...
Different roles can be set up as access groups, with a defined set of write and execute permissions for the applications. Each user can belong to one or several access groups. For more information regarding the user administration, see /wiki/spaces/MD82/pages/3770462 in the /wiki/spaces/MD82/pages/3768690 Access Controller.
Every time a user or an access group has been updated, a user event is created containing information regarding the changes. This is logged in the System Log, but can also be handled by the Event Notification. For further information, see /wiki/spaces/MD82/pages/3770113, and /wiki/spaces/MD82/pages/3770978 in the /wiki/spaces/MD82/pages/3768690see Event Notifications, and System Log.
At installation, a default user called mzadmin and an access group called Administrator are created. The default user and any other user that belongs to the same access group will have full permissions in the system. You cannot delete the default user or access group. However, you can remove the permissions to use the Access Controller.
When the the property the install.security property is set to true in install.xml, a prompt to change the password for mzadmin will appear during the installation of the Platform container. If this property is set to false, the default password will be used.
The Platform property mz.security.user.control.enabled will be set to same value as install.security. This property is used to enforce additional password rules. For further, see Enhanced User Security and Enhanced Security Password Rules in /wiki/spaces/MD82/pages/3770462 in the /wiki/spaces/MD82/pages/3768690Rules in Access Controller.
If the password for mzadmin has been forgotten, it is possible to reset it with the Platform property mz.user.secret.unlock. For more information about how to reset the mzadmin password, see /wiki/spaces/MD82/pages/3778781 in the /wiki/spaces/MD82/pages/3778529see Resetting the mzadmin Password.