Deactivate non-personal admin account in Red Hat 3scale API Management
Issue
- During security scanning of the Red Hat 3scale API Management software one finding was, that a non-personal admin account exists in the Admin Portal (the default tenant admin user).
- When someone uses this account the user actions are not related to a person and so the traceability of changes isn't ensured.
- Personal admin accounts should be used and the 3scale admin default user should be deactivated.
Is this possible and what are the steps?
Environment
- Red Hat 3scale API Management
- 2.11.0 On-Premise
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.