User Management#
Introduction#
Whether you run Hopsworks on-premise, or on the cloud using kubernetes, you have a Hopsworks cluster which contains all users and projects.
Prerequisites#
Administrator account on a Hopsworks cluster.
Step 1: Go to user management#
All the users of your Hopsworks instance have access to your cluster with different access rights. You can find them by clicking on your name in the top right corner of the navigation bar and choosing Cluster Settings from the dropdown menu and going to the Users tab (You need to have Admin role to get access to the Cluster Settings page).
Step 2: Manage user roles#
Roles let you manage the access rights of a user to the cluster.
- User: users with this role are only allowed to use the cluster by creating a limited number of projects.
- Admin: users with this role are allowed to manage the cluster. This includes accepting new users to the cluster or blocking them, managing user quota, configure alerts and setting up authentication methods.
You can change the role of a user by clicking on the select dropdown that shows the current role of the user.
Step 3: Validating and blocking users#
By default, a user who register on Hopsworks using their own credentials are not granted access to the cluster. First, a user with an admin role needs to validate their account.
By clicking on the Review Requests button you can open a user request review popup as shown in the image below.
On the user request review popup you can activate or block users. Users with a validated email address will have a check mark on their email.
Similarly, if a user is no longer allowed access to the cluster you can block them. To keep consistency with the history of your datasets, a user can not be deleted but only blocked. If necessary a user can be deleted manually in the cluster using the command line.
You can block a user by clicking on the block icon on the right side of the user in the list.
Blocked users will appear on the lower section of the page. Click on display blocked users to show all the blocked users in your cluster. If a user is blocked by mistake you can reactivate it by clicking on the check mark icon that corresponds to that user in the blocked users list.
If there are too many users in your cluster, use the search box (available for blocked users too) to filter users by name or email. It is also possible to filter activated users by role. For example to see all administrators in you cluster click on the select dropdown to the right of the search box and choose Admin.
Step 4: Create a new users#
If you want to allow users to login without registering you can pre-create them by clicking on New user.
After setting the user's name and email chose the type of user you want to create (Hopsworks, Kerberos or LDAP). To create a Kerberos or LDAP user you need to get the users UUID from the Kerberos or LDAP server. Hopsworks user can also be assigned a Role. Kerberos and LDAP users on the other hand can only be assigned a role through group mapping.
A temporary password will be generated and displayed when you click on Create new user. Copy the password and pass it securely to the user.
Step 5: Reset user password#
In the case where a user loses her/his password and can not recover it with the password recovery, an administrator can reset it for them.
On the bottom of the Users page click on the Reset a user password link. A popup window with a dropdown for searching users by name or email will open. Find the user and click on Reset new password.
A temporary password will be displayed. Copy the password and pass it to the user securely.
A user with a temporary password will see a warning message when going to Account settings Authentication tab.
Note
A temporary password should be changed as soon as possible.