# Create a superadmin User

> **⚠️ Warning**: The privilege level of the Operator's `admin` user is designed to prohibit specific operations from being performed that could interfere with Operator automation.As the `superadmin` user does not have these restrictions, it should only be used for specific operations, such as initiating disaster recovery (DR) replication or creating a database with unlimited storage. *Using the `superadmin` user to perform unprescribed operations (such as adding and removing leaves and/or changing engine variables, etc.) can trigger unexpected Pod cycling by the Operator and/or adversely impact the Operator's state.*In addition, as the Operator uses the `root` user to manage the cluster and the `root` user’s password, the Operator's `root` password must never be changed. *Changing the *root* user’s password will decouple the Operator from the SingleStore cluster and neither the Operator nor the cluster will continue to function as intended.*

## Obtain the Root Password

The `root` user has [all privileges](https://docs.singlestore.com/db/v9.1/reference/sql-reference/security-management-commands/permissions-matrix.md), including those to create users and manage the cluster. This user is assigned a password when the SingleStore cluster is first created. The Operator creates a corresponding [secret](https://kubernetes.io/docs/concepts/configuration/secret/) with the same name as the SingleStore cluster which is used to store the `root` user’s password.

To obtain this secret, run the following command.

```shell
kubectl get secrets
```

Note that, in this secret, the password is Base64-encoded. To [decode the password](https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-kubectl/#decoding-secret) from the secret, run the following command.

```shell
echo <ENCODED-VALUE> | base64 -D
```

## Create the superadmin User

As noted earlier, while the `root` user’s password can be viewed, it must never be changed.

Should you need to use the `root` user, SingleStore recommends that you:

1. As the `root` user, create a `superadmin` user via the following SQL command.
   ```sql
   CREATE USER 'superadmin'@'%' IDENTIFIED BY '<secure-password>'
   ```

2. Grant the `superadmin` user `root` privileges via the following SQL command.
   ```sql
   GRANT ALL ON *.* TO 'superadmin'@'%' WITH GRANT OPTION;
   ```

Once this `superadmin` user has been created, obtaining the `root` user’s password is no longer necessary.

***

Modified at: March 2, 2023

Source: [/db/v9.1/reference/singlestore-operator-reference/create-a-superadmin-user/](https://docs.singlestore.com/db/v9.1/reference/singlestore-operator-reference/create-a-superadmin-user/)

(An index of the documentation is available at /llms.txt)