Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

14.8. Administering User Tasks From the Command Line

14.8.1. Managing Users

You can use the ovirt-aaa-jdbc-tool tool to manage user accounts on the internal domain. Changes made using the tool take effect immediately and do not require you to restart the ovirt-engine service. For a full list of user options, run ovirt-aaa-jdbc-tool user --help. Common examples are provided in this section.

Procedure 14.12. Creating a User

This procedure shows you how to create a user, set the user password, and add it to your Red Hat Enterprise Virtualization environment.
  1. Log in to the machine on which the Red Hat Enterprise Virtualization Manager is installed.
  2. Create a new user account. Optionally use --attribute to specify account details. For a full list of options, run ovirt-aaa-jdbc-tool user add --help. 
    # ovirt-aaa-jdbc-tool user add test1 --attribute=firstName=John --attribute=lastName=Doe 
adding user test1...
user added successfully
    Copy to Clipboard
  3. Set a password. You must set a value for --password-valid-to, otherwise the password expiry time defaults to the current time. The date format is yyyy-MM-dd HH:mm:ssX. In this example, -0800 stands for GMT minus 8 hours. For more options, run ovirt-aaa-jdbc-tool user password-reset --help. 
    # ovirt-aaa-jdbc-tool user password-reset test1 --password-valid-to="2025-08-01 12:00:00-0800"
Password:
updating user test1...
user updated successfully
    Copy to Clipboard

    Note

    By default, the password policy for user accounts on the internal domain has the following restrictions:
    • A minimum of 6 characters.
    • Three previous passwords used cannot be set again during the password change.
    For more information on the password policy and other default settings, run ovirt-aaa-jdbc-tool settings show.
  4. Add the newly created user in the Administration Portal and assign the user appropriate roles and permissions. See Section 14.7.1, “Adding Users and Assigning User Portal Permissions” for more information.

Procedure 14.13. Viewing User Information

This procedure shows you how to view user account information. More information is displayed than in the Administration Portal, Users tab.
  1. Log in to the machine on which the Red Hat Enterprise Virtualization Manager is installed.
  2. Run the following command: 
    # ovirt-aaa-jdbc-tool user show test1
    Copy to Clipboard

Procedure 14.14. Editing User Information

This procedure shows you how to update user account information.
  1. Log in to the machine on which the Red Hat Enterprise Virtualization Manager is installed.
  2. Run the following command to edit user information. This example updates the email address. 
    # ovirt-aaa-jdbc-tool user edit test1 --attribute=email=jdoe@example.com
    Copy to Clipboard

Procedure 14.15. Removing a User

This procedure shows you how to delete a user account
  1. Log in to the machine on which the Red Hat Enterprise Virtualization Manager is installed.
  2. Delete the user: 
    # ovirt-aaa-jdbc-tool user delete test1
    Copy to Clipboard
  3. Remove the user from the Administration Portal. See Section 14.7.4, “Removing Users” for more information.

14.8.2. Changing the Password for the Internal Administrative User

To reset the password of the internal administrative user (admin@internal), use the ovirt-aaa-jdbc-tool tool. You do not need to restart the ovirt-engine service for the password change to take effect.
By default, the password policy for user accounts on the internal domain has the following restrictions:
  • A minimum of 6 characters.
  • Three previous passwords used cannot be set again during the password change.
For more information on the password policy and other default settings, run ovirt-aaa-jdbc-tool settings show.

Procedure 14.16. Resetting the Password for the Internal Administrative User

  1. Log in to the machine on which the Red Hat Enterprise Virtualization Manager is installed.
  2. To change the password in interactive mode, run the following command. You must set a value for --password-valid-to, otherwise the password expiry time defaults to the current time. The date format is yyyy-MM-dd HH:mm:ssX. In this example, Z stands for UTC time. For more options, run ovirt-aaa-jdbc-tool user password-reset --help. 
    # ovirt-aaa-jdbc-tool user password-reset admin --password-valid-to="2025-08-01 12:00:00Z"
    Copy to Clipboard

14.8.3. Disabling the Internal Administrative User

You can disable users on the local domains including the admin@internal user created during engine-setup. Make sure you have at least one user in the envrionment with full administrative permissions before disabling the default admin user.

