Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Cloud Service Automation4.90

Change CSA Built-In User Accounts

CSA ships with built-in user accounts. The user accounts are used to authenticate REST API calls and for initial setup and experimentation with the product. For security reasons, you may want to disable or change the passwords associated with these accounts (do not change the usernames).

Note Do not create users in your LDAP directory that match the built-in users provided by CSA: csaCatalogAggregationTransportUser, csaReportingUser,ooInboundUser, and codarintegrationUse. Creating the same users in LDAP may allow the CSA built-in users unintended access to the Cloud Service Management Console or give the LDAP users unintended privileges.

Note: When you change or create passwords, you can use these special characters: ~ `! @ # $ % * ( ) _ - + = { } [ ] \ / : ; [space] ?

CSA does not support these characters: ^ & | " . > , <

Cloud Service Management Console User Accounts

The following users are shipped with CSA and are used with the Cloud Service Management Console:

admin User: Cloud Service Management Console
Username	admin
Default Password	cloud
Default Role	ROLE_REST
Usage	This account is used to initially log in to the Cloud Service Management Console to configure the provider organization.
To Disable	Edit the `PERSISTENT_VOLUME_PATH/jboss‑as/standalone/ deployments/idm-service.war/WEB-INF/classes/provider-users.properties` file. Update the `admin` property to disable this user account. For example, set `admin` to the following value (this value should be encrypted): `cloud,ROLE_REST,disabled` Note This property not only determines if the account is enabled, it also contains the password and the roles that control access to CSA. By default, the unencrypted value of this property is: `cloud,ROLE_REST,enabled` The encrypted value is preceded by `ENC` without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value.
To Change Password	If you change the password to this account, you must update the value of the password in the `provider-users.properties` file and the `securityAdminPassword` property in the `hcm-csa.yaml` file (you must use the same password). You must also update and use the same password for every REST API call that uses the password. Updating the admin property in provider-users.properties Edit the `PERSISTENT_VOLUME_PATH/jboss-as/standalone/deployments/ idm-service.war/WEB-INF/classes/provider-users.properties` file. Update the password portion of the `admin` value and encrypt the entire value, including the roles and account status. The encrypted value is preceded by `ENC` without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value. Note This property not only contains the password, but also the roles that control access to CSA and if the account is enabled. By default, the unencrypted value of this property is: `cloud,ROLE_REST,enabled` Updating the securityAdminPassword property in hcm-csa.yaml Edit the `PERSISTENT_VOLUME_PATH/jboss‑as/standalone/deployments/csa.war/WEB-INF/classes/hcm-csa.yaml` file (where `CSA_HOME` is the directory in which CSA is installed. ) and update the value of the `securityAdminPassword` property. Use the same encrypted password that you entered for the `admin` property in the `provider-users.properties` file. After modifying the `hcm-csa.yaml` file, restart CSA. See Restarting CSA Pod for instructions.

consumerAdmin User: Marketplace Portal
Username	consumerAdmin
Default Password	cloud
Default Role	CONSUMER_ORGANIZATION_ADMINISTRATOR
Usage	This account is used to initially log in to the Cloud Service Management Console to configure and manage the sample CSA Consumer organization.
To Disable	Edit the `PERSISTENT_VOLUME_PATH/jboss‑as/standalone/deployments/idm-service.war/WEB-INF/classes/consumer-users.properties` file. Update the `consumerAdmin` property to disable this user account. For example, set `consumerAdmin` to the following value (this value should be encrypted): `cloud,CONSUMER_ORGANIZATION_ADMINISTRATOR,disabled` Note This property not only determines if the account is enabled, it also contains the password and the roles that control access to CSA. By default, the unencrypted value of this property is: `cloud,CONSUMER_ORGANIZATION_ADMINISTRATOR,enabled` The encrypted value is preceded by `ENC` without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value.
To Change Password	Edit the `PERSISTENT_VOLUME_PATH/jboss‑as/standalone/deployments/idm-service.war/WEB-INF/classes/consumer-users.properties` file. Update the password portion of the `consumerAdmin` value and encrypt the entire value, including the roles and account status. The encrypted value is preceded by `ENC` without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value. Note This property not only contains the password, but also the roles that control access to CSA and if the account is enabled. By default, the unencrypted value of this property is: `cloud,CONSUMER_ORGANIZATION_ADMINISTRATOR,enabled`

