IBM Support

User accounts for services

Question & Answer


Question

Why are there new user accounts in my QRadar deployment that I can't access?

Cause

QRadar Versions 7.3.2 or later use the following user accounts for services to improve security and access control:

  • si-vault
  • traefik
  • si-registry

Answer

These specific accounts are used by the vault and traefik services, and by the docker registry that is used for app runtime. They control access, improve security and belong to specific groups that enable them to access data required for those services.

These accounts cannot be disabled, deleted, or renamed.

These accounts do not have a default password, and are strictly used to control access on the host. They cannot be logged in to locally or remotely.

Changing the shell from nologin is not supported.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.2 and later","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
20 June 2019

UID

ibm10888159