Skip to content

Latest commit

 

History

History
107 lines (58 loc) · 3.16 KB

pwa_user_management.rst

File metadata and controls

107 lines (58 loc) · 3.16 KB

User Management

Default Configuration

By default, PWA ships with account registration disabled, and with no accounts created. You either need to enable registration, or create one or more super-admin accounts (see below).

This interaction is slightly different between docker and RPM installs

Interacting with the sca-auth service (rpm)

Everything is the same as below, except you can ignore the Docker commands to attach to the container.

Interacting with the sca-auth service (docker)

If deployed with Docker, sca-auth runs within a Docker container; there are two ways to run commands within a docker container.

  1. docker exec -it <container> <command> - this allows you to execute something inside the container without actually interactively entering the container. This is useful for one-off or scripted commands. For example, this gives you a list of all the users.

    $ sudo docker exec -it sca-auth pwa_auth listuser

  2. docker exec -it <container> bash - this starts an interactive bash shell within the container.

    $ sudo docker exec -it bash

root@301be8a679c7:/# pwa_auth listuser

The two examples above are equivalent. To exit a bash shell, type exit

Running SCA commands

You can run other SCA commands by running commands inside the sca-auth container, using either method above.

sca-auth Commands

NOTE: before changes to user roles go into effect, the user has to log out and then re-authenticate.

Listing accounts

NOTE: Different environments may have different environment paths; the command below should work on both RPM installs and Docker instances, but if you have issues, try looking in a different path.

Generally, Docker uses /sbin and RPMs use /usr/sbin

pwa_auth listuser

The commands for RPM installs are the same as the Docker ones, simply with pwa_auth rather than auth.js.

Creating accounts

Create a new user

pwa_auth useradd --username <user> --fullname "<name>" --email "<email>" [--password "<password>"]

Modifying roles

Add PWA access for a user

pwa_auth modscope --username user --add '{"pwa": ["user"]}'

Certain features in PWA are restricted to only super-admin. In order to become a super-admin, you will need to run following as root via the command line.

Make a user a PWA super-admin:

pwa_auth modscope --username user --add '{"pwa": ["user", "admin"]}'

Reset password

pwa_auth setpass --username user --password "password#123"

Modify (set/add/del) user scopes

pwa_auth modscope --username user --set '{"pwa": ["user", "admin"]}'
pwa_auth modscope --username user --add '{"pwa": ["user", "admin"]}'
pwa_auth modscope --username user --del '{"pwa": ["user", "admin"]}'

Remove a user

pwa_auth userdel --username user