Setup User Account

Overview

This function adds, edits, and deletes the user account.

Up to 60 user accounts can be set.

Caution
  • The current user's (your) account cannot be changed or deleted.

  • When using the SSH Client Key authentication, create a pair of the SSH client public key and the SSH client secret key in advance, using the creation tool. One public key can be registered per user account. When this function is executed, the public key is registered in the storage system.

  • The following types (formats) of public keys can be used:
    • IETF style DSA for SSH v2

    • IETF style RSA for SSH v2

    The supported maximum encryption strength for the public key is 4096-bit.
Note
  • To improve the security level of the password, specify a user policy (password policy and lockout policy). Refer to the [Modify User Policy] function for details. Use this function to set whether to enable or disable a user policy for each user account.

  • When a user account is deleted, the SSH client public key registered in the storage system is also deleted.

  • When a user account is initialized, the following settings are initialized. Refer to the [Initialize User Account] function for details.
    • The password for the default account is restored to the default password.

    • The user policy for the default account is disabled.

  • To change the current user's (your) password, use the [Change User Password] function.

  • To change the current user's (your) SSH public key, use the [Set SSH Public Key] function.

User Privileges

Availability of Executions in the Default Role

Default role Availability of executions
Monitor  
Admin
StorageAdmin  
AccountAdmin
SecurityAdmin  
Maintainer  

Refer to "User Roles and Policies" for details on the policies and roles.

Display Contents

Registered User Account List

Item Description

User ID

The user ID is displayed.

Role

The user's role is displayed.

Monitor

Admin

StorageAdmin

AccountAdmin

SecurityAdmin

Maintainer

Software

Custom role

Account

Whether the user account is enabled or disabled is displayed.

Disabled user accounts cannot be used.

Password Policy

Whether the password policy is enabled or disabled is displayed.

Lockout Policy

Whether the lockout policy is enabled or disabled is displayed.

SSH Public Key

Whether the SSH client public key used for login authentication from CLI is registered or not registered is displayed.

Last Password Setting Date

The date and time (YYYY-MM-DD hh:mm:ss) when the password was last changed is displayed.

For user accounts with any of the following conditions, a "-" (hyphen) is displayed.

  • User accounts with the "Password Policy" setting disabled

  • User accounts with the "Password Policy" setting enabled, but "0 (Unrestricted)" is specified for the "Minimum Password Age" and the "Maximum Password Age" settings with the [Modify User Policy] function.

  • User accounts registered with the "Password Policy" setting disabled. The setting is enabled later on but the password has not been changed yet.

Days To Password Change

The period in which the password becomes changeable from the current time is displayed with the "number of days", "Less than 24 hours", or "Changeable".

This item displays the current state determined according to the "Minimum Password Age" (which can be configured in the "Password Policy" field of the [Modify User Policy] function) from "Last Password Setting Date". For example, if "Last Password Setting Date" is "2019-01-10 12:00:00" and the "Minimum Password Age" setting is "10", the following values are displayed.

  • When the current date is January 15th, "5" is displayed (five days left until the password becomes changeable).

  • When the current date is January 20th, "Less than 24 hours" is displayed (the password becomes changeable within 24 hours).

  • When the current date is January 25th, "Changeable" is displayed.

If a "-" (hyphen) is displayed for "Last Password Setting Date", a "-" (hyphen) is also displayed for this item.

Days To Expiration

The available period of the password from the current time is displayed with the "number of days", "Less than 24 hours", or "Expired".

This item displays the current state determined according to the "Maximum Password Age" (which can be configured in the "Password Policy" field of the [Modify User Policy] function) from "Last Password Setting Date". For example, if "Last Password Setting Date" is "2019-01-10 12:00:00" and the "Maximum Password Age" setting is "30", the following values are displayed.

  • When the current date is January 15th, "25" is displayed (the password is available for 25 days).

  • When the current date is February 9th, "Less than 24 hours" is displayed (the password expires within 24 hours).

  • When the current date is February 10th, "Expired" is displayed.

If a "-" (hyphen) is displayed for "Last Password Setting Date", a "-" (hyphen) is also displayed for this item.

Settings

Add New User Account

In this screen, add a user account.

