Creating an additional admin account

kaymankayman Member Posts: 662 Unicorn
edited November 2018 in Help

Hi there,

Is it possible to create an additional admin account? I want to be able to give a co-worker full access/ownership also, without the need to share my credentials (internal security policy). This does not seem to be possible at first glance, only one admin and everybody else is a normal user.

 

Any advice if it is possible or not?

Tagged:

Best Answer

Answers

  • JEdwardJEdward RapidMiner Certified Analyst, RapidMiner Certified Expert, Member Posts: 578 Unicorn

    Whilst it's not possible to create two admin users I'd suggest it's also not good practice to use the admin user as your default login.  Change to using a username for your day-to-day usage to for example 'kayman' & have this user open to as many privileges as the other user 'kaymankolleague'.  

     

    Once that's done, may I suggest the following. 

    You can both have a usergroup called 'admingroup'.  This group is given will be given more privileges than others (such as permission to create root directories, etc), and you will be able to use recursive permissions to explore most places.  You will then only need to switch to admin on certain occaisions such as creating a new database connection.  

     

    The admin username & password will then be shared only to those users which admin rights and the password should be changed regularly.  

    Next, as an added security level you can then store in your RapidMiner repository an encrypted file with the admin password this would only accessible by the 'admin_group' usergroup. 

    Then build a webapp to provide the password at the press of a button.  Your 'admingroup' users can will by default not be logged in with admin privileges, BUT if they need to move up to admin privileges they would need to login to the RapidMiner Server web console, open the WebApp (that only they can access) and click a button to receive the latest admin password.  

     

    This method might be more secure in practice overall (as your 'admingroup' users cannot accidentally do too much damage) and will certainly look impressive to security auditors.  Although, please note, do not store the password in plaintext, ensure it is encrypted.  

     

     

Sign In or Register to comment.