By default, each Exascale cluster contains one superuser account. The user identifier (ID) for the superuser account is admin. The admin user can implicitly perform any system operation and effectively holds all system privileges.

During system deployment, the admin user wallet is created on every storage server at /opt/oracle/cell/cellsrv/deploy/config/security/admwallet and every wallet contains the same system-generated private key.

If you choose to use the admin user for ongoing system administration, then you must manage access to the admin user wallet.

Alternatively, Oracle recommends the following approach:

1. Use the admin user to create your own dedicated Exascale administrator account or accounts.

2. Extract the admin user private key from the wallet and store it in a secure off-site key store. You can extract the private key from a wallet by using the ESCLI lswallet command.

3. Remove all copies of the admin user wallet.

By using this approach, you effectively disable the admin user and you must recreate the wallet if you require future admin access.