IBM Support

User accounts for services

Question & Answer


Why are there new user accounts in my QRadar deployment that I can't access?


QRadar Versions 7.3.2 or later use the following user accounts for services to improve security and access control:

  • si-vault
  • traefik
  • si-registry


These specific accounts are used by the vault and traefik services, and by the docker registry that is used for app runtime. They control access, improve security and belong to specific groups that enable them to access data required for those services.

These accounts cannot be disabled, deleted, or renamed.

These accounts do not have a default password, and are strictly used to control access on the host. They cannot be logged in to locally or remotely.

Changing the shell from nologin is not supported.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.2 and later","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
20 June 2019