Adding a User

Context

• Only super administrators can add a user.
• Before adding an LDAP user or LDAP user group, you need to configure a domain authentication server.

Procedure

1. Choose Settings > System Settings > Users and Roles > User Management.
2. Click Add.

   The Add User page is displayed,

   

   Based on specific service requirements, super administrators can create different levels of user accounts to grant them only necessary operation permissions, thereby ensuring system stability and data security.

3. Set user information.
   • Set Type to Local user, and configure the local user information. Table 1 describes related parameters.

     Table 1 Local user parameters

     Parameter	Description
     Username	Indicates the name of the new user. NOTE: The name can contain a maximum of 32 characters. The minimum length varies according to the Username Policy in Security Policies. For details, see Configuring Security Policies. The name can contain letters, digits, and underscores (_) and must start with a letter. The name must be unique. You can modify the user name policy in Security Policies.
     Password	Indicates the password of the new user. NOTE: The maximum and minimum lengths of a password vary according to the Password Policy in Security Policies. For details, see Configuring Security Policies. A password must contain special characters (!"#$%&'()*+,-./:;<=>?@[\]^`{_|}~ and space) and at least two of the following types: uppercase letters, lowercase letters, and digits. A password cannot be the same as the user name or the reverse of the user name. You can modify the password policy in Security Policies. Users must properly manage passwords to prevent disclosure.
     Confirm Password	Confirms the password. The value of Confirm Password must be the same as that of Password.
     Role	Indicates the role of the new user. Super administrator: has full control permission on storage devices and can create and view users of various roles. Administrator: has all permissions except user management and security management. Security management includes security policy, session management, access control, certificate management, and time configuration. System viewer: has permissions to query information and change the password of a user. Security administrator: has system security configuration permissions, including security policy configuration, access control, certificate management, and time configuration. SAN resource administrator: has permissions to view users as well as operate and view resource pools. NOTE: An administrator has the permission to view security policies. A system viewer has only the permission to view administrators and does not have the permission to view security administrators. A security administrator has only the permission to view security-related configurations and does not have the permission to view other configurations. A SAN resource administrator has the permission to view security policies.
     Login Method	Indicates the login method of the new user. NOTE: For users other than super administrators, select at least one login method among DeviceManager, CLI, and RESTful.

   • Set Type to LDAP user or LDAP user group, and configure the LDAP user or LDAP user group information. Table 2 describes related parameters.

     Table 2 LDAP user or LDAP user group parameters

     Parameter	Description
     Username	Indicates the name of the new LDAP user or LDAP user group. NOTE: The new LDAP user or LDAP user group must be on the LDAP domain server. Otherwise, the login will fail.
     Role	Indicates the role of the new user. Administrator: has all permissions except user management and security management. Security management includes security policy, session management, access control, certificate management, and time configuration. System viewer: has permissions to query information and change the password of a user. Security administrator: has system security configuration permissions, including security policy configuration, access control, certificate management, and time configuration. SAN resource administrator: has permissions to view users as well as operate and view resource pools. NOTE: An administrator has the permission to view security policies. A system viewer has only the permission to view administrators and does not have the permission to view security administrators. A security administrator has only the permission to view security-related configurations and does not have the permission to view other configurations. A SAN resource administrator has the permission to view security policies.
     Login Method	Indicates the login method of the new user. NOTE: For users other than super administrators, select at least one login method among DeviceManager, CLI, and RESTful.

4. Click OK.