Managing admin panel users

During the primary node deployment, the unique Default domain is created along with the default user account and project:

  • The default administrator account is created with the unique Superuser permission. The user name for this account is admin and the password is specified during the primary node deployment. This account cannot be deleted or disabled and its permissions cannot be changed. Other than that, admin does not differ from a user who is assigned the System administrator role.
  • The default admin project is a bootstrap project for initializing the compute cloud. It cannot be deleted or renamed.

The Default domain with system users and projects is used by the system for different services. System entities are marked with the System tag and cannot be modified or deleted.

Due to security concerns, you might want to create other system administrators with different permissions to manage the infrastructure. For example, you can create system administrators that are able to monitor the cluster performance and parameters, but cannot change any settings.

Other users such as domain administrators and project members have access only to the self-service panel and are required to provision multitenant compute resources.

Limitations

  • System administrators can be created only within the Default domain.

Prerequisites

To create a system administrator

  1. On the Settings > Projects and users screen, click the Default domain.
  2. Go to the Domain users tab, and then click Create user.
  3. In the Create user window, specify the user name, password, and, if required, a user email address and description. The user name must be unique within a domain.
  4. Select the System administrator role from the Role drop-down menu.
  5. Select the permissions to be granted to the user account from the System permission set section:
    • Full (System administrator): has all permissions and can perform all management operations, including creating projects and managing other users.
    • Compute: can create and manage the compute cluster.
    • ISCSI: can create and manage iSCSI targets, LUNs, and CHAP users.
    • S3: can create and manage the S3 cluster.
    • ABGW: can create and manage the Backup Gateway cluster.
    • NFS: can create and manage NFS shares and exports.
    • Cluster: can create the storage cluster, join nodes to it, and manage (assign and release) disks.
    • Network: can modify networks and traffic types.
    • Update: can install updates.
    • SSH: can add and remove SSH keys for cluster nodes access.
    • None (Viewer): can monitor cluster performance and parameters but cannot change any settings.
  6. [Optional] Enable the Domain permissions set to be able to manage virtual objects in all projects within the Default domain and other users in the self-service panel.
  7. Click Create.

To change the password

  1. In the top right corner of the admin panel, click the user icon, and then click Change password.
  2. In the Change password window, enter the current password and enter a new password twice.
  3. Click Save.
Related Topics Link IconSee also