Procedure 14.17. Disabling the Internal Administrative User

  1. Log in to the machine on which the Red Hat Enterprise Virtualization Manager is installed.
  2. Make sure another user with the SuperUser role has been added to the environment. See Section 14.7.1, “Adding Users and Assigning User Portal Permissions” for more information.
  3. Disable the default admin user: 
    # ovirt-aaa-jdbc-tool user edit admin --flag=+disabled
    Copy to Clipboard

    Note

    To enable a disabled user, run ovirt-aaa-jdbc-tool user edit username --flag=-disabled

14.8.4. Managing Groups

You can use the ovirt-aaa-jdbc-tool tool to manage group accounts on your internal domain. Managing group accounts is similar to managing user accounts. For a full list of group options, run ovirt-aaa-jdbc-tool group --help. Common examples are provided in this section.

Procedure 14.18. Creating a Group

This procedure shows you how to create a group account, add users to the group, and view the details of the group.
  1. Log in to the machine on which the Red Hat Enterprise Virtualization Manager is installed.
  2. Create a new group: 
    # ovirt-aaa-jdbc-tool group add group1
    Copy to Clipboard
  3. Add users to the group. The users must be created already. 
    # ovirt-aaa-jdbc-tool group-manage useradd group1 --user=test1
    Copy to Clipboard

    Note

    For a full list of the group-manage options, run ovirt-aaa-jdbc-tool group-manage --help.
  4. View group account details: 
    # ovirt-aaa-jdbc-tool group show group1
    Copy to Clipboard
  5. Add the newly created group in the Administration Portal and assign the group appropriate roles and permissions. The users in the group inherit the roles and permissions of the group. See Section 14.7.1, “Adding Users and Assigning User Portal Permissions” for more information.

Procedure 14.19. Creating Nested Groups

This procedure shows you how to create groups within groups.
  1. Log in to the machine on which the Red Hat Enterprise Virtualization Manager is installed.
  2. Create the first group: 
    # ovirt-aaa-jdbc-tool group add group1
    Copy to Clipboard
  3. Create the second group: 
    # ovirt-aaa-jdbc-tool group add group1-1
    Copy to Clipboard
  4. Add the second group to the first group: 
    # ovirt-aaa-jdbc-tool group-manage groupadd group1 --group=group1-1
    Copy to Clipboard
  5. Add the first group in the Administration Portal and assign the group appropriate roles and permissions. See Section 14.7.1, “Adding Users and Assigning User Portal Permissions” for more information.

14.8.5. Querying Users and Groups

The query module allows you to query user and group information. For a full list of options, run ovirt-aaa-jdbc-tool query --help.

Procedure 14.20. Listing All User or Group Account Details

This procedure shows you how to list all account information.
  1. Log in to the machine on which the Red Hat Enterprise Virtualization Manager is installed.
    • List all user account details: 
      # ovirt-aaa-jdbc-tool query --what=user
      Copy to Clipboard
    • List all group account details: 
      # ovirt-aaa-jdbc-tool query --what=group
      Copy to Clipboard

Procedure 14.21. Listing Filtered Account Details

This procedure shows you how to apply filters when listing account information.
  1. Log in to the machine on which the Red Hat Enterprise Virtualization Manager is installed.
    • List user account details with names that start with the character j. 
      # ovirt-aaa-jdbc-tool query --what=user --pattern="name=j*"
      Copy to Clipboard
    • List groups that have the department attribute set to marketing: 
      # ovirt-aaa-jdbc-tool query --what=group --pattern="department=marketing"
      Copy to Clipboard

14.8.6. Managing Account Settings

To change the default account settings, use the ovirt-aaa-jdbc-tool settings module.

Procedure 14.22. Updating Account Settings

This procedure shows you how to update the default account settings.
  1. Log in to the machine on which the Red Hat Enterprise Virtualization Manager is installed.
  2. Run the following command to show all the settings available: 
    # ovirt-aaa-jdbc-tool setting show
    Copy to Clipboard
  3. Change the desired settings:
    • This example updates the default log in session time to 60 minutes for all user accounts. The default value is 10080 minutes. 
      # ovirt-aaa-jdbc-tool setting set --name=MAX_LOGIN_MINUTES --value=60
      Copy to Clipboard
    • This example updates the number of failed login attempts a user can perform before the user account is locked. The default value is 5. 
      # ovirt-aaa-jdbc-tool setting set --name=MAX_FAILURES_SINCE_SUCCESS --value=3
      Copy to Clipboard

      Note

      To unlock a locked user account, run ovirt-aaa-jdbc-tool user unlock test1.
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat, Inc.