Disabling the default admin user

If you are using an enterprise-grade LDAP server for user management, you can further secure your Cloud Pak for Data system by disabling the default admin user.

Before you begin

The admin must switch control of catalogs and categories to other users by performing the following tasks. If you don't complete these tasks, no one will be able to administer the catalogs or categories.

Action	Required if...	Instructions
Add at least one other collaborator with the Admin role to these catalogs: The default catalog The Platform assets catalog Any other catalogs the admin user created	This action is required if either of these services are installed: Cloud Pak for Data common core services Watson™ Knowledge Catalog	Managing catalog collaborators
Add at least one collaborator with the Owner role to these categories: The [uncategorized] category Any other categories the admin user created	This action is required only if Watson Knowledge Catalog is installed.	Managing category collaborators

Procedure

To disable the default admin user:

Run the following command:

oc exec -it -n namespace \
$(oc get pod -n namespace -l component=usermgmt | tail -1 | cut -f1 -d\ ) \
-- bash -c "/usr/src/server-src/scripts/manage-user.sh --disable-user admin"

Replace namespace with the namespace where Cloud Pak for Data is deployed.

What to do next

If you encounter a problem and cannot log in to the web client with any of your LDAP user names, you can re-enable the admin user. For example, you might need to do this if there is a connectivity issue with your LDAP server or SAML IDP server.

To re-enable the default admin user:

Run the following command:

oc exec -it -n namespace \
$(oc get pod -n namespace -l component=usermgmt | tail -1 | cut -f1 -d\ ) \
-- bash -c "/usr/src/server-src/scripts/manage-user.sh --enable-user admin"

Replace namespace with the namespace where Cloud Pak for Data is deployed.

When prompted, specify a new password for the admin user.