1.2.13 Exascale Users

Exascale has a system of user accounts enabling different users to perform actions and access data according to their assigned privileges. Though you can create a single Exascale user with privileges to do everything, a typical configuration contains cluster administration users and storage users:

• Cluster administration users are typically provisioned with privileges to administer the Exascale cluster. Cluster administration users typically administer the physical storage objects; namely storage servers, storage pools and pool disks. They also administer Exascale software services, vaults, cluster templates and user accounts. See Oracle Exadata Exascale System Administration.

  By default, each Exascale cluster contains one superuser account. The user identifier (ID) for the superuser account is admin. The admin user can implicitly perform any system operation and effectively holds all system privileges.

  While you can use the admin user to perform cluster administration tasks, Oracle recommends that you create your own cluster administration users with specific privileges. For example, rather than having one cluster administrator that does everything, you may choose to have dedicated user accounts for security administration, storage administration, and so on.

• Storage users are typically provisioned with privileges to use storage within Exascale vaults. Storage users often administer the vaults they use, and sometimes even create new vaults. Storage users typically manage their own files and the access control lists (ACLs) that govern file access. They also administer vault-level templates, extended file attributes, and their own user credentials. See Oracle Exadata Exascale User-Specific Administration.

Additionally, Exascale contains one node administration account for every node (storage server or compute node) that runs Exascale software services. Each node administration account inherits its user ID from the server hostname and each account contains the privileges required to run the Exascale software services on the node. Do not directly use or modify these accounts.