Creating Users and Assigning Roles for a Search Instance

After you install the search engine, you need to create users and assign roles to users in the search instance. These users in the search instance are necessary to validate the incoming requests from PeopleSoft Search Framework. While the user information is maintained in the users.yml file, the role information is maintained in the userroles.yml file at OS_HOME/plugins/orcl-security-plugin/config/properties.

The following roles are delivered to perform specific operations:

• read - to provide permission as read-only.

• admin - to perform read and administrative operations.

• security - to access the security index.

To create users and assign roles to users, use the opensearchuser script available in OS_HOME/bin. You can use the script for the following purposes:

• To add a new user or change password for a user:

  opensearchuser adduser [user]

• To assign roles to an existing user:

  opensearchuser addrole [user]

  Use commas to separate the roles assigned to a user.

• To view existing users:

  opensearchuser listusers

• To view roles of a user:

  opensearchuser listrole [user]

• To remove a user:

  opensearchuser removeuser [user]

• To encrypt the given text, for example, a password:

  opensearchuser encrypt [text]

  This command is used for encrypting the keystore password while configuring SSL. The password needs to be encrypted in the opensearch.yml configuration file.

• To create a new key:

  opensearchuser buildkey

  This command creates a new key to encrypt password in text file.

For example, you may want to create a superuser with the roles of admin and security assigned to the superuser.

1. opensearchuser adduser superuser

   Enter a password and confirm the password.

2. opensearchuser addrole superuser

   Enter the password.

   Enter comma separated list of roles, for example: admin,security.