Strategy ONE

MSTR User

Starting in Strategy One (August 2025) for instance-based environments and Strategy One (September 2025) for container environments, all cloud operations are managed by a standardized "mstr" user. This out-of-the-box account is designed for environment configuration, administration, and management, to replace reliance on the default Administrator user.

This user provides the following:

  • Eliminates the need for additional named user licenses for Managed Cloud Enterprise (MCE) users.

  • Adds support to disable the Administrator user which provides more flexibility.

  • Ensures secure and reliable cloud management and configurations.

  • The mstr user is tightly scope and unable to access customer warehouse data or manage customer user accounts which ensures limited and strictly enforced cloud operation privileges.

Security Restrictions

Delete-restricted: The mstr user, Platform Support user group, and Administrator are protected by the Intelligence server and not able to be deleted.

Data Access: The user has no execution access to customer warehouse data. Only the Platform Analytics project warehouse is available.

User Management: The user can view but not manage users such as modify, delete, grant privileges, or change groups.

License-free: The mstr user is a free-license metadata user.

Client Accessibility: The user can access Workstation, Mosaic, Developer, Web, Library, Command Manager, and Object Manager. The user can not access Mobile, Hyper Clients, and Application Clients.

Password Change Restrictions: Starting in Strategy One (November 2025), only the mstr user can change its own password. There is a bypass option for MSTRBak to reset the mstr user password when restoring, refreshing, or upgrading the environment.

Privilege Restriction: Prevent others from removing existing privileges from the mstr user and Platform Support user group.

Intelligence Server Standardization of the mstr User

The Platform Support Administrator user group is automatically managed by the Intelligence Server on startup:

  • If the user group does not exist, the Intelligence Server creates it.

  • If any required privileges are missing from the user group, the Intelligence Server adds the privileges back.

The mstr user is automatically managed by the Intelligence Server on startup:

  • If the mstr user does not exist, the Intelligence Server creates it.

  • If the mstr user with the same GUID already exists, the Intelligence Server does not make any changes.

  • If the mstr user with the same login name but different GUID already exists, the Intelligence Server removes the existing mstr user and recreates the standard mstr user.

  • Ensures the mstr user is always under the Platform Support Administrator and Everyone user groups.

Issues and Workarounds

Container Upgrade pre-Strategy One (September 2025): mstr User is Missing Before Upgrading

When upgrading a container environment from a version prior to Strategy One (September 2025), the mstr user must already exist in the system. If the mstr user is missing, the Intelligence Server will not be able to run the required configuration in the pre-upgrade job. This can cause the Intelligence Server to fail to startup, which prevents success upgrade completion.

Workaround:

  1. Before upgrading, manually create a new mstr user and add it to the System Administrators group.

  2. Run the upgrade and pre-upgrade jobs will proceed successfully since the mstr user is present.

  3. During the first startup after the upgrade, the Intelligence Server automatically deletes your manually created mstr user and replaces it with the standardized, fixed mstr account required for ongoing cloud operations.

Instance MCE Upgrade from pre-Strategy One (July 2025): Subscriptions Created by the mstr User are Missing After Upgrading

After upgrading an instance MCE environment from a version prior to Strategy One (July 2025), there may be an existing mstr user in the metadata that uses the same login name but a different GUID from the standardized version. During the upgrade, the Intelligence Server will remove the previous mstr user and create a new, standardized mstr user account.

  • Any metadata objects owned by the mstr user automatically transfer ownership to the Administrator user.

  • Any subscriptions created by or assigned to the previous mstr user are invalidated and deleted during the standardization process.

Workarounds:

  • If you have already upgraded and subscriptions are not available, migrate the subscriptions from the backup metadata.

  • If you have not upgraded, rename the previous mstr user login to a different name (for example, mstr1, mstr-old) before upgrading. This prevents the Intelligence Server from deleting the user and preserves the related subscriptions.