product engineering shell (PESH) user. This user
can break out of the restricted shell and obtain full root access. This user is used for PowerVC support. |
Notes:
- The
pvcrootuser is mandatory and cannot be removed or modified. Multiple components rely onpvcrootacross the OS, filesystem, CLI, and identity‑service layers to enforce privileges, manage file access, and ensure consistent role and identity mappings. - The
pvcrootandpvcscpeusers are part of the ISO image and are created automatically. However, you must create thepvcoperatorandpvcvieweruser. - The restricted shell environment ensures that each user role operates within defined privileges.
- The PESH user (
pvcscpe) is intended strictly for internal diagnostics or engineering support and must not be used in normal operations. - To create or modify user permission, use commands like mkpvcuser, chpvcuser, and rmpvcuser command.