csaCatalogAggregationTransportUser User: Cloud Service Management Console
Username	csaCatalogAggregationTransportUser
Default Password	cloud
Usage	This account is used to authenticate REST API calls.
To Disable	Do not disable this account.
To Change Password	If you change the password to this account, you must update the value of the `securityCatalogAggregationTransportUserPassword` property in `hcm-csa.yaml`. You must also update the password using the catalog aggregation registration REST APIs. Edit the `PERSISTENT_VOLUME_PATH/jboss‑as/standalone/ deployments/csa.war/WEB-INF/classes/hcm-csa.yaml` file (where `CSA_HOME` is the directory in which CSA is installed. ) and update the value of the `securityCatalogAggregationTransportUserPassword` property. Determine a suitable new password (see Encrypt a password for instructions). An encrypted password is preceded by `ENC` without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value. After modifying the `hcm-csa.yaml` file, restart CSA. See Restarting CSA Pod for instructions.

csaReportingUser User: Cloud Service Management Console
Username	csaReportingUser
Default Password	cloud
Default Roles	ROLE_REST, ROLE_DYNAMIC
Usage	This account is used when a subscription is ordered or modified and a field for the subscription includes a dynamically generated list. The dynamically generated list is a subscriber option property configured to use a dynamic query. The dynamic query uses this account to access CSA to determine the values that will appear in the list. This account has read-only access to CSA .
To Disable	Do not disable this account.
To Change Password	If you change the password to this account, you must update the value of the password in the `provider-users.properties` file and the `securityCsaReportingUserPassword` property in the `hcm-csa.yaml` file (you must use the same password). You must also update and use the same password for every REST API call that uses the password. Updating the csaReportingUser property in provider-users.properties Edit the `PERSISTENT_VOLUME_PATH/jboss-as/standalone/deployments/idm-service.war/WEB-INF/classes/provider-users.properties` file. Update the password portion of the `csaReportingUser` value and encrypt the entire value, including the roles and account status. The encrypted value is preceded by `ENC` without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value. Note This property not only contains the password, but also the roles that control access to CSA and if the account is enabled. By default, the unencrypted value of this property is: `cloud,ROLE_REST,ROLE_DYNAMIC,enabled` Updating the securityCsaReportingUserPassword property in hcm-csa.yaml Edit the `PERSISTENT_VOLUME_PATH/jboss‑as/standalone/deployments/csa.war/WEB-INF/classes/hcm-csa.yaml` file (where `CSA_HOME` is the directory in which CSA is installed. ) and update the value of the `securityCsaReportingUserPassword` property. Use the same encrypted password that you entered for the `csaReportingUser` property in the `provider-users.properties` file. After modifying the `hcm-csa.yaml` file, restart CSA. See Restarting CSA Pod for instructions.

csaTransportUser User: Cloud Service Management Console
Username	csaTransportUser
Default Password	csaTransportUser
Usage	This account is used to authenticate REST API calls.
To Disable	Do not disable this account.
To Change Password	If you change the password to this account, you must update the value of the `securityTransportPassword` property in the `hcm-csa.yaml` file and the `idm.csa.password` property in the `applicationContext.properties` file (you must use the same password). You must also update and use the same password for every REST API call that uses the password. Updating the securityTransportPassword property in hcm-csa.yaml Edit the `PERSISTENT_VOLUME_PATH/jboss‑as/standalone/deployments/csa.war/WEB-INF/classes/hcm-csa.yaml` file (where `CSA_HOME` is the directory in which CSA is installed. ) and update the value of the `securityTransportPassword` property. Determine a suitable new password (see Encrypt a password for instructions). An encrypted password is preceded by `ENC` without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value. Updating the idm.csa.password property in applicationContext.properties Edit the `PERSISTENT_VOLUME_PATH/jboss-as/standalone/deployments/idm-service.war/WEB-INF/spring/applicationContext.properties` file and update the value of the `idm.csa.password` property. Use the same encrypted password that you entered for the `securityTransportPassword` property in the `hcm-csa.yaml` file. After modifying and saving the changes to the files, restart CSA. See Restart CSA for instructions.

