diff --git a/api-ref/source/api-ref-sysinv-v1-config.rst b/api-ref/source/api-ref-sysinv-v1-config.rst
index a88e6260d1..f0d66c2b56 100644
--- a/api-ref/source/api-ref-sysinv-v1-config.rst
+++ b/api-ref/source/api-ref-sysinv-v1-config.rst
@@ -10565,7 +10565,7 @@ badMediaType (415)
    :header: "Parameter", "Style", "Type", "Description"
    :widths: 20, 20, 20, 60
 
-   "Content-Type multipart/form-data", "plain", "xsd:string", "The content of a file. e.g. if using curl, this would be specified as: curl -F name=@full_path_of_filename <div class=""example""><pre>file=@/home/wrsroot/server-with-key.pem </pre></div>"
+   "Content-Type multipart/form-data", "plain", "xsd:string", "The content of a file. e.g. if using curl, this would be specified as: curl -F name=@full_path_of_filename <div class=""example""><pre>file=@/home/sysadmin/server-with-key.pem </pre></div>"
    "passphrase (Optional)", "plain", "xsd:string", "The passphrase for the PEM file."
    "mode (Optional)", "plain", "xsd:string", "This parameter specifies the type of System certificate. Possible values are: <emphasis xmlns=""http://docbook.org/ns/docbook"">ssl, tpm_mode, docker_registry, openstack, openstack_ca</emphasis>. Default: <emphasis xmlns=""http://docbook.org/ns/docbook"">ssl</emphasis>"
 
diff --git a/controllerconfig/controllerconfig/controllerconfig/common/constants.py b/controllerconfig/controllerconfig/controllerconfig/common/constants.py
index 0fc35f879d..97486b7d7e 100644
--- a/controllerconfig/controllerconfig/controllerconfig/common/constants.py
+++ b/controllerconfig/controllerconfig/controllerconfig/common/constants.py
@@ -61,7 +61,7 @@ SERVICE_ENABLE_TIMEOUT = 180
 MINIMUM_ROOT_DISK_SIZE = 500
 MAXIMUM_CGCS_LV_SIZE = 500
 LDAP_CONTROLLER_CONFIGURE_TIMEOUT = 30
-WRSROOT_MAX_PASSWORD_AGE = 45  # 45 days
+SYSADMIN_MAX_PASSWORD_AGE = 45  # 45 days
 
 LAG_MODE_ACTIVE_BACKUP = "active-backup"
 LAG_MODE_BALANCE_XOR = "balance-xor"
diff --git a/controllerconfig/controllerconfig/controllerconfig/common/validator.py b/controllerconfig/controllerconfig/controllerconfig/common/validator.py
index 8df44ad131..fb0d1da019 100644
--- a/controllerconfig/controllerconfig/controllerconfig/common/validator.py
+++ b/controllerconfig/controllerconfig/controllerconfig/common/validator.py
@@ -38,7 +38,7 @@ MIN_DATABASE_STORAGE = 20
 MIN_IMAGE_STORAGE = 10
 MIN_IMAGE_CONVERSIONS_VOLUME = 20
 
-WRSROOT_PASSWD_NO_AGING = 99999
+SYSADMIN_PASSWD_NO_AGING = 99999
 
 # System mode
 SYSTEM_MODE_DUPLEX = "duplex"
diff --git a/controllerconfig/controllerconfig/controllerconfig/configassistant.py b/controllerconfig/controllerconfig/controllerconfig/configassistant.py
index 3625de7f27..e703584cd4 100644
--- a/controllerconfig/controllerconfig/controllerconfig/configassistant.py
+++ b/controllerconfig/controllerconfig/controllerconfig/configassistant.py
@@ -621,14 +621,14 @@ class ConfigAssistant():
         self.next_lag_index += 1
         return name
 
-    def get_wrsroot_sig(self):
-        """ Get signature for wrsroot user. """
+    def get_sysadmin_sig(self):
+        """ Get signature for sysadmin user. """
 
