truenas · DjP-iX · Nov 15, 2024 · Nov 13, 2024 · Nov 13, 2024 · Nov 14, 2024
@@ -15,7 +15,7 @@ keywords:
 
 {{< include file="/static/includes/AdminAccountSecurity.md" >}}
 
-Administrator accounts have roles and privileges that allow greater control over access to functions in SCALE and to further utilize FIPS-compliance.
+Administrator accounts have roles and privileges that allow greater control over access to functions in SCALE and to further utilize FIPS compliance.
 SCALE includes three predefined admin user account levels:
 
 * Full Admin - Assigned to the local administrator account created by the system when clean installing SCALE using an <file>iso</file> file.
@@ -28,6 +28,11 @@ SCALE includes three predefined admin user account levels:
 
 For more information on the different administrator scenarios users can encounter, read [Logging Into SCALE the First Time]({{< relref "FirstTimeLogin.md" >}}).
 
+## Changing Administrator Account Passwords
+Adminstrator passwords can be changed on the **Edit User** screen or, if currently logged in as that admin user, by clicking the **Settings** <span class="material-icons">account_circle</span> icon on the top toolbar and clicking **Change Password**.
+
+{{< include file="/static/includes/ChangeLoggedInUserPassword.md" >}}
+
 ## Configuring Administrative Privileges
 
 [Create a new administrator]({{< relref "managelocalusersscale.md #creating-an-administrator-user-account" >}}) account or select an existing account to grant administrative privileges.
@@ -40,19 +45,19 @@ Note the primary group assigned to that user.
 As a security hardening feature, administrator accounts in Linux-based TrueNAS releases (22.12.0 or newer) cannot by default execute certain root-level commands in a shell or SSH session.
 If a user attempts to execute one of these commands without root-level access, TrueNAS returns a **command not found** error.
 
-Administrative users who need to execute root-level commands to complete a task should temporarily enable sudo permissions for that user by going **Credentials** and editing the user or group to enable some or all sudo commands.
+Administrative users who need to execute root-level commands to complete a task should temporarily enable sudo permissions for that user by going to **Credentials** and editing the user or group to enable some or all sudo commands.
 For best security, enable only the required commands to perform the task and require password authentication, unless the task or app prevents it.
 Disable sudo permissions when the task completes and they are no longer required.
 
-**Allowed sudo commands**, **Allow all sudo commands**, **Allowed sudo commands with no password** and **Allow all sudo commands with no password** grant limited root-like permissions using the sudo command.
+**Allowed sudo commands**, **Allow all sudo commands**, **Allowed sudo commands with no password**, and **Allow all sudo commands with no password** grant limited root-like permissions using the sudo command.
 Use **Allowed sudo commands** or **Allowed sudo commands with no password** to list specific sudo commands to allow.
-Enter each command as an absolute path to the ELF (Executable and Linkable Format) executable file, for example */usr/bin/nano*.
+Enter each command as an absolute path to the ELF (Executable and Linkable Format) executable file, for example, */usr/bin/nano*.
 <file>/usr/bin/</file> is the default location for commands.
 Press <kbd>Enter</kbd> after each command.
 
 To allow full access to sudo commands, select either **Allow all sudo commands** or **Allow all sudo commands with no password**.
 If sudo commands are allowed with password protection, the user is prompted for a password the first time a sudo command is entered, but not again in the same session.
-Disable these settings after completing the task to return to a security hardened system.
+Disable these settings after completing the task to return to a security-hardened system.
 
 Do not allow sudo permissions for read-only administrators.
 
@@ -91,7 +96,7 @@ To enable SSH to access the system as an admin user (or for root):
    If the root password password is disabled in the UI you cannot use it to gain SSH access to the system.
 
    To allow an admin user to issue commands in an SSH session, edit that user and select **SSH password login enabled** to allow authenticating and logging into an SSH session.
-   Disable this after completing the SSH session to return to a security hardened system.
+   Disable this after completing the SSH session to return to a security-hardened system.
 
 ## Two-Factor Authentication (2FA) and Administrator Account Log In
 

@@ -2,7 +2,15 @@
 
 Click on the **Change Password** <span class="material-icons">dialpad</span> icon button to display the change password dialog where you can enter a new password for the currently logged-in user.
 
-{{< trueimage src="/images/SCALE/Dashboard/ChangeLoggedInUserPassword.png" alt="Change Password" id="Change Password" >}}
+The **truenas_admin** user and admin users with full control permissions see the **Change Password** dialog with the **New Password** and **Confirm Password** fields.
+These users do not need to enter their current password to change the password.
+
+{{< trueimage src="/images/SCALE/Dashboard/ChangeLoggedInUserPassword.png" alt="Change Password - Full Control Admin" id="Change Password - Full Control Admin" >}}
+
+Sharing Admin and Readonly Admin users see the **Change Password** dialog with the **Current Password**, **New Password**, and **Confirm Password** fields.
+These users must enter the current password to validate the user account before changing the password.
+
+{{< trueimage src="/images/SCALE/Dashboard/ChangeLoggedInUserPasswordShare&ReadonlyAdmin.png" alt="Change Password - Share and Readonly Admins" id="Change Password - Share and Readonly Admins" >}}
 
 Click on the <span class="material-icons">visibility_off</span> icon to display entered passwords.
-To stop displaying the password, click on the <span class="material-icons">visibility</span> icon.
+To stop displaying the password, click on the <span class="material-icons">visibility</span> icon.