2.3.1 Create a User

By using different users, you can enforce data separation within Exascale.

Prior to performing the following procedure, the prospective new Exascale user should create their own public/private key pair and supply the public key. See Create User Keys. This is recommended to ensure the integrity of the private key, since the user should never share the private key, not even with the Exascale administrator.

To provision a new Exascale user:

1. Create the Exascale user.

   Use the ESCLI mkuser command and specify the name of the new Exascale user and a unique user ID.

   For example:

   @> mkuser theusername --attributes id=theuserID
   User created with ID: theuserID

   If you do not specify the user ID, then the user is assigned as system-generated unique user ID. For example:

   @> mkuser theusername
   User created with ID: 96a68014-5762-4579-86ee-29eb743decbd

   Note:

   The user ID is fixed at user creation time. There is no way to modify the user ID afterward.

   Take note of the user ID for the newly created user. You must supply the user ID value to the actual user so that they can configure their credential store (wallet).
2. Associate the new Exascale user with the user's supplied public key.

   Use the ESCLI chuser command and specify:

   • The ID for the user that is being modified in the chuser command.
   • The location of the file that contains the user's public key in PEM format.

   For example:

   @> chuser 96a68014-5762-4579-86ee-29eb743decbd --public-key-file1 pub.pem