Managing default superuser account in RA
search cancel

Managing default superuser account in RA

book

Article ID: 212377

calendar_today

Updated On:

Products

CA Release Automation - Release Operations Center (Nolio)

Issue/Introduction

We tried to delete the super user and got an error:  

[Built-in superuser cannot be deleted, or have his roles changed.]. Please refer to server logs with timestamp [yyyy-mm-dd 00:00:00]

Audit findings: The super user cannot be logged and cannot be deleted, how can we protect anonymous use of it?

Environment

Release Automation 6.7 and above

Resolution

What is "superuser" account in RA?

Superuser is a privileged user in RA. It's similar to the root user in Linux which cannot be removed but restriction on who access it, can be controlled. It is recommended from Release Automation product to change the default password of superuser account to strong password which is only accessible/known to authorized stakeholders.

What is the user of superuser account in RA?

  • Nolio acts on superuser behalf (invokes some internal APIs).
  • It is handy and very useful in some troubleshooting scenarios. For example an organizations only having AD/LDAP/SSO integration for users if faces issues with integration. In such case the default superuser account is used to login to system by RA admin to troubleshoot. In absence of it the system will halt.
What are recommendation from RA product perspective for account management?
  • The default superuser account access should be restricted only to authorized user with a changed strong password.
  • The default superuser account should not be used for any Release or Process execution.
  • The default superuser should only be used by RA admin for maintenance and to troubleshoot some unforeseen outages or system integration issues.