User Management¶

Default Configuration¶

By default, PWA ships with account registration disabled, and with no accounts created. You either need to enable registration, or create one or more super-admin accounts (see below).

This interaction is slightly different between docker and RPM installs

Interacting with the `sca-auth` service (rpm)¶

Everything is the same as below, except you can ignore the Docker commands to attach to the container.

Interacting with the `sca-auth` service (docker)¶

If deployed with Docker, sca-auth runs within a Docker container; there are two ways to run commands within a docker container.

docker exec -it <container> <command> - this allows you to execute something inside the container without actually interactively entering the container. This is useful for one-off or scripted commands. For example, this gives you a list of all the users.
```
$ sudo docker exec -it sca-auth pwa_auth listuser
```
docker exec -it <container> bash - this starts an interactive bash shell within the container.
```
$ sudo docker exec -it bash

root@301be8a679c7:/# pwa_auth listuser
```

The two examples above are equivalent. To exit a bash shell, type exit

Running SCA commands

You can run other SCA commands by running commands inside the sca-auth container, using either method above.

sca-auth Commands¶

NOTE: before changes to user roles go into effect, the user has to log out and then re-authenticate.

Listing accounts¶

NOTE: Different environments may have different environment paths; the command below should work on both RPM installs and Docker instances, but if you have issues, try looking in a different path.

Generally, Docker uses /sbin and RPMs use /usr/sbin

pwa_auth listuser

The commands for RPM installs are the same as the Docker ones, simply with pwa_auth rather than auth.js.

Creating accounts¶

Create a new user

pwa_auth useradd --username <user> --fullname "<name>" --email "<email>" [--password "<password>"]

Modifying roles¶

Add PWA access for a user

pwa_auth modscope --username user --add '{"pwa": ["user"]}'

Certain features in PWA are restricted to only super-admin. In order to become a super-admin, you will need to run following as root via the command line.

Make a user a PWA super-admin:

pwa_auth modscope --username user --add '{"pwa": ["user", "admin"]}'

Reset password

pwa_auth setpass --username user --password "password#123"

Modify (set/add/del) user scopes

pwa_auth modscope --username user --set '{"pwa": ["user", "admin"]}'
pwa_auth modscope --username user --add '{"pwa": ["user", "admin"]}'
pwa_auth modscope --username user --del '{"pwa": ["user", "admin"]}'

Remove a user

pwa_auth userdel --username user