User management
This page describes the management of users licensed to work with the WEKA system.
User types
Access to a WEKA system cluster is managed by creating, modifying, and deleting user accounts. Each user is identified by a unique username and must provide a password for authentication to access the WEKA system through the GUI, CLI, or API. The system supports up to 1,152 local users.
Each user is assigned one of the following predefined roles, which determine their permissions and level of access within the WEKA system:
Role descriptions
Cluster Admin
Advanced administrative tasks for managing the cluster.
Full access to system configuration, user management, and performance tuning.
CSI
Provisioning, mounting, and unmounting file systems.
Storage management tasks through CLI and API.
Limited to storage management.
No access to broader administrative functions.
Organization Admin
Administrative tasks within a single organization.
Privileges limited to managing the assigned organization.
Read-only
Viewing system configurations and data without making changes.
View system settings and data through GUI, CLI, and API.
Authenticate and write data to mounted locations (exception for authenticated mounts).
Cannot modify system settings.
Cannot create file systems, protocols, or user accounts.
Regular
Basic role for mounting filesystems.
Sign in to obtain an access token.
Change own password.
No GUI access.
No CLI or API commands beyond mounting tasks.
S3
Running S3 commands and APIs.
Perform S3 operations within the limits of the assigned IAM policy.
Create S3 service accounts with specific policies.
Limited to actions allowed by the attached S3 IAM policy.
Cluster Admin (first user)
When a WEKA cluster is created, the system automatically generates the first user account with the admin username and a default password. Upon first login, the system prompts this user to change their password. This initial user is assigned the Cluster Admin role, granting them full access to all commands and administrative capabilities.
Responsibilities
Cluster Admin users are responsible for managing the entire cluster, including:
Cluster-wide operations that span all organizations within the system.
Management of cluster hardware, resources, and global configurations.
When multiple organizations are used, there is a distinction between managing a specific organization (handled by an Organization Admin) and managing the overall cluster. A Cluster Admin oversees tasks beyond organizational boundaries, including infrastructure-level management.
Cluster admin role privileges
Cluster Admin users have additional privileges compared to other user roles. These privileges include the ability to:
Create new users.
Delete existing users.
Change user passwords.
Assign or modify user roles.
Manage LDAP configurations.
Manage organizations.
Restrictions
To ensure a Cluster Admin user retains access to the WEKA cluster, the following restrictions are in place:
Cluster Admins cannot delete their own user accounts.
Cluster Admins cannot change their own role to a regular user role.
Password requirements
All Cluster Admin accounts must adhere to the following password policy:
At least 8 characters.
At least one uppercase letter.
At least one lowercase letter.
At least one number or special character.
Key points
The WEKA Customer Success Team requires at least one internal Cluster Admin account to be defined for support purposes.
Additional Cluster Admin accounts can be created with unique usernames.
The default
adminuser can be renamed or deleted if a replacement Cluster Admin account is created.
Related topics
Last updated