> ## Documentation Index
> Fetch the complete documentation index at: https://doc.lucidworks.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Users

export const LwTemplate = ({title = "Key questions to get you started", icon = "sparkles", cta = "Powered by Agent Studio", linkHref = "https://lucidworks.com/demo/?utm_source=docs&utm_medium=referral&utm_campaign=docs_cta_ai"}) => {
  const [isLoaded, setIsLoaded] = useState(false);
  useEffect(() => {
    const timer = setTimeout(() => {
      setIsLoaded(true);
    }, 500);
    return () => clearTimeout(timer);
  }, []);
  return <div className="lw-template-container">
      <Card title={title} icon={icon}>
        {isLoaded && <span dangerouslySetInnerHTML={{
    __html: `<lw-template id="a029c1a9-28be-427e-b0e1-5d918920246a"></lw-template
            >`
  }} />}
        <Link href={linkHref} className="agent-studio-link text-left text-gray-600 gap-2 dark:text-gray-400 text-sm font-medium flex flex-row items-center hover:text-primary dark:hover:text-primary-light group-hover:text-primary group-hover:dark:text-primary-light">Powered by Lucidworks Agent Studio</Link>
      </Card>
    </div>;
};

[localhost link]: http://localhost:3000/docs/5/fusion/operations/security/access-control/users

[mintlify link]: https://doc.lucidworks.com/docs/5/fusion/operations/security/access-control/users

[old doc.lw link]: https://doc.lucidworks.com/fusion/5.9/125

All Fusion requests must come from a registered user.

<LwTemplate />

## Add Users

The first user who logs in becomes the user `admin`.

There are two approaches for adding users:

* **Manual** – Add users manually to a security realm that does not auto-create users.
* **Automatic** – For a security realm that uses an external authentication provider, Fusion can add users automatically. When creating the security realm, check **auto-create users**. Fusion creates a user the first time someone logs into Fusion.

When you add a new user manually, you must provide a unique username and valid password.
All other information is optional. However, unless either roles or permissions are specified (or both),
this user will not be able to do anything in Fusion.

If you specify API permissions in a user definition, those permissions *override* corresponding permissions defined in the user’s roles. See [Permissions](/docs/5/fusion/operations/security/access-control/permissions) for more information about how permissions supplied by multiple roles and by user definitions combine.

<Note>
  There is a soft limit of 100 users in Fusion. Above that number, performance degradation may occur and API calls may take longer to complete. Using the **Ephemeral Users** parameter prevents the list of users from being saved and can be used to bypass this soft limit.
</Note>

## Manage Users in the Fusion UI

Only Fusion users with administrative privileges (for example, those who are assigned the built-in role `admin`) can manage users.

Manage users in the Fusion UI. Click **System > Access Control > Users**.

## Manage Users via HTTP Requests to the Users API

See page [Users API](/api-reference/user-management/list-users).

## User Information

Fusion stores user information in [Apache ZooKeeper](http://zookeeper.apache.org/).

Each User entry in ZooKeeper contains the following:

* `id`– A globally unique user ID (UUID), created by Fusion based on username, realm-name
* `realm-name`– The Fusion [security realm](/docs/5/fusion/operations/security/access-control/security-realms) name; the default is "native".
* `username`– The username string, which is unique within the specified security realm
* `permissions`– List of permissions that have been explicitly assigned to the user in the Fusion UI (in **System > Access Control**)
* `role-names`– List of roles assigned to the user in the Fusion UI (in **System > Access Control**)
* `created-at`– Timestamp; created by Fusion
* `updated-at`– Timestamp for the last edit; created by Fusion

The following JSON shows the ZooKeeper record for the Fusion admin user:

```json wrap  theme={"dark"}
{
  "id":"57f539d2-3f53-4011-ad6f-257a3f00fc6b",
  "username":"admin",
  "realm-name":"native",
  "password-hash":"$2a$08$3I82umlXLPSshQIW6ngj.Or06DOVgDLGohGmCB9GC0yRtvy5Nfkn6",
  "permissions":[],
  "role-names":["admin"],
  "created-at":"2016-01-28T00:00:18Z"
}
```

The following JSON shows the ZooKeeper record for a user entry managed by Fusion:

```json wrap  theme={"dark"}
{
  "id":"ae9b345a-79e2-4e6d-8620-e6ed4ed2cc16",
  "username":"firstname.lastname",
  "realm-name":"lwLDAP",
  "permissions":[{"path":"collections/**", "methods":["GET"]}],
  "role-names":[],
  "created-at":"2016-04-01T21:17:36Z",
  "updated-at":"2016-04-01T21:42:15Z"
}
```

## Learn more

<Accordion title="Change a Fusion User’s Password">
  ## Change your Fusion password

  While you are logged in, from anywhere in the Fusion UI:

  1. Click <img className="inline-image" alt="Account Settings" src="https://mintcdn.com/lucidworks/NgNm7Bp5nEBDIA7H/assets/images/4.0/icons/workspace-account.png?fit=max&auto=format&n=NgNm7Bp5nEBDIA7H&q=85&s=f88de77ea4129de197a19a5e186ee9a6" width="62" height="72" data-path="assets/images/4.0/icons/workspace-account.png" /> **Account Settings**.
  2. Click **My Profile**.
  3. Follow the UI instructions to update your password.

  ## Change another user’s Fusion password

  If you are an admin, you can change the password for any of your users. While you are logged in, from any app in the Fusion UI:

  1. Click **System > Access Control**.
  2. Make sure the **Users** tab is selected.
  3. Click the user’s name.
  4. Check the box under **Change password**.
  5. Enter and confirm a new password, and click **Update**.

  ## Reset a lost admin password

  If you have lost the password for the admin account,
  [contact Lucidworks Support](https://support.lucidworks.com/hc/en-us/requests/new).
</Accordion>
