Setting up user accounts using the DS CLI

This scenario describes how to set up a user account. You must have administrator authority to enable this function.

The admin account is set up automatically at the time of installation. It is accessed using the user name admin and the default password admin. This password is temporary and expires after its initial use. You must change the password before you can use any of the other functions. There are 7 groups the administrator can assign to a user. A user can be assigned to more than one user group. The groups and the associated functions allowed by the assignment are as follows:

admin: All users that you assign to the administrator user group allows access to all storage management console server service methods and all storage image resources.
op_volume: The volume operator user group allows access to service methods and resources that relate to logical volumes, hosts, host ports, logical subsystems, logical volumes, and volume groups, excluding security methods. In addition, this user group inherits all authority of the monitor user group.
op_storage: The storage operator user group allows access to physical configuration service methods and resources, including storage complex, storage image, array, rank, and extent pool objects. This user group inherits all the authority of the op_copy_services and monitor user groups, excluding security methods.
op_copy_services: The copy services operator user group allows access to all Copy Services service methods and resources, excluding security methods. In addition, this user group inherits all authority of the monitor user group.
service: The service user group includes monitor authority, plus access to all management console server service methods and resources, such as performing code loads and retrieving problem logs.
monitor: The monitor user group allows access to list and show commands. It provides access to all read-only, nonsecurity management console server service methods and resources.
no access: The no access user group does not allow access to any service methods or storage image resources. By default, this user group is assigned to any user account in the security repository that is not associated with any other user group.

In addition to assigning users to one or more user groups, you also must assign a default password to each user. When you notify users of their group assignment and default password, indicate that the default password is only good for the initial log on. Users must change the password at the time of their initial log on. Also, remind all users to record their password in a safe place, because there is no way that the administrator or the application can retrieve a password.

Note: You must change the default password for an account, including the admin account, to be able to use any CLI command other than the one to change the password. See the chuser command for more information.

Use the mkuser DS CLI command to create new user accounts with specific roles (user group or groups) and an initial password. If you assign multiple roles to an account, ensure that you separate the different roles by using a comma for example, op_volume, op_storage. See the mkuser command description for more details.

Log into the DS CLI application in interactive command mode.
Issue the following command from the dscli command prompt to assign a user to an account with a default password: dscli>mkuser -pw AB9cdefg -group service,op_copy_services testuser

Press Enter and observe the processing result. A successful process returns the following display:

Sun Aug 11 02:23:49 PST 2004 IBM DS  CLI 
Version 5.0.0.0 DS: IBM.1750-68FA120 
User Name testuser successfully created.