idmTransportUser User: Cloud Service Management Console
Username	idmTransportUser
Default Password	idmTransportUser
Default Roles	ROLE_ADMIN, PERM_IMPERSONATE
Usage	This account is used to authenticate REST API calls.
To Disable	Do not disable this account.
To Change Password	If you change the password to this account, you must update the value of the `securityIdmTransportUserPassword` property in the `hcm-csa.yaml` file, the `idmTransportUser` property in the `integrationusers.properties` file, and the `password` attribute in the idmProvider section of the `mpp.json` file (you must use the same password) and you must clear the JBoss server and web browser caches. You must also update and use the same password for every REST API call that uses the password. Updating the securityIdmTransportUserPassword property in hcm-csa.yaml Edit the `PERSISTENT_VOLUME_PATH/jboss‑as/standalone/deployments/csa.war/WEB-INF/classes/hcm-csa.yaml` file (where `CSA_HOME` is the directory in which CSA is installed. ) and update the value of the `securityIdmTransportUserPassword` property. Determine a suitable new password (see Encrypt a password for instructions). An encrypted password is preceded by `ENC` without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value. Updating the idmTransportUser property in integrationusers.properties Note This property not only contains the password, but also the roles that control access to CSA and if the account is enabled. By default, the unencrypted value of this property is: `idmTransportUser,ROLE_ADMIN,PERM_IMPERSONATE,enabled` Edit the `PERSISTENT_VOLUME_PATH/jboss-as/standalone/deployments/idm-service.war/WEB-INF/classes/integrationusers.properties` file and update the value of the `idmTransportUser` property. Use the same password that you used for the `securityIdmTransportUserPassword` property in the `hcm-csa.yaml` file and encrypt the entire value of the `idmTransportUser` property, including the roles and account status . The encrypted value is preceded by `ENC` without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value.
	Updating the password attribute in mpp.json Edit the `PERSISTENT_VOLUME_PATH/portal/conf/mpp.json` file (where `CSA_HOME` is the directory in which CSA is installed. ) and update the value of the `password` attribute in the idmProvider section and the `keyfile` attribute. Use the same password that you used for the `securityIdmTransportUserPassword` property in the `hcm-csa.yaml` file and encrypt this password using the password utility that is provided by the Marketplace Portal: Open a command prompt and navigate to the `PERSISTENT_VOLUME_PATH/portal/bin` directory. For example, on Windows the directory is `C:\Program Files\HPE\CSA\portal\bin` and on Linux the directory is `/usr/local/hpe/csa/portal/bin.` Run the following command: Windows: `..\..\node.js\node passwordUtil` Linux: `../../node.js/node passwordUtil` When prompted, enter the name and location of the keyfile to generate (for example, `../conf/keyfile`) and the password to encrypt. An encrypted password is displayed. Copy the encrypted password to the `password` attribute value in the `idmProvider` section. An encrypted password is preceded by `ENC` without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value. For example `ENC(3oKr7eAo25bEn3Zn2t9wIA==)` Copy the keyfile name and location to the `keyfile` attribute. Clearing the JBoss server and web browser caches After modifying and saving the changes to the files, clear the JBoss server and web browser caches. To clear the JBoss server cache, remove the contents from the `PERSISTENT_VOLUME_PATH/jboss-as/standalone/tmp` directory. See Clear the web browser cache for information about how to clear the web browser cache. Restarting CSA After making these changes, restart CSA. See Restart CSA for instructions about how to restart CSA and the Marketplace Portal.

