Accounts in ADB
This article lists all accounts that are used in Arenadata DB.
Linux users
The following accounts are created in a operating system during ADB installation (/etc/passwd).
Account | Description | Default password |
---|---|---|
adcm |
The user that is used by ADCM to deploy clusters |
Not set |
gpadmin |
The Linux user for ADB that is needed to start/stop a cluster and run all console utilities. Also, it has access to all cluster databases as superuser (with the |
Not set |
abrt |
The user for autocoredump. Assigned |
Not set |
pxf |
The user for PXF. Assigned |
Not set |
dockerroot |
The user for Docker. Assigned |
Not set |
etcd |
The user for etcd. No login abilities |
Not set |
diamond |
The user for Diamond. Assigned |
Not set |
Arenadata DB roles
The following accounts are created in the Arenadata DB database during ADB installation (via the CREATE ROLE
command).
Account | Description | Default password | How to change a password |
---|---|---|---|
gpadmin |
The ADB cluster administrator. This role has access to all cluster databases as superuser |
Not set |
Via the psql utility:
There is no ability to set/change a password via ADCM |
gpmon |
The gpperfmon user |
It is stored in the /home/gpadmin/.pgpass file |
|
adcc |
The role that is used by ADB Control for connecting to ADB. Such access is required to obtain information about the cluster topology and to cancel requests initiated by users. The username can be changed on the ADB Control configuration page during the primary ADB Control installation. Not possible to change after. For more information, see Configuration parameters (ADB Control → UI component parameters → ADB user name) |
Not set by default. Cannot be set during ADB installation. A password is stored in pg_shadow |
There is no ability to set/change a password via ADCM |
Accounts used in the ADB Control databases
The following accounts are created in the ADB Control databases (containerized or external) during ADB Control installation.
Account | Description | Default password | How to change a password |
---|---|---|---|
postgres |
The role name in the PostgreSQL database, which is used in ADB Control to store information on data queries (see Query DB). The username can be changed on the ADB Control configuration page during ADB Control installation. For more information, see Configuration parameters (ADB Control → Database parameters → Username or ADB Control → External database parameters → Username for external PostgreSQL) |
The default value is Can be set on the ADB Control configuration page during ADB Control installation. For more information, see Configuration parameters (ADB Control → Database parameters → Password or ADB Control → External database parameters → Password for external PostgreSQL) |
For external PostgreSQL, you can change a password via ADCM anytime. For containerized PostgreSQL, you can set a password only during the primary ADB Control installation |
default |
The account name in the ClickHouse database, which is used in ADB Control to store information on metrics (see Metrics DB). The username can be changed on the ADB Control configuration page during ADB Control installation. For more information, see Configuration parameters (ADB Control → ADQM database parameters → Username or ADB Control → External ADQM parameters → Username for external ClickHouse) |
Not set by default. Can be set on the ADB Control configuration page during ADB Control installation. For more information, see Configuration parameters (ADB Control → ADQM database parameters → Password or ADB Control → External ADQM parameters → Password for external ClickHouse). If set, a password is stored in the ADCM vault and in ClickHouse |
For external ClickHouse, you can change a password via ADCM anytime. For containerized ClickHouse, you can set a password only during the primary ADB Control installation |
ADB Control UI users
The following users are created during ADB Control installation.
Account | Description | Default password | How to change a password |
---|---|---|---|
admin |
The ADB Control owner, which is used to work with ADB Control UI |
The default value is When you first log in to ADB Control, you should change a password. For more information, see Connect to ADB Control. A password is stored in the
|
You can change a password on the Users → Management tab in the ADB Control UI. For more information, see Edit a user |
adcm |
The service API user (hidden administrator of the ADB Control UI) |
Can be set on the ADB Control configuration page during ADB Control installation. For more information, see Configuration parameters (ADB Control → UI component parameters → Service password). If not set, a secret password is generated. For backward compatibility, it is the same across all clusters. A password is stored in encrypted form in the
|
Password can be reset on the ADB Control configuration page (ADB Control → UI component parameters → Service password) |
ADBM API user
The following user is created during ADBM installation.
Account | Description | Default password | How to change a password |
---|---|---|---|
adcc |
The user that is used for authentication in the ADBM CLI API |
Stored as plaintext in the /opt/adbm/auth.properties file. The default value is user.adcc = 1234 File permissions: -rw-r--r-- 1 root root |
Update the /opt/adbm/auth.properties file. The ADBM restart is required |
Monitoring user
The following user is created in Grafana during monitoring installation.
Account | Description | Default password | How to change a password |
---|---|---|---|
admin |
Grafana administrator, which is used for cluster monitoring |
No default. You should set a password on the Grafana configuration page during monitoring installation (Primary configuration → Configuration → Security → Password) |
Currently, you should change a password for Grafana both in ADCM and in Grafana Admin:
|
ADCM user
The following user is created during ADCM installation.
Account | Description | Default password | How to change a password |
---|---|---|---|
admin |
ADCM admin |
admin |
After ADCM installation is complete, you can change a user password in the ADCM web UI. For more information, see Check the ADCM web-interface |
LDAP accounts
When configuring LDAP authentication, you need to enter and store LDAP admin accounts. Passwords are stored as plaintext in specific files that should be secured with OS file permissions.
ADB
LDAP authentication in ADB is configured according to the LDAP authentication in ADB article. To specify the LDAP admin account and its password, fill in the SA Login and Password fields on the ADB configuration page.
LDAP credentials are stored in the following file on the ADB master host: $MASTER_DATA_DIRECTORY/pg_hba.conf.
File permissions:
-rw-r----- 1 gpadmin gpadmin
Synchronization of ADB users and groups with LDAP is performed automatically via the pg-ldap-sync utility. For more information, see Synchronize ADB and LDAP.
IMPORTANT
After syncing with the LDAP server, two ADB local roles are still required since they cannot be replaced with LDAP users (see Arenadata DB roles):
All other users (including superusers) can be controlled via the LDAP server. |
ADB Control
LDAP authentication in ADB Control is configured according to the LDAP authentication article. To specify the LDAP admin account and its password, fill in the Login and Password fields on the ADB Control configuration page.
LDAP credentials are stored in the following files on the ADB Control host:
-
/opt/adcc/docker-compose.yaml
-
/opt/adcc/adcc-ui-server-application.yml
File permissions for both files:
-rw-r--r-- 1 root root
If LDAP authentication is configured, you need to map user groups of the selected LDAP server to roles in ADB Control. You can manage such mappings on the Users → LDAP group mapping tab in the ADB Control web interface. For more information, see Configure role mappings with LDAP groups.
IMPORTANT
After you assign the |