         # NOTE (knasim): only compute the signature for the entries we're
         # tracking and propagating {password, aging}. This is prevent
         # config-outdated alarms for shadow fields that get modified
         # and we don't track and propagate
-        re_line = re.compile(r'(wrsroot:.*?)\s')
+        re_line = re.compile(r'(sysadmin:.*?)\s')
         with open('/etc/shadow') as shadow_file:
             for line in shadow_file:
                 match = re_line.search(line)
@@ -636,7 +636,7 @@ class ConfigAssistant():
                     # Isolate password(2nd field) and aging(5th field)
                     entry = match.group(1).split(':')
                     entrystr = entry[1] + ":" + entry[4]
-                    self.wrsroot_sig = hashlib.md5(entrystr).hexdigest()
+                    self.sysadmin_sig = hashlib.md5(entrystr).hexdigest()
                     self.passwd_hash = entry[1]
 
     def input_system_mode_config(self):
@@ -2904,8 +2904,8 @@ class ConfigAssistant():
             self.add_password_for_validation('ADMIN_PASSWORD',
                                              self.admin_password)
 
-            if config.has_option('cUSERS', 'WRSROOT_SIG'):
-                raise ConfigFail("The option WRSROOT_SIG is "
+            if config.has_option('cUSERS', 'SYSADMIN_SIG'):
+                raise ConfigFail("The option SYSADMIN_SIG is "
                                  "no longer supported.")
 
             # Licensing configuration
@@ -2914,8 +2914,8 @@ class ConfigAssistant():
                                  "no longer supported")
 
             # Security configuration
-            if config.has_option('cSECURITY', 'CONFIG_WRSROOT_PW_AGE'):
-                raise ConfigFail("The option CONFIG_WRSROOT_PW_AGE is "
+            if config.has_option('cSECURITY', 'CONFIG_SYSADMIN_PW_AGE'):
+                raise ConfigFail("The option CONFIG_SYSADMIN_PW_AGE is "
                                  "no longer supported.")
             if config.has_option('cSECURITY', 'ENABLE_HTTPS'):
                 raise ConfigFail("The option ENABLE_HTTPS is  "
diff --git a/controllerconfig/controllerconfig/controllerconfig/regionconfig.py b/controllerconfig/controllerconfig/controllerconfig/regionconfig.py
index d4799eba35..eee9b66f54 100755
--- a/controllerconfig/controllerconfig/controllerconfig/regionconfig.py
+++ b/controllerconfig/controllerconfig/controllerconfig/regionconfig.py
@@ -566,9 +566,9 @@ def show_help_subcloud():
 def config_main(config_type=REGION_CONFIG):
     allow_ssh = False
     if config_type == REGION_CONFIG:
-        config_file = "/home/wrsroot/region_config"
+        config_file = "/home/sysadmin/region_config"
     elif config_type == SUBCLOUD_CONFIG:
-        config_file = "/home/wrsroot/subcloud_config"
+        config_file = "/home/sysadmin/subcloud_config"
     else:
         raise ConfigFail("Invalid config_type: %s" % config_type)
 
diff --git a/controllerconfig/controllerconfig/controllerconfig/systemconfig.py b/controllerconfig/controllerconfig/controllerconfig/systemconfig.py
index 3f060c1cc8..801b02d66e 100644
--- a/controllerconfig/controllerconfig/controllerconfig/systemconfig.py
+++ b/controllerconfig/controllerconfig/controllerconfig/systemconfig.py
@@ -300,7 +300,7 @@ def main():
     do_clone = False
     do_non_interactive = False
     do_provision = False
-    system_config_file = "/home/wrsroot/system_config"
+    system_config_file = "/home/sysadmin/system_config"
     allow_ssh = False
 
     # Disable completion as the default completer shows python commands
diff --git a/controllerconfig/controllerconfig/controllerconfig/tests/test_region_config.py b/controllerconfig/controllerconfig/controllerconfig/tests/test_region_config.py
index caa8915296..6faf2f121b 100644
--- a/controllerconfig/controllerconfig/controllerconfig/tests/test_region_config.py
+++ b/controllerconfig/controllerconfig/controllerconfig/tests/test_region_config.py
@@ -451,12 +451,12 @@ def _replace_in_file(filename, old, new):
     fileinput.close()
 