ooInboundUser User: Cloud Service Management Console
Username	ooInboundUser
Default Password	cloud
Default Role	ROLE_REST
Usage	This account is used by Operations Orchestration to authenticate REST API calls with CSA.
To Disable	Do not disable this account.
To Change Password	If you change the password to this account, you must update the value of the password in the `provider-users.properties` file and the `securityOoInboundUserPassword` property in the `hcm-csa.yaml` file (you must use the same password). You must also update and use the same password for every REST API call that uses the password. Updating the ooInboundUser property in provider-users.properties Edit the `PERSISTENT_VOLUME_PATH/jboss-as/standalone/deployments/idm-service.war/WEB-INF/classes/provider-users.properties` file. Update the password portion of the `ooInboundUser` value and encrypt the entire value, including the roles and account status. The encrypted value is preceded by `ENC` without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value. Note This property not only contains the password, but also the roles that control access to CSA and if the account is enabled. By default, the unencrypted value of this property is: `cloud,ROLE_REST,enabled` You must also update and use the same password for the CSA_REST_CREDENTIALS system account in Operations Orchestration (located in the Configuration folder of the Public Repository). Updating the securityOoInboundUserPassword property in hcm-csa.yaml If you change the password to this account, you must update the value of the `securityOoInboundUserPassword` property in `hcm-csa.yaml`. You must also update and use the same password for the `CSA_REST_CREDENTIALS` system account in Operations Orchestration (located in the Configuration folder of the Public Repository). Edit the `PERSISTENT_VOLUME_PATH/jboss‑as/standalone/deployments/csa.war/WEB-INF/classes/hcm-csa.yaml` file (where `CSA_HOME` is the directory in which CSA is installed. ) and update the value of the `securityOoInboundUserPassword` property. Use the same encrypted password that you entered for the `ooInboundUser` property in the `provider-users.properties` file. After modifying the `hcm-csa.yaml` file, restart CSA. See Restarting CSA Pod for instructions.

Marketplace Portal User Account

The following is a sample user that ships with CSA and is used to access the Marketplace Portal:

consumer User: Marketplace Portal
Username	consumer
Default Password	cloud
Default Roles	SERVICE_CONSUMER, ROLE_REST
Usage	This account is used to initially log in to and experiment with the Marketplace Portal (LDAP does not have to be configured). This user belongs to the "CSA consumer internal group" and is a member of the "CSA Consumer" organization (both the group and organization are provided as samples).
To Disable	Edit the `PERSISTENT_VOLUME_PATH/jboss‑as/standalone/ deployments/idm-service.war/WEB-INF/classes/consumer-users.properties` file. Update the `consumer` property to disable this user account. For example, set `consumer` to the following value (this value should be encrypted): `cloud,SERVICE_CONSUMER,ROLE_REST,disabled` Note This property not only determines if the account is enabled, it also contains the password and the roles that control access to CSA. By default, the unencrypted value of this property is: `cloud,SERVICE_CONSUMER,ROLE_REST,enabled` See Encrypt a password for instructions about how to encrypt this value). The encrypted value is preceded by `ENC` without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value.
To Change Password	Edit the `PERSISTENT_VOLUME_PATH/jboss‑as/standalone/deployments/idm-service.war/WEB-INF/classes/consumer-users.properties` file. Update the password portion of the `consumer` value and encrypt the entire value, including the roles and account status . The encrypted value is preceded by `ENC` without any separating spaces and is enclosed in parentheses. Ensure there is no blank space at the end of the value. Note This property not only contains the password, but also the roles that control access to CSA and if the account is enabled. By default, the unencrypted value of this property is: `cloud,SERVICE_CONSUMER,ROLE_REST,enabled`

Send Help Center feedback