Setup User Account

Overview

This function adds, edits, and deletes the user account.

Up to 60 user accounts can be set.

Caution

The current user's (your) account cannot be changed or deleted.
When using the SSH Client Key authentication, create a pair of the SSH client public key and the SSH client secret key in advance, using the creation tool. One public key can be registered per user account. When this function is executed, the public key is registered in the storage system.
The following types (formats) of public keys can be used:
- IETF style DSA for SSH v2
- IETF style RSA for SSH v2
The supported maximum encryption strength for the public key is 4096-bit.

Note

To improve the security level of the password, specify a user policy (password policy and lockout policy). Refer to the [Modify User Policy] function for details. Use this function to set whether to enable or disable a user policy for each user account.
When a user account is deleted, the SSH client public key registered in the storage system is also deleted.
When a user account is initialized, the following settings are initialized. Refer to the [Initialize User Account] function for details.
- The password for the default account is restored to the default password.
- The user policy for the default account is disabled.
To change the current user's (your) password, use the [Change User Password] function.
To change the current user's (your) SSH public key, use the [Set SSH Public Key] function.

User Privileges

Availability of Executions in the Default Role

Default role	Availability of executions
Monitor
Admin
StorageAdmin
AccountAdmin
SecurityAdmin
Maintainer

Refer to "User Roles and Policies" for details on the policies and roles.

Display Contents

Registered User Account List

Item	Description
User ID	The user ID is displayed.
Role	The user's role is displayed. Monitor Admin StorageAdmin AccountAdmin SecurityAdmin Maintainer Software Custom role
Account	Whether the user account is enabled or disabled is displayed. Disabled user accounts cannot be used.
Password Policy	Whether the password policy is enabled or disabled is displayed.
Lockout Policy	Whether the lockout policy is enabled or disabled is displayed.
SSH Public Key	Whether the SSH client public key used for login authentication from CLI is registered or not registered is displayed.
Last Password Setting Date	The date and time (YYYY-MM-DD hh:mm:ss) when the password was last changed is displayed. For user accounts with any of the following conditions, a "-" (hyphen) is displayed. User accounts with the "Password Policy" setting disabled User accounts with the "Password Policy" setting enabled, but "0 (Unrestricted)" is specified for the "Minimum Password Age" and the "Maximum Password Age" settings with the [Modify User Policy] function. User accounts registered with the "Password Policy" setting disabled. The setting is enabled later on but the password has not been changed yet.
Days To Password Change	The period in which the password becomes changeable from the current time is displayed with the "number of days", "Less than 24 hours", or "Changeable". This item displays the current state determined according to the "Minimum Password Age" (which can be configured in the "Password Policy" field of the [Modify User Policy] function) from "Last Password Setting Date". For example, if "Last Password Setting Date" is "2019-01-10 12:00:00" and the "Minimum Password Age" setting is "10", the following values are displayed. When the current date is January 15th, "5" is displayed (five days left until the password becomes changeable). When the current date is January 20th, "Less than 24 hours" is displayed (the password becomes changeable within 24 hours). When the current date is January 25th, "Changeable" is displayed. If a "-" (hyphen) is displayed for "Last Password Setting Date", a "-" (hyphen) is also displayed for this item.
Days To Expiration	The available period of the password from the current time is displayed with the "number of days", "Less than 24 hours", or "Expired". This item displays the current state determined according to the "Maximum Password Age" (which can be configured in the "Password Policy" field of the [Modify User Policy] function) from "Last Password Setting Date". For example, if "Last Password Setting Date" is "2019-01-10 12:00:00" and the "Maximum Password Age" setting is "30", the following values are displayed. When the current date is January 15th, "25" is displayed (the password is available for 25 days). When the current date is February 9th, "Less than 24 hours" is displayed (the password expires within 24 hours). When the current date is February 10th, "Expired" is displayed. If a "-" (hyphen) is displayed for "Last Password Setting Date", a "-" (hyphen) is also displayed for this item.

Settings

Add New User Account

In this screen, add a user account.

Item	Description	Setting values
User ID	Input a user ID. An existing user ID cannot be used. Entered letters are case-sensitive. Note The number of characters that can be used for the user ID is displayed to the right of the input field.	Up to 32 alphanumeric characters and symbols ('!', '-', '_', '.')
New Password	Input a password. Entered letters are case-sensitive. If "Enable" is selected for "Password Policy", the following input conditions are added according to the configuration with the [Modify User Policy] function. Minimum Password Length Password Complexity Password History Caution An error screen appears if the password does not satisfy the input conditions. The following shows procedures corresponding to each error. If "Minimum Password Length" is not satisfied The entered password is less than the required number of characters. Check the minimum length ("x") displayed in the "x - 64" format to the right of the password input field. If "Password Complexity" is not satisfied The required character types have not been used in the entered password. At least three of the following character types must be used; "uppercase letters", "lowercase letters", "numeric characters", and "symbols". If "Password History" is not satisfied The entered password does not meet the reuse condition. The same password that was previously set (between the latest and the specified number of generations) cannot be used. Set a different password. Note Refer to the "Password Policy" settings in advance for details about "Password Complexity" and "Password History". Refer to the [Modify User Policy] function for details.	If "Disable" is selected for "Password Policy" Number of characters 4 - 64 Type of characters Alphanumeric characters and symbols ('!', '"', '#', '$', '%', '&', ''', '(', ')', '', '+', ',', '-', '.', '/', '@', '[', '\', ']', '^', '_', '`', '{', '\|', '}', '~', ':', ';', '<', '=', '>', '?') If "Enable" is selected for "Password Policy" When "Password Complexity" is enabled Number of characters "Minimum password length" to 64 (minimum password length: 4 - 64) Type of characters At least three of the following character types must be used. Uppercase letters (A - Z) Lowercase letters (a - z) Numeric characters (0 - 9) Symbols ('!', '"', '#', '$', '%', '&', ''', '(', ')', '', '+', ',', '-', '.', '/', '@', '[', '\', ']', '^', '_', '`', '{', '\|', '}', '~', ':', ';', '<', '=', '>', '?') When "Password Complexity" is disabled Number of characters "Minimum password length" to 64 (minimum password length: 4 - 64) Type of characters Alphanumeric characters and symbols ('!', '"', '#', '$', '%', '&', ''', '(', ')', '*', '+', ',', '-', '.', '/', '@', '[', '\', ']', '^', '_', '`', '{', '\|', '}', '~', ':', ';', '<', '=', '>', '?')
Confirm New Password	Input the same character string as the value entered in the "New Password" field for confirmation.	Same character string as the "New Password" field
Role	Select the user role that is to be assigned to the user ID. The default and custom roles registered in the storage system are displayed as the options. Caution "Software" is the role that is used for external software. A user account with the "Software" role cannot log in to Web GUI. For tenant users, only the "Monitor" and "StorageAdmin" roles can be assigned. Use CLI to check whether the user account of the modification target is a tenant user.	Monitor Admin StorageAdmin AccountAdmin SecurityAdmin Maintainer Software Custom role
Account	Select whether to "Enable" or "Disable" the user account. If the user account is disabled, that user account is registered but cannot be used.	Enable (Default) Disable
SSH Public Key	Register the SSH client public key used for login authentication from CLI in the storage system. Click the [Browse...] button and specify the public key to be registered. When using the SSH client key authentication, register the SSH public key in the storage system and prepare the SSH secret key, corresponding to the public key in the client PC in advance.	SSH Public Key Blank (Default)
Password Policy	Select whether to "Enable" or "Disable" the password policy. If "Enable" is selected, the following input conditions are added according to the "Password Policy" setting that is specified with the [Modify User Policy] function. Minimum Password Length Password Complexity Password History Caution The "Password Policy" is not applied to a user account with the "Software" role because it is used for external software. Note that "Enable" cannot be selected in this case. Note Check the "Password Policy" setting before selecting "Enable" for this item. Refer to the [Modify User Policy] function for details.	Enable Disable (Default)
Lockout Policy	Select whether to "Enable" or "Disable" the lockout policy. If "Enable" is selected, the following items are applied to a user account according to the "Lockout Policy" setting that is specified with the [Modify User Policy] function. Lockout Threshold Lockout Duration Caution The "Lockout Policy" is not applied to a user account with the "Software" role because it is used for external software. Note that "Enable" cannot be selected in this case. Note Check the "Lockout Policy" setting before selecting "Enable" for this item. Refer to the [Modify User Policy] function for details.	Enable Disable (Default)

Item

Description

Setting values

User ID

Input a user ID.

An existing user ID cannot be used.

Entered letters are case-sensitive.

Note

The number of characters that can be used for the user ID is displayed to the right of the input field.

Up to 32 alphanumeric characters

and symbols ('!', '-', '_', '.')

New Password

Input a password.

Entered letters are case-sensitive.

If "Enable" is selected for "Password Policy", the following input conditions are added according to the configuration with the [Modify User Policy] function.

Minimum Password Length
Password Complexity
Password History

Caution

An error screen appears if the password does not satisfy the input conditions. The following shows procedures corresponding to each error.
- If "Minimum Password Length" is not satisfied
  
  The entered password is less than the required number of characters. Check the minimum length ("x") displayed in the "x - 64" format to the right of the password input field.
- If "Password Complexity" is not satisfied
  
  The required character types have not been used in the entered password. At least three of the following character types must be used; "uppercase letters", "lowercase letters", "numeric characters", and "symbols".
- If "Password History" is not satisfied
  
  The entered password does not meet the reuse condition. The same password that was previously set (between the latest and the specified number of generations) cannot be used. Set a different password.

Note

Refer to the "Password Policy" settings in advance for details about "Password Complexity" and "Password History". Refer to the [Modify User Policy] function for details.

If "Disable" is selected for "Password Policy"

Number of characters

4 - 64
Type of characters

Alphanumeric characters and symbols

('!', '"', '#', '$', '%', '&', ''', '(', ')', '*', '+', ',', '-', '.', '/', '@', '[', '\', ']', '^', '_', '`', '{', '|', '}', '~', ':', ';', '<', '=', '>', '?')

If "Enable" is selected for "Password Policy"

When "Password Complexity" is enabled
- Number of characters
  
  "Minimum password length" to 64 (minimum password length: 4 - 64)
- Type of characters
  
  At least three of the following character types must be used.
  - Uppercase letters (A - Z)
  - Lowercase letters (a - z)
  - Numeric characters (0 - 9)
  - Symbols
    
    ('!', '"', '#', '$', '%', '&', ''', '(', ')', '*', '+', ',', '-', '.', '/', '@', '[', '\', ']', '^', '_', '`', '{', '|', '}', '~', ':', ';', '<', '=', '>', '?')
When "Password Complexity" is disabled
- Number of characters
  
  "Minimum password length" to 64 (minimum password length: 4 - 64)
- Type of characters
  
  Alphanumeric characters and symbols
  
  ('!', '"', '#', '$', '%', '&', ''', '(', ')', '*', '+', ',', '-', '.', '/', '@', '[', '\', ']', '^', '_', '`', '{', '|', '}', '~', ':', ';', '<', '=', '>', '?')

Confirm New Password

Input the same character string as the value entered in the "New Password" field for confirmation.

Same character string as the "New Password" field

Role

Select the user role that is to be assigned to the user ID.

The default and custom roles registered in the storage system are displayed as the options.

Caution

"Software" is the role that is used for external software. A user account with the "Software" role cannot log in to Web GUI.
For tenant users, only the "Monitor" and "StorageAdmin" roles can be assigned. Use CLI to check whether the user account of the modification target is a tenant user.

Monitor

Admin

StorageAdmin

AccountAdmin

SecurityAdmin

Maintainer

Software

Custom role

Account

Select whether to "Enable" or "Disable" the user account.

If the user account is disabled, that user account is registered but cannot be used.

Enable (Default)

Disable

SSH Public Key

Register the SSH client public key used for login authentication from CLI in the storage system.

Click the [Browse...] button and specify the public key to be registered.

When using the SSH client key authentication, register the SSH public key in the storage system and prepare the SSH secret key, corresponding to the public key in the client PC in advance.

SSH Public Key

Blank (Default)

Password Policy

Select whether to "Enable" or "Disable" the password policy.

If "Enable" is selected, the following input conditions are added according to the "Password Policy" setting that is specified with the [Modify User Policy] function.

Minimum Password Length
Password Complexity
Password History

Caution

The "Password Policy" is not applied to a user account with the "Software" role because it is used for external software. Note that "Enable" cannot be selected in this case.

Note

Check the "Password Policy" setting before selecting "Enable" for this item. Refer to the [Modify User Policy] function for details.

Enable

Disable (Default)

Lockout Policy

Select whether to "Enable" or "Disable" the lockout policy.

If "Enable" is selected, the following items are applied to a user account according to the "Lockout Policy" setting that is specified with the [Modify User Policy] function.

Lockout Threshold
Lockout Duration

Caution

The "Lockout Policy" is not applied to a user account with the "Software" role because it is used for external software. Note that "Enable" cannot be selected in this case.

Note

Check the "Lockout Policy" setting before selecting "Enable" for this item. Refer to the [Modify User Policy] function for details.

Enable

Disable (Default)

Edit User Account

In this screen, modify the registered settings of a user account.

Caution

Any user account information other than the following parameters can be changed.
- User ID
- The "Password Policy" and "Lockout Policy" that are applied to a user account set with the "Software" role
Changed user accounts become available at the next login.

Item	Description
Checkbox	Select the checkbox for the user account that is to be modified.

Edit User Account

Item	Description	Setting values
User ID	The user ID is displayed.
Change Password	Only when changing the password, select the "Change Password" checkbox. When the "Change Password" checkbox is selected, enter a new password in "New Password" and "Confirm New Password".	Selected: Change password Cleared
New Password	Input a new password. Entered letters are case-sensitive. If "Enable" is selected for "Password Policy", the following input conditions are added according to the configuration with the [Modify User Policy] function. Minimum Password Length Password Complexity Password History Caution Passwords must be changed for user IDs with "Expired" displayed in the "Days To Expiration" field of "Registered User Account List". Passwords can be changed for user IDs with "Changeable" displayed in the "Days To Password Change" field of "Registered User Account List". An error screen appears if the password does not satisfy the input conditions for changing passwords. The following shows procedures corresponding to each error. If "Minimum Password Length" is not satisfied The entered password is less than the required number of characters. Check the minimum length ("x") displayed in the "x - 64" format to the right of the password input field. If "Password Complexity" is not satisfied The required character types have not been used in the entered password. At least three of the following character types must be used; "uppercase letters", "lowercase letters", "numeric characters", and "symbols". If "Password History" is not satisfied The entered password does not meet the reuse condition. The same password that was previously set (between the latest and the specified number of generations) cannot be used. Set a different password. Note Refer to the "Password Policy" settings in advance for details about "Password Complexity" and "Password History". Refer to the [Modify User Policy] function for details.	If "Disable" is selected for "Password Policy" Number of characters 4 - 64 Type of characters Alphanumeric characters and symbols ('!', '"', '#', '$', '%', '&', ''', '(', ')', '', '+', ',', '-', '.', '/', '@', '[', '\', ']', '^', '_', '`', '{', '\|', '}', '~', ':', ';', '<', '=', '>', '?') If "Enable" is selected for "Password Policy" When "Password Complexity" is enabled Number of characters "Minimum password length" to 64 (minimum password length: 4 - 64) Type of characters At least three of the following character types must be used. Uppercase letters (A - Z) Lowercase letters (a - z) Numeric characters (0 - 9) Symbols ('!', '"', '#', '$', '%', '&', ''', '(', ')', '', '+', ',', '-', '.', '/', '@', '[', '\', ']', '^', '_', '`', '{', '\|', '}', '~', ':', ';', '<', '=', '>', '?') When "Password Complexity" is disabled Number of characters "Minimum password length" to 64 (minimum password length: 4 - 64) Type of characters Alphanumeric characters and symbols ('!', '"', '#', '$', '%', '&', ''', '(', ')', '*', '+', ',', '-', '.', '/', '@', '[', '\', ']', '^', '_', '`', '{', '\|', '}', '~', ':', ';', '<', '=', '>', '?')
Confirm New Password	Input the same character string as the value entered in the "New Password" field for confirmation.	Same character string as the new password
Role	Select the user role that is to be assigned to the user ID. The default and custom roles registered in the storage system are displayed as the options. Caution "Software" is the role that is used for external software. A user account with the "Software" role cannot log in to Web GUI. For tenant users, only the "Monitor" and "StorageAdmin" roles can be assigned. Use CLI to check whether the user account of the modification target is a tenant user.	Monitor Admin StorageAdmin AccountAdmin SecurityAdmin Maintainer Software Custom role
Account	Select whether to "Enable" or "Disable" the user account. If the user account is disabled, that user account is registered but cannot be used.	Enable Disable
SSH Public Key	Register the SSH client public key used for login authentication from CLI in the storage system. Click the [Browse...] button and specify the public key to be registered. When using the SSH client key authentication, register the SSH public key in the storage system and prepare the SSH secret key, corresponding to the public key in the client PC in advance.	SSH Public Key
Password Policy	Select whether to "Enable" or "Disable" the password policy. If "Enable" is selected, the following input conditions are added according to the "Password Policy" setting that is specified with the [Modify User Policy] function. Minimum Password Length Password Complexity Password History Caution The "Password Policy" is not applied to a user account with the "Software" role because it is used for external software. Note that "Enable" cannot be selected in this case. Note Check the "Password Policy" setting before selecting "Enable" for this item. Refer to the [Modify User Policy] function for details.	Enable Disable
Lockout Policy	Select whether to "Enable" or "Disable" the lockout policy. If "Enable" is selected, the following items are applied to a user account according to the "Lockout Policy" setting that is specified with the [Modify User Policy] function. Lockout Threshold Lockout Duration Caution The "Lockout Policy" is not applied to a user account with the "Software" role because it is used for external software. Note that "Enable" cannot be selected in this case. Note Check the "Lockout Policy" setting before selecting "Enable" for this item. Refer to the [Modify User Policy] function for details.	Enable Disable

Delete User Account

In this screen, delete a user account.

Caution

The last user account with administrator privileges (role of "Admin") assigned cannot be deleted.
Deleted user accounts will be unavailable from the next login.

Item	Description
Checkbox	Select the checkbox for the user account that is to be deleted.

Operating Procedures

Add User Account

Click [Setup User Account] in [Action].
Click the [Add] button.
Specify the parameters, and click the [Apply] button.

→ A confirmation screen appears.
Caution
- An error screen appears in the following conditions:
  - Each parameter fails to satisfy the input conditions
  - The user ID is already registered
  - "User ID", "New Password" and/or "Confirm New Password" is not entered
  - "New Password" does not match "Confirm New Password"
Click the [OK] button.

→ Addition of the user account starts.
Click the [Done] button to return to the [Define Role] screen.

Edit User Account

Click [Setup User Account] in [Action].
Select the user account that is to be modified and click the [Edit] button.
Change the parameters, and click the [Apply] button.

→ A confirmation screen appears.
Note
- To change the password, select the "Change Password" checkbox.
- To delete an SSH public key, select the "Delete" checkbox and click the [Apply] button.
  
  The "Delete" checkbox appears only if the SSH public key has already been registered.
Caution
- An error screen appears in the following conditions:
  - Each parameter fails to satisfy the input conditions
  - The "Change Password" checkbox is selected and "New Password" and/or "Confirm New Password" is not entered
  - The "Change Password" checkbox is selected and "New Password" does not match "Confirm New Password"
Click the [OK] button.

→ The user account setup starts.
Click the [Done] button to return to the [Define Role] screen.

Delete User Account

Click [Setup User Account] in [Action].
Select the deletion target user accounts (multiple selections can be made), and click the [Delete] button.

→ A confirmation screen appears.
Click the [OK] button.

→ The user account deletion starts.
Click the [Done] button to return to the [Define Role] screen.