Creating a System Administrator

Prerequisites

• Before creating an administrator, if you need to assign a specified permission set to the administrator, use the default administrator group or create an administrator group.
• A maximum of 64 system administrators can be created.

Procedure

1. On the menu bar, select Settings.
2. In the navigation tree, choose System Administrator > Administrator.
3. Click Create.
4. Select a required user type for User Type. Currently, you can select Local user or Interface interconnection user.
   

   • Only the administrator group of the corresponding type can be selected for creating a user.
   • The interface interconnection user can be created only by the admin account.
   • The interface interconnection user has the first login mechanism. By default, the password of the user needs to be changed upon the first login after the user is created. You can set First Login in Security Policy. For details, see Configuring a Security Policy for Administrators.
   • Interface interconnection users have the call traffic limiting mechanism. By default, the number of access times of all interface interconnection users per minute cannot exceed 20. You can modify the machine.account.access.limit configuration item in the /opt/BCManager/Runtime/LegoRuntime/conf/lego.properties configuration file to change the number of access times. For example, if the maximum number of access times per minute is set to 100, the corresponding configuration item is machine.account.access.limit=100.
   • Before an interface interconnection user is created, the admin account is regarded as an interface interconnection user.
   • In upgrade scenarios, the SyncAdmin account is changed to an interface interconnection user, and other accounts such as admin are changed to local users.

5. Configure basic information for the administrator. Table 1 describes related parameters.

   

   Table 1 Administrator parameters

   Parameter	Description	Value
   Name	Username for logging in to the NMS. After an administrator is created, its username cannot be changed.	[Value range] The name contains 1 to 64 characters, including letters, digits, underscores (_), and hyphens (-), and can start only with a letter or underscore (_). [Example] user01
   Password	Password for logging in to the NMS when password authentication is enabled. The password must meet the following requirements: Contains 8 to 64 characters. Must include special characters, include !\"#$%&\'()*+,-./:;<=>?@[\\]^`{_|}~ and spaces. Must contain upper-case letters, lower-case letters, and digits. Cannot be the same as the username or mirror writing of the username. The password cannot contain three or more of the same characters consecutively. For details about the password policy, see Configuring a Security Policy for Administrators.	[Example] Ab123@Cd
   Confirm Password	Confirm password. The password and confirm password must be the same. The parameter value must be the same as that of Password.	[Example] Ab123@Cd
   Description	Brief description about the administrator, helping identify the administrator.	[Value range] Contains 0 to 100 characters. [Example] Resource management
   Max. Number of User Connections	After this function is enabled, the system limits the maximum number of concurrent sessions for users to log in to eReplication. After the threshold is exceeded, no more user can log in to eReplication. NOTE: This configuration is supported only when User Type is set to Local user. Max. Number of User Connections is invalid for administrators belonging to the NBIRole administrator group. You are advised to enable this configuration item. If it is disabled, repeated logins may appear, which will exhaust resources.	[Value range] The value ranges from 1 to 8. If the parameter is not enabled, there is no limit on the number of user connections.

6. Click the Administrator Group tab to select an administrator group for the administrator. Then the administrator can inherit the permissions of the administrator group.

   If you select multiple administrator groups, the administrator has the permissions of all selected administrator groups.

   

   You can select a maximum of 128 administrator groups.

7. Optional: Click the Resources tab to assign the administrator resources for management.

   In the resource list, select desired resources to be managed by the administrator. If the administrator needs to select necessary resources related to the authorization management function, contact maintenance personnel for assistance.

8. Optional: Click the Login Network Segment tab and select an IP address segment for the administrator to log in to the NMS.

   Perform the following operations to set an IP address segment.

   

   The first field of the IP address is an integer from 1 to 223 (excluding 127), the last field is an integer from 1 to 255, and the other two fields are integers from 0 to 255.

   • Create an IP address segment.
     1. Click Add.

        The Add Login Network Segment dialog box is displayed.

     2. Fill in Start IP Address, End IP Address, and Description.
     3. Click OK.
   • Modify an IP address segment.
     1. Select an IP address segment and click More > Modify on the Operation list.

        The Edit Login Network Segment dialog box is displayed.

     2. Fill in Start IP Address, End IP Address, and Description.
     3. Click OK.
   • Delete an IP address segment.
     1. Select an IP address segment and click More > Delete on the Operation list.

        In the Warning dialog box that is displayed, read the content of the dialog box carefully and select I have read and understood the consequences associated with performing this operation.

     2. Click OK.

9. Optional: Click the Service Object tab to assign the administrator service objects for management.

   Only selected service objects are displayed.

10. Click OK.