Item Description Setting values

User ID

Input a user ID.

An existing user ID cannot be used.

Entered letters are case-sensitive.

Note
  • The number of characters that can be used for the user ID is displayed to the right of the input field.

Up to 32 alphanumeric characters

and symbols ('!', '-', '_', '.')

New Password

Input a password.

Entered letters are case-sensitive.

If "Enable" is selected for "Password Policy", the following input conditions are added according to the configuration with the [Modify User Policy] function.

  • Minimum Password Length

  • Password Complexity

  • Password History

Caution
  • An error screen appears if the password does not satisfy the input conditions. The following shows procedures corresponding to each error.
    • If "Minimum Password Length" is not satisfied

      The entered password is less than the required number of characters. Check the minimum length ("x") displayed in the "x - 64" format to the right of the password input field.

    • If "Password Complexity" is not satisfied

      The required character types have not been used in the entered password. At least three of the following character types must be used; "uppercase letters", "lowercase letters", "numeric characters", and "symbols".

    • If "Password History" is not satisfied

      The entered password does not meet the reuse condition. The same password that was previously set (between the latest and the specified number of generations) cannot be used. Set a different password.

Note
  • Refer to the "Password Policy" settings in advance for details about "Password Complexity" and "Password History". Refer to the [Modify User Policy] function for details.

If "Disable" is selected for "Password Policy"

  • Number of characters

    4 - 64

  • Type of characters

    Alphanumeric characters and symbols

    ('!', '"', '#', '$', '%', '&', ''', '(', ')', '*', '+', ',', '-', '.', '/', '@', '[', '\', ']', '^', '_', '`', '{', '|', '}', '~', ':', ';', '<', '=', '>', '?')

If "Enable" is selected for "Password Policy"

  • When "Password Complexity" is enabled
    • Number of characters

      "Minimum password length" to 64 (minimum password length: 4 - 64)

    • Type of characters

      At least three of the following character types must be used.

      • Uppercase letters (A - Z)

      • Lowercase letters (a - z)

      • Numeric characters (0 - 9)

      • Symbols

        ('!', '"', '#', '$', '%', '&', ''', '(', ')', '*', '+', ',', '-', '.', '/', '@', '[', '\', ']', '^', '_', '`', '{', '|', '}', '~', ':', ';', '<', '=', '>', '?')

  • When "Password Complexity" is disabled
    • Number of characters

      "Minimum password length" to 64 (minimum password length: 4 - 64)

    • Type of characters

      Alphanumeric characters and symbols

      ('!', '"', '#', '$', '%', '&', ''', '(', ')', '*', '+', ',', '-', '.', '/', '@', '[', '\', ']', '^', '_', '`', '{', '|', '}', '~', ':', ';', '<', '=', '>', '?')

Confirm New Password

Input the same character string as the value entered in the "New Password" field for confirmation.

Same character string as the "New Password" field

Role

Select the user role that is to be assigned to the user ID.

The default and custom roles registered in the storage system are displayed as the options.

Caution
  • "Software" is the role that is used for external software. A user account with the "Software" role cannot log in to Web GUI.

  • For tenant users, only the "Monitor" and "StorageAdmin" roles can be assigned. Use CLI to check whether the user account of the modification target is a tenant user.

Monitor

Admin

StorageAdmin

AccountAdmin

SecurityAdmin

Maintainer

Software

Custom role

Account

Select whether to "Enable" or "Disable" the user account.

If the user account is disabled, that user account is registered but cannot be used.

Enable (Default)

Disable

SSH Public Key

Register the SSH client public key used for login authentication from CLI in the storage system.

Click the [Browse...] button and specify the public key to be registered.

When using the SSH client key authentication, register the SSH public key in the storage system and prepare the SSH secret key, corresponding to the public key in the client PC in advance.

SSH Public Key

Blank (Default)

Password Policy

Select whether to "Enable" or "Disable" the password policy.

If "Enable" is selected, the following input conditions are added according to the "Password Policy" setting that is specified with the [Modify User Policy] function.

  • Minimum Password Length

  • Password Complexity

  • Password History

Caution
  • The "Password Policy" is not applied to a user account with the "Software" role because it is used for external software. Note that "Enable" cannot be selected in this case.