 
-@patch('controllerconfig.configassistant.ConfigAssistant.get_wrsroot_sig')
+@patch('controllerconfig.configassistant.ConfigAssistant.get_sysadmin_sig')
 def _test_region_config(tmpdir, inputfile, resultfile,
-                        mock_get_wrsroot_sig):
+                        mock_get_sysadmin_sig):
     """ Test import and generation of answerfile """
 
-    mock_get_wrsroot_sig.return_value = None
+    mock_get_sysadmin_sig.return_value = None
 
     # Create the path to the output file
     outputfile = os.path.join(str(tmpdir), 'output')
diff --git a/puppet-manifests/src/hieradata/controller.yaml b/puppet-manifests/src/hieradata/controller.yaml
index 4fda9b18ed..4f25bb26b0 100644
--- a/puppet-manifests/src/hieradata/controller.yaml
+++ b/puppet-manifests/src/hieradata/controller.yaml
@@ -109,7 +109,7 @@ platform::haproxy::params::global_options:
   log:
     - '127.0.0.1:514 local1 info'
   user: 'haproxy'
-  group: 'wrs_protected'
+  group: 'sys_protected'
   chroot: '/var/lib/haproxy'
   pidfile: '/var/run/haproxy.pid'
   maxconn: '4000'
diff --git a/puppet-manifests/src/hieradata/global.yaml b/puppet-manifests/src/hieradata/global.yaml
index 5572bfa500..d04bcc18f1 100644
--- a/puppet-manifests/src/hieradata/global.yaml
+++ b/puppet-manifests/src/hieradata/global.yaml
@@ -9,7 +9,7 @@ platform::params::controller_1_hostname: controller-1
 platform::params::pxeboot_hostname: pxecontroller
 platform::params::security_feature: nopti nospectre_v2
 platform::amqp::auth_user: guest
-platform::users::params::wrsroot_password_max_age: 45
+platform::users::params::sysadmin_password_max_age: 45
 
 # mtce
 platform::mtce::params::sm_server_port: 2124
diff --git a/puppet-manifests/src/modules/openstack/manifests/horizon.pp b/puppet-manifests/src/modules/openstack/manifests/horizon.pp
index 91b9ed0561..f5c1a1637e 100755
--- a/puppet-manifests/src/modules/openstack/manifests/horizon.pp
+++ b/puppet-manifests/src/modules/openstack/manifests/horizon.pp
@@ -47,7 +47,7 @@ class openstack::horizon
   user { 'www':
     ensure => 'present',
     shell  => '/sbin/nologin',
-    groups => ['wrs_protected'],
+    groups => ['sys_protected'],
   }
 
   file { '/www/tmp':
diff --git a/puppet-manifests/src/modules/openstack/templates/lighttpd.conf.erb b/puppet-manifests/src/modules/openstack/templates/lighttpd.conf.erb
index 67ff348eda..14a0f4f399 100755
--- a/puppet-manifests/src/modules/openstack/templates/lighttpd.conf.erb
+++ b/puppet-manifests/src/modules/openstack/templates/lighttpd.conf.erb
@@ -202,7 +202,7 @@ server.chroot              = "/www"
 server.username            = "www"
 
 ## change uid to <uid> (default: don't care)
-server.groupname           = "wrs_protected"
+server.groupname           = "sys_protected"
 
 ## defaults to /var/tmp
 server.upload-dirs = ( "/tmp" )
diff --git a/puppet-manifests/src/modules/platform/manifests/helm.pp b/puppet-manifests/src/modules/platform/manifests/helm.pp
index c42adf7f60..bf55dde0f9 100644
--- a/puppet-manifests/src/modules/platform/manifests/helm.pp
+++ b/puppet-manifests/src/modules/platform/manifests/helm.pp
@@ -30,19 +30,19 @@ define platform::helm::repository (
     }
 
