User administration in MC

Management Console (MC) users are separate from Vertica server database users. MC user accounts exist in the MC only, and you cannot alter MC users with SQL statements. You add, edit, and delete MC users entirely within the MC.

Add a user

After you install and configure the MC, only the MC SUPER administrator (superuser) user exists. The MC SUPER administrator can create the other users and assign them MC configuration roles that grant privileges to perform user actions.

Prerequisites

• Determine the MC configuration role that you want to grant the new MC user.
• Determine the database privileges that you want to grant the new MC user.
• Optional: Create or import a database to associate with the new user.
• Optional: Create a database user account if you want to map a server database user to an MC user profile.

Add a local user

To add a local user, you must have the required MC configuration privileges:

1. Log in to the Management Console, then go to MC Settings > User Management.
2. Select Add. The Add a new user screen displays.
3. Select or enter the following information:

   • Authentication: How the user authenticates to the MC. Select Local.

   • MC username: The username of the new user. After you create and save a user, you cannot edit the username, but you can delete the user account and create a new user account with a new username.

   • MC password: The new user's password. The MC has the following default password requirements:

     • Cannot be the same as MC username
     • Between 3 and 30 characters in length
     • One number
     • One uppercase letter
     • One lowercase letter

     As the user enters the new password, the MC verifies that the password meets the preceding requirements. If the password does not meet the requirements, then an error message is displayed. If you have the required MC configuration privileges, you can edit password requirements in MC Settings > Configuration > MC Password configuration settings.

     When a new user logs in, they are prompted to create a new password.

   • Email address: Required. The new user's email address.

   • MC configuration privileges: The user's configuration role privileges. For details, see Configuration roles in MC.

   • DB access levels: The user's database privileges. For details, see Database privileges.

   • Status: Select Enabled.

4. Select Add user.

After you add the user, the User Management screen displays, and the user is listed in the grid.

Add a federated or IDP user

After you set up a federated server or set up an IDP, you can create MC user accounts with the user identities that the federated server or IDP manages. To add a user, you must have the required MC configuration privileges:

1. Log in to the Management Console, then select MC Settings > User Management.

2. Select Add. The Add a new user screen displays.

3. Select or enter the following information:

   • Authentication: How the user authenticates to the MC. This list displays only the names of the federated servers or IDPs that you have set up to authenticate users:

     • For federated users, select Federated.
     • For IDP users, select IDP.

   • MC username: Add the username.

     For IDP users, the username is their email address.

     For federated users, enter the username stored in the federated server. As you enter the username, the MC searches the federated server for the username and displays the results in a list. Select the username from the list. You can use the wildcard character (*) to filter names. For example, if you enter mcuser*, the MC will list all users in the federation server whose usernames begin with mcuser.

   • MC configuration privileges: The user's configuration role privileges. For details, see Configuration roles in MC.

   • DB access levels: The user's database privileges. For details, see Database privileges.

   • Status: Select Enabled.

   Note

   You cannot edit the user's Email address because it is managed by the federation server.

4. Select Add user.

After you add the user, the User Management screen displays, and the user is listed in the grid.

Edit a user

Edit a user to update their MC configuration or database privileges. The only user account that you cannot edit is the MC SUPER administrator. You must have the required MC configuration roles to edit a user account:

1. Log in to the Management Console, then select MC Settings > User Management.

2. In the grid, select the row that lists the user that you want to edit.

3. Select Edit.

4. Update the fields. You cannot edit the MC password or Email address for federated or IDP users.

   For local users, you can edit the password from the Change Password screen. To access this screen, log in to the Management Console, then select MC Settings > Change Password.

5. Select Save.

Delete a user

Delete a user that you no longer authorize to access the MC. When you delete an MC user, you delete the user's audit activity and their MC profile, which includes configuration roles and database access privileges. If you do not want to delete a user but you do want to revoke a user's MC authorization, consider setting the user's Status to Disabled. For details, see Edit a user.

The only user account you cannot delete is the MC SUPER administrator. If you delete a federated or IDP user, you delete their MC profile only. The MC cannot change user identity information stored in federated servers or IDPs.

You must have the required MC configuration roles to delete a user account:

1. Log in to the Management Console, then select MC Settings > User Management.

2. In the grid, select the row that lists the user that you want to delete.

3. Select Delete.

   The Confirm window is displayed and asks you if you are sure that you want to delete this user.

4. Select OK.

   The user is no longer listed in the User Management grid.

See also

• Configuring Management Console
• Users, roles, and privileges in MC
• User administration in MC
• Database privileges
• Creating a database user