Note
  • Check the "Password Policy" setting before selecting "Enable" for this item. Refer to the [Modify User Policy] function for details.

Enable

Disable (Default)

Lockout Policy

Select whether to "Enable" or "Disable" the lockout policy.

If "Enable" is selected, the following items are applied to a user account according to the "Lockout Policy" setting that is specified with the [Modify User Policy] function.

  • Lockout Threshold

  • Lockout Duration

Caution
  • The "Lockout Policy" is not applied to a user account with the "Software" role because it is used for external software. Note that "Enable" cannot be selected in this case.

Note
  • Check the "Lockout Policy" setting before selecting "Enable" for this item. Refer to the [Modify User Policy] function for details.

Enable

Disable (Default)

Edit User Account

In this screen, modify the registered settings of a user account.

Caution
  • Any user account information other than the following parameters can be changed.
    • User ID

    • The "Password Policy" and "Lockout Policy" that are applied to a user account set with the "Software" role

  • Changed user accounts become available at the next login.

Item Description

Checkbox

Select the checkbox for the user account that is to be modified.

Edit User Account

Item Description Setting values

User ID

The user ID is displayed.

Change Password

Only when changing the password, select the "Change Password" checkbox.

When the "Change Password" checkbox is selected, enter a new password in "New Password" and "Confirm New Password".

Selected: Change password

Cleared

New Password

Input a new password.

Entered letters are case-sensitive.

If "Enable" is selected for "Password Policy", the following input conditions are added according to the configuration with the [Modify User Policy] function.

  • Minimum Password Length

  • Password Complexity

  • Password History

Caution
  • Passwords must be changed for user IDs with "Expired" displayed in the "Days To Expiration" field of "Registered User Account List".

  • Passwords can be changed for user IDs with "Changeable" displayed in the "Days To Password Change" field of "Registered User Account List".

  • An error screen appears if the password does not satisfy the input conditions for changing passwords. The following shows procedures corresponding to each error.
    • If "Minimum Password Length" is not satisfied

      The entered password is less than the required number of characters. Check the minimum length ("x") displayed in the "x - 64" format to the right of the password input field.

    • If "Password Complexity" is not satisfied

      The required character types have not been used in the entered password. At least three of the following character types must be used; "uppercase letters", "lowercase letters", "numeric characters", and "symbols".

    • If "Password History" is not satisfied

      The entered password does not meet the reuse condition. The same password that was previously set (between the latest and the specified number of generations) cannot be used. Set a different password.

Note
  • Refer to the "Password Policy" settings in advance for details about "Password Complexity" and "Password History". Refer to the [Modify User Policy] function for details.

If "Disable" is selected for "Password Policy"

  • Number of characters

    4 - 64

  • Type of characters

    Alphanumeric characters and symbols

    ('!', '"', '#', '$', '%', '&', ''', '(', ')', '*', '+', ',', '-', '.', '/', '@', '[', '\', ']', '^', '_', '`', '{', '|', '}', '~', ':', ';', '<', '=', '>', '?')

If "Enable" is selected for "Password Policy"

  • When "Password Complexity" is enabled
    • Number of characters

      "Minimum password length" to 64 (minimum password length: 4 - 64)

    • Type of characters

      At least three of the following character types must be used.

      • Uppercase letters (A - Z)

      • Lowercase letters (a - z)

      • Numeric characters (0 - 9)

      • Symbols

        ('!', '"', '#', '$', '%', '&', ''', '(', ')', '*', '+', ',', '-', '.', '/', '@', '[', '\', ']', '^', '_', '`', '{', '|', '}', '~', ':', ';', '<', '=', '>', '?')

  • When "Password Complexity" is disabled
    • Number of characters

      "Minimum password length" to 64 (minimum password length: 4 - 64)

    • Type of characters

      Alphanumeric characters and symbols

      ('!', '"', '#', '$', '%', '&', ''', '(', ')', '*', '+', ',', '-', '.', '/', '@', '[', '\', ']', '^', '_', '`', '{', '|', '}', '~', ':', ';', '<', '=', '>', '?')

Confirm New Password

Input the same character string as the value entered in the "New Password" field for confirmation.

Same character string as the new password

Role

Select the user role that is to be assigned to the user ID.

The default and custom roles registered in the storage system are displayed as the options.

Caution
  • "Software" is the role that is used for external software. A user account with the "Software" role cannot log in to Web GUI.

  • For tenant users, only the "Monitor" and "StorageAdmin" roles can be assigned. Use CLI to check whether the user account of the modification target is a tenant user.

Monitor

Admin

StorageAdmin

AccountAdmin

SecurityAdmin

Maintainer

Software

Custom role

Account

Select whether to "Enable" or "Disable" the user account.

If the user account is disabled, that user account is registered but cannot be used.

Enable

Disable

SSH Public Key

Register the SSH client public key used for login authentication from CLI in the storage system.

Click the [Browse...] button and specify the public key to be registered.

When using the SSH client key authentication, register the SSH public key in the storage system and prepare the SSH secret key, corresponding to the public key in the client PC in advance.

SSH Public Key

Password Policy

Select whether to "Enable" or "Disable" the password policy.

If "Enable" is selected, the following input conditions are added according to the "Password Policy" setting that is specified with the [Modify User Policy] function.

  • Minimum Password Length

  • Password Complexity

  • Password History

Caution
  • The "Password Policy" is not applied to a user account with the "Software" role because it is used for external software. Note that "Enable" cannot be selected in this case.

Note
  • Check the "Password Policy" setting before selecting "Enable" for this item. Refer to the [Modify User Policy] function for details.

Enable

Disable

Lockout Policy

Select whether to "Enable" or "Disable" the lockout policy.

If "Enable" is selected, the following items are applied to a user account according to the "Lockout Policy" setting that is specified with the [Modify User Policy] function.

  • Lockout Threshold

  • Lockout Duration

Caution
  • The "Lockout Policy" is not applied to a user account with the "Software" role because it is used for external software. Note that "Enable" cannot be selected in this case.

Note
  • Check the "Lockout Policy" setting before selecting "Enable" for this item. Refer to the [Modify User Policy] function for details.

Enable

Disable

Delete User Account

In this screen, delete a user account.

Caution
  • The last user account with administrator privileges (role of "Admin") assigned cannot be deleted.

  • Deleted user accounts will be unavailable from the next login.

Item Description

Checkbox

Select the checkbox for the user account that is to be deleted.

Operating Procedures

Add User Account

  1. Click [Setup User Account] in [Action].

  2. Click the [Add] button.

  3. Specify the parameters, and click the [Apply] button.

    → A confirmation screen appears.

    Caution
    • An error screen appears in the following conditions:
      • Each parameter fails to satisfy the input conditions

      • The user ID is already registered

      • "User ID", "New Password" and/or "Confirm New Password" is not entered

      • "New Password" does not match "Confirm New Password"

  4. Click the [OK] button.

    → Addition of the user account starts.

  5. Click the [Done] button to return to the [Define Role] screen.

Edit User Account

  1. Click [Setup User Account] in [Action].

  2. Select the user account that is to be modified and click the [Edit] button.

  3. Change the parameters, and click the [Apply] button.

    → A confirmation screen appears.

    Note
    • To change the password, select the "Change Password" checkbox.

    • To delete an SSH public key, select the "Delete" checkbox and click the [Apply] button.

      The "Delete" checkbox appears only if the SSH public key has already been registered.

    Caution
    • An error screen appears in the following conditions:
      • Each parameter fails to satisfy the input conditions

      • The "Change Password" checkbox is selected and "New Password" and/or "Confirm New Password" is not entered

      • The "Change Password" checkbox is selected and "New Password" does not match "Confirm New Password"

  4. Click the [OK] button.

    → The user account setup starts.

  5. Click the [Done] button to return to the [Define Role] screen.

Delete User Account

  1. Click [Setup User Account] in [Action].

  2. Select the deletion target user accounts (multiple selections can be made), and click the [Delete] button.

    → A confirmation screen appears.

  3. Click the [OK] button.

    → The user account deletion starts.

  4. Click the [Done] button to return to the [Define Role] screen.