     $before_relationship = Exec['Stop lighttpd']
-    $require_relationship =  [ User['wrsroot'], Exec["Generate index: ${repo_path}"] ]
+    $require_relationship =  [ User['sysadmin'], Exec["Generate index: ${repo_path}"] ]
   } else {
     $before_relationship = undef
-    $require_relationship =  User['wrsroot']
+    $require_relationship =  User['sysadmin']
   }
 
   exec { "Adding StarlingX helm repo: ${name}":
     before      => $before_relationship,
-    environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf' , 'HOME=/home/wrsroot'],
+    environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf' , 'HOME=/home/sysadmin'],
     command     => "helm repo add ${name} http://127.0.0.1:${repo_port}/helm_charts/${name}",
     logoutput   => true,
-    user        => 'wrsroot',
-    group       => 'wrs',
+    user        => 'sysadmin',
+    group       => 'sys_protected',
     require     => $require_relationship
   }
 }
@@ -62,12 +62,12 @@ class platform::helm::repositories
   }
 
   -> exec { 'Updating info of available charts locally from chart repo':
-    environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf', 'HOME=/home/wrsroot' ],
+    environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf', 'HOME=/home/sysadmin' ],
     command     => 'helm repo update',
     logoutput   => true,
-    user        => 'wrsroot',
-    group       => 'wrs',
-    require     => User['wrsroot']
+    user        => 'sysadmin',
+    group       => 'sys_protected',
+    require     => User['sysadmin']
   }
 }
 
@@ -132,12 +132,12 @@ class platform::helm
       }
 
       -> exec { 'initialize helm':
-        environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf', 'HOME=/home/wrsroot' ],
+        environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf', 'HOME=/home/sysadmin' ],
         command     => "helm init --skip-refresh --service-account tiller --node-selectors \"node-role.kubernetes.io/master\"=\"\" --tiller-image=${gcr_registry}/kubernetes-helm/tiller:v2.13.1  --override spec.template.spec.hostNetwork=true", # lint:ignore:140chars
         logoutput   => true,
-        user        => 'wrsroot',
-        group       => 'wrs',
-        require     => User['wrsroot']
+        user        => 'sysadmin',
+        group       => 'sys_protected',
+        require     => User['sysadmin']
       }
 
       exec { "bind mount ${target_helm_repos_base_dir}":
@@ -150,12 +150,12 @@ class platform::helm
       Class['::platform::kubernetes::master']
 
       -> exec { 'initialize helm':
-        environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf', 'HOME=/home/wrsroot' ],
+        environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf', 'HOME=/home/sysadmin' ],
         command     => 'helm init --skip-refresh --client-only',
         logoutput   => true,
-        user        => 'wrsroot',
-        group       => 'wrs',
-        require     => User['wrsroot']
+        user        => 'sysadmin',
+        group       => 'sys_protected',
+        require     => User['sysadmin']
       }
     }
 
diff --git a/puppet-manifests/src/modules/platform/manifests/kubernetes.pp b/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
index 76663a521b..471ec8c69a 100644
--- a/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
+++ b/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
@@ -227,7 +227,7 @@ class platform::kubernetes::master::init
     }
 
     # Update ownership/permissions for file created by "kubeadm init".
-    # We want it readable by sysinv and wrsroot.
+    # We want it readable by sysinv and sysadmin.
     -> file { '/etc/kubernetes/admin.conf':
       ensure => file,
       owner  => 'root',
@@ -382,7 +382,7 @@ class platform::kubernetes::master::init
       }
 
       # Update ownership/permissions for file created by "kubeadm init".
-      # We want it readable by sysinv and wrsroot.
+      # We want it readable by sysinv and sysadmin.
       -> file { '/etc/kubernetes/admin.conf':
         ensure => file,
         owner  => 'root',
diff --git a/puppet-manifests/src/modules/platform/manifests/ldap.pp b/puppet-manifests/src/modules/platform/manifests/ldap.pp
index 86944d78aa..b3d6ee7146 100644
--- a/puppet-manifests/src/modules/platform/manifests/ldap.pp
+++ b/puppet-manifests/src/modules/platform/manifests/ldap.pp
@@ -137,10 +137,10 @@ class platform::ldap::bootstrap
   -> exec { 'create ldap protected group':
     command => "ldapaddgroup ${::platform::params::protected_group_name} ${::platform::params::protected_group_id}"
   }
-  -> exec { 'add admin to wrs protected group' :
+  -> exec { 'add admin to sys_protected protected group' :
     command => "ldapaddusertogroup admin ${::platform::params::protected_group_name}",
   }
-  -> exec { 'add operator to wrs protected group' :
+  -> exec { 'add operator to sys_protected protected group' :
     command => "ldapaddusertogroup operator ${::platform::params::protected_group_name}",
   }
 
diff --git a/puppet-manifests/src/modules/platform/manifests/params.pp b/puppet-manifests/src/modules/platform/manifests/params.pp
index 71c953aef6..9ef50eb273 100644
--- a/puppet-manifests/src/modules/platform/manifests/params.pp
+++ b/puppet-manifests/src/modules/platform/manifests/params.pp
@@ -30,7 +30,9 @@ class platform::params (
 
   $nfs_mount_options = "timeo=30,proto=${nfs_proto},vers=3,rsize=${nfs_rw_size},wsize=${nfs_rw_size}"
 
-  $protected_group_name = 'wrs_protected'
+  $sysadmin_user_name = 'sysadmin'
+  $sysadmin_user_dir = '/home/sysadmin'
+  $protected_group_name = 'sys_protected'
   $protected_group_id = '345'
 
   # PUPPET 4 treats custom facts as strings. We convert to int by adding zero.
diff --git a/puppet-manifests/src/modules/platform/manifests/sysinv.pp b/puppet-manifests/src/modules/platform/manifests/sysinv.pp
index af67e2ee98..c2c1178add 100644
--- a/puppet-manifests/src/modules/platform/manifests/sysinv.pp
+++ b/puppet-manifests/src/modules/platform/manifests/sysinv.pp
@@ -28,7 +28,7 @@ class platform::sysinv
     ensure           => 'present',
     comment          => 'sysinv Daemons',
     gid              => '168',
-    groups           => ['nobody', 'sysinv', 'wrs_protected'],
+    groups           => ['nobody', 'sysinv', 'sys_protected'],
     home             => '/var/lib/sysinv',
     password         => '!!',
     password_max_age => '-1',
diff --git a/puppet-manifests/src/modules/platform/manifests/users.pp b/puppet-manifests/src/modules/platform/manifests/users.pp
index 9a9e5245b1..84396ce5fd 100644
--- a/puppet-manifests/src/modules/platform/manifests/users.pp
+++ b/puppet-manifests/src/modules/platform/manifests/users.pp
@@ -1,6 +1,6 @@
 class platform::users::params (
-  $wrsroot_password = undef,
-  $wrsroot_password_max_age = undef,
+  $sysadmin_password = undef,
+  $sysadmin_password_max_age = undef,
 ) {}
 
 
@@ -9,27 +9,23 @@ class platform::users
 
   include ::platform::params
 
-  group { 'wrs':
+  # Create a 'sys_protected' group for sysadmin and all openstack services
+  # (including StarlingX services: sysinv, etc.).
+  group { $::platform::params::protected_group_name:
     ensure => 'present',
+    gid    => $::platform::params::protected_group_id,
   }
 
-  # WRS: Create a 'wrs_protected' group for wrsroot and all openstack services
-  # (including TiS services: sysinv, etc.).
-  -> group { $::platform::params::protected_group_name:
-    ensure => 'present',
-    gid    =>  $::platform::params::protected_group_id,
-  }
-
-  -> user { 'wrsroot':
+  -> user { 'sysadmin':
     ensure           => 'present',
-    groups           => ['wrs', 'root', $::platform::params::protected_group_name],
-    home             => '/home/wrsroot',
-    password         => $wrsroot_password,
-    password_max_age => $wrsroot_password_max_age,
+    groups           => ['root', $::platform::params::protected_group_name],
+    home             => '/home/sysadmin',
+    password         => $sysadmin_password,
+    password_max_age => $sysadmin_password_max_age,
     shell            => '/bin/sh',
   }
 
-  # WRS: Keyring should only be executable by 'wrs_protected'.
+  # Keyring should only be executable by 'sys_protected'.
   -> file { '/usr/bin/keyring':
     owner => 'root',
     group =>  $::platform::params::protected_group_name,
@@ -43,20 +39,16 @@ class platform::users::bootstrap
 
   include ::platform::params
 
-  group { 'wrs':
-    ensure => 'present',
-  }
-
-  -> group { $::platform::params::protected_group_name:
+  group { $::platform::params::protected_group_name:
     ensure => 'present',
     gid    => $::platform::params::protected_group_id,
   }
 
-  -> user { 'wrsroot':
+  -> user { 'sysadmin':
     ensure           => 'present',
-    groups           => ['wrs', 'root', $::platform::params::protected_group_name],
-    home             => '/home/wrsroot',
-    password_max_age => $wrsroot_password_max_age,
+    groups           => ['root', $::platform::params::protected_group_name],
+    home             => '/home/sysadmin',
+    password_max_age => $sysadmin_password_max_age,
     shell            => '/bin/sh',
   }
 }
diff --git a/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/user.py b/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/user.py
index 4fe5e2d9dc..69f085c1ee 100644
--- a/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/user.py
+++ b/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/user.py
@@ -37,7 +37,7 @@ from wsme import types as wtypes
 
 LOG = log.getLogger(__name__)
 
-IUSERS_ROOT_USERNAME = 'wrsroot'
+IUSERS_ROOT_USERNAME = 'sysadmin'
 
 
 class UserPatchType(types.JsonPatchType):
@@ -300,11 +300,11 @@ class UserController(rest.RestController):
             return User.convert_with_links(rpc_user)
 
         except exception.HTTPNotFound:
-            msg = _("User wrsroot update failed: system %s user %s : patch %s"
+            msg = _("User sysadmin update failed: system %s user %s : patch %s"
                     % (isystem['systemname'], user, patch))
             raise wsme.exc.ClientSideError(msg)
         except exception.KeyError:
-            msg = _("Cannot retrieve shadow entry for wrsroot: system %s : patch %s"
+            msg = _("Cannot retrieve shadow entry for sysadmin: system %s : patch %s"
                     % (isystem['systemname'], patch))
             raise wsme.exc.ClientSideError(msg)
 
diff --git a/sysinv/sysinv/sysinv/sysinv/common/constants.py b/sysinv/sysinv/sysinv/sysinv/common/constants.py
index 5d9abd3ae4..e766a0653b 100644
--- a/sysinv/sysinv/sysinv/sysinv/common/constants.py
+++ b/sysinv/sysinv/sysinv/sysinv/common/constants.py
@@ -1185,10 +1185,10 @@ LLDP_FULL_AUDIT_COUNT = 6
 FM_SUPPRESSED = 'suppressed'
 FM_UNSUPPRESSED = 'unsuppressed'
 
-# wrsroot password aging.
+# sysadmin password aging.
 # Setting aging to max defined value qualifies
 # as "never" on certain Linux distros including WRL
-WRSROOT_PASSWORD_NO_AGING = 99999
+SYSADMIN_PASSWORD_NO_AGING = 99999
 
 # SDN Controller
 SDN_CONTROLLER_STATE_ENABLED = 'enabled'
@@ -1298,7 +1298,7 @@ NETWORK_CONFIG_LOCK_FILE = os.path.join(
 
 SYSINV_USERNAME = "sysinv"
 SYSINV_GRPNAME = "sysinv"
-SYSINV_WRS_GRPNAME = "wrs_protected"
+SYSINV_SYSADMIN_GRPNAME = "sys_protected"
 
 # This is the first report sysinv is sending to conductor since boot
 SYSINV_AGENT_FIRST_REPORT = 'first_report'
diff --git a/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py b/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py
index 3ca28cd47d..ff63b6d336 100644
--- a/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py
+++ b/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py
@@ -272,9 +272,9 @@ class AppOperator(object):
             if not os.path.isdir(app.path):
                 create_app_path(app.path)
 
-            # Temporarily change /scratch group ownership to wrs_protected
+            # Temporarily change /scratch group ownership to sys_protected
             os.chown(constants.APP_INSTALL_ROOT_PATH, orig_uid,
-                     grp.getgrnam(constants.SYSINV_WRS_GRPNAME).gr_gid)
+                     grp.getgrnam(constants.SYSINV_SYSADMIN_GRPNAME).gr_gid)
 
