This page describes the management of users licensed to work with the Weka system.
Access to a Weka system cluster is controlled by creating, modifying, and deleting users. You can add up to 1152 local users to work with a Weka system cluster. Each user is identified by a username and must provide a password for authentication to work with the Weka system GUI or CLI.
Every Weka system user has one of the following defined roles:
- Read-only: A user with read-only privileges.
- S3: A user to run S3 commands and APIs. This user can operate within the limits of the S3 IAM policy attached to it. An S3 user can create S3 service accounts with a specific policy.
- Regular: A user that is only used for mounting filesystems. This user can sign in to obtain an access token and change the password but cannot access the GUI or run other CLI/API commands.
By default, when a Weka cluster is created, a first user with an
adminusername and password is created. A prompt to change the password on the first login is displayed. This user has a Cluster Admin role, which allows running all commands.
Cluster Admin users are responsible for managing the cluster as a whole. When using multiple organizations, there is a difference between managing a single organization and managing the cluster because managing the cluster also covers the management of the cluster hardware and resources. These are the additional permissions given to a Cluster Admin compared to an Organization Admin.
A Weka system cluster must have at least one defined internal Cluster Admin user. However, it is possible to create a Cluster Admin user with a different name and delete the default admin user, if required.
Cluster Admin users have additional privileges over regular users. These include the ability to:
- Create new users
- Delete existing users
- Change user passwords
- Set user roles
- Manage LDAP configurations
- Manage organizations
Additionally, the following restrictions apply to Cluster Admin users to avoid situations where a Cluster Admin loses access to the Weka system cluster:
- Cluster Admins cannot delete themselves.
- Cluster Admins cannot change their role to a regular user role.
- at least 8 characters
- an uppercase letter
- a lowercase letter
- a number or a special character