Sign inTry Free

Create a superadmin User

On this page

Warning

The privilege level of the Operator's admin user is designed to prohibit specific operations from being performed that could interfere with Operator automation.

As the superadmin user does not have these restrictions, it should only be used for specific operations, such as initiating disaster recovery (DR) replication or creating a database with unlimited storage. Using the superadmin user to perform unprescribed operations (such as adding and removing leaves and/or changing engine variables, etc.) can trigger unexpected Pod cycling by the Operator and/or adversely impact the Operator's state.

In addition, as the Operator uses the root user to manage the cluster and the root user’s password, the Operator's root password must never be changed. Changing the root user’s password will decouple the Operator from the SingleStore cluster and neither the Operator nor the cluster will continue to function as intended.

Obtain the Root Password

The root user has all privileges, including those to create users and manage the cluster. This user is assigned a password when the SingleStore cluster is first created. The Operator creates a corresponding secret with the same name as the SingleStore cluster which is used to store the root user’s password.

To obtain this secret, run the following command.

kubectl get secrets

Note that, in this secret, the password is Base64-encoded. To decode the password from the secret, run the following command.

echo <ENCODED-VALUE> | base64 -D

Create the superadmin User

As noted earlier, while the root user’s password can be viewed, it must never be changed.

Should you need to use the root user, SingleStore recommends that you:

  1. As the root user, create a superadmin user via the following SQL command.

    CREATE USER 'superadmin'@'%' IDENTIFIED BY '<secure-password>'

  2. Grant the superadmin user root privileges via the following SQL command.

    GRANT ALL ON *.* TO 'superadmin'@'%' WITH GRANT OPTION;

Once this superadmin user has been created, obtaining the root user’s password is no longer necessary.

Last modified: March 2, 2023

Was this article helpful?

On this page

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK