Modify User Policy
Overview
This function specifies a user policy (Password Policy and Lockout Policy) for user accounts to be registered in the storage system.
"Password Policy" indicates the creation guidelines for a password such as the complexity and lifetime. This setting is applied when the password for the new user account is registered or when the password for an existing user account is changed. "Lockout Policy" indicates the guidelines for a lockout when the authentication fails. This setting is used when users log in to the storage system.
Use this function to improve the Internal Authentication (*1) security. Set whether to enable or disable a user policy for each user account.
*1 | : | This is the standard authentication type. Internal Authentication uses user account information stored in the storage system to verify the input user account. |
- A user policy cannot be applied for the following user accounts.
User accounts with the "Software" role that is used for external software
User accounts used for RADIUS authentications
The specified contents of this function are applied to the storage system immediately after the settings are complete. Note that the "Lockout Policy" is applied the next time the relevant user logs in.
If a user account with the "Password Policy" setting enabled is used to log in and the "Maximum Password Age" of the relevant user account has expired, the [Change Password] screen appears. Users cannot log in until the password is changed.
If a user account with the "Lockout Policy" setting enabled is used to log in and the number of failed authentications exceeds the "Lockout Threshold", the relevant user account is locked out. The lockout is not released until the specified "Lockout Duration" passes.
One user policy can be specified in the storage system. Select whether to enable or disable the user policy for each user account when creating new user accounts or when editing existing user accounts. A user policy can also be set for the default user IDs ("root" and "f.ce"). Refer to the [Setup User Account] function for details.
When a user account is initialized, the user policy for the default account is changed to "Disable". Refer to the [Initialize User Account] function for details.
User Privileges
Availability of Executions in the Default Role
Default role | Availability of executions |
---|---|
Monitor | |
Admin | |
StorageAdmin | |
AccountAdmin | |
SecurityAdmin | |
Maintainer |
Refer to "User Roles and Policies" for details on the policies and roles.
Settings
Password Policy
Item | Description | Setting values |
---|---|---|
Minimum Password Length |
Specify the minimum length of the password. Note
|
4 - 64 4 (Default) |
Password Complexity |
Select whether to "Enable" or "Disable" the complexity setting for the password. If "Enable" is selected, at least three of the following character types must be used for the password.
|
Enable Disable (Default) |
Password History |
Specify the number of password generations to save in the storage system. If the number of generations is specified, the previously set password is stored to prevent reuse. If "0" is specified, a history of the passwords used is not managed. This means that the same password that was used in the previous generation can be reused. |
1 - 16 0: Unrestricted (Default) |
Minimum Password Age |
Specify the minimum number of days before the password can be changed from the last time the password was specified. The password cannot be changed during the specified days. If "0" is specified, the password can be changed at anytime. Caution
Note
|
1 - 999 0: Unrestricted (Default) |
Maximum Password Age |
Specify the maximum number of days the password can be used. The relevant password becomes unavailable when the specified number of days has been exceeded. If "0" is specified, the password can be used indefinitely. Note
|
1 - 999 0: Unrestricted (Default) |
Lockout Policy
Item | Description | Setting values |
---|---|---|
Lockout Threshold |
Specify the number of consecutive failed logins before the user account is locked out. If "0" is specified, the lockout function for the user account is disabled. Note
|
1 - 999 0: Unrestricted (Default) |
Lockout Duration |
Specify the time (minutes) before the user account that was locked out due to failed logins is automatically released. After the specified time has passed, the lockout is released automatically. If "0" is specified, lockouts are not automatically released. Caution
|
1 - 99999 30 (Default) 0: Unrestricted |
Operating Procedures
Click [Modify User Policy] in [Action].
Specify the parameters, and click the [Modify] button.
→ A confirmation screen appears.
Click the [OK] button.
→ The user policy setting starts.
Click the [Done] button to return to the [Define Role] screen.