             # Extract the tarfile as sysinv user
             if not cutils.extract_tarfile(app.path, app.tarfile, demote_user=True):
@@ -613,9 +613,9 @@ class AppOperator(object):
         orig_uid, orig_gid = get_app_install_root_path_ownership()
         helm_repo = self._get_helm_repo_from_metadata(app)
         try:
-            # Temporarily change /scratch group ownership to wrs_protected
+            # Temporarily change /scratch group ownership to sys_protected
             os.chown(constants.APP_INSTALL_ROOT_PATH, orig_uid,
-                     grp.getgrnam(constants.SYSINV_WRS_GRPNAME).gr_gid)
+                     grp.getgrnam(constants.SYSINV_SYSADMIN_GRPNAME).gr_gid)
             with open(os.devnull, "w") as fnull:
                 for chart in charts:
                     subprocess.check_call(['helm-upload', helm_repo, chart],
@@ -1914,14 +1914,14 @@ class DockerHelper(object):
                 if not os.path.exists(ARMADA_HOST_LOG_LOCATION):
                     os.mkdir(ARMADA_HOST_LOG_LOCATION)
                     os.chmod(ARMADA_HOST_LOG_LOCATION, 0o755)
-                    os.chown(ARMADA_HOST_LOG_LOCATION, 1000, grp.getgrnam("wrs").gr_gid)
+                    os.chown(ARMADA_HOST_LOG_LOCATION, 1000, grp.getgrnam("sys_protected").gr_gid)
 
                 # First make kubernetes config accessible to Armada. This
                 # is a work around the permission issue in Armada container.
                 kube_config = os.path.join(constants.APP_SYNCED_DATA_PATH,
                                            'admin.conf')
                 shutil.copy('/etc/kubernetes/admin.conf', kube_config)
-                os.chown(kube_config, 1000, grp.getgrnam("wrs").gr_gid)
+                os.chown(kube_config, 1000, grp.getgrnam("sys_protected").gr_gid)
 
                 overrides_dir = common.HELM_OVERRIDES_PATH
                 manifests_dir = constants.APP_SYNCED_DATA_PATH
diff --git a/sysinv/sysinv/sysinv/sysinv/helm/utils.py b/sysinv/sysinv/sysinv/sysinv/helm/utils.py
index 0c40012c23..ee8e3f2d40 100644
--- a/sysinv/sysinv/sysinv/sysinv/helm/utils.py
+++ b/sysinv/sysinv/sysinv/sysinv/helm/utils.py
@@ -1,4 +1,4 @@
-# vim: tabstop=4 shiftwidth=4 softtabstop=4
+# sim: tabstop=4 shiftwidth=4 softtabstop=4
 #
 # Copyright (c) 2019 Wind River Systems, Inc.
 #
@@ -32,12 +32,12 @@ def refresh_helm_repo_information():
     """
     with open(os.devnull, "w") as fnull:
         try:
-            subprocess.check_call(['sudo', '-u', 'wrsroot',
+            subprocess.check_call(['sudo', '-u', 'sysadmin',
                                    'helm', 'repo', 'update'],
                                   stdout=fnull, stderr=fnull)
         except subprocess.CalledProcessError:
             # Just log an error. Don't stop any callers from further execution.
-            LOG.error("Failed to update helm repo data for user wrsroot.")
+            LOG.error("Failed to update helm repo data for user sysadmin.")
 
 
 def retrieve_helm_releases():
diff --git a/sysinv/sysinv/sysinv/sysinv/puppet/platform.py b/sysinv/sysinv/sysinv/sysinv/puppet/platform.py
index a1399bbfef..bd5ea485d9 100644
--- a/sysinv/sysinv/sysinv/sysinv/puppet/platform.py
+++ b/sysinv/sysinv/sysinv/sysinv/puppet/platform.py
@@ -235,9 +235,9 @@ class PlatformPuppet(base.BasePuppet):
     def _get_user_config(self):
         user = self.dbapi.iuser_get_one()
         return {
-            'platform::users::params::wrsroot_password':
+            'platform::users::params::sysadmin_password':
                 user.passwd_hash,
-            'platform::users::params::wrsroot_password_max_age':
+            'platform::users::params::sysadmin_password_max_age':
                 user.passwd_expiry_days,
         }