Managing User Accounts

This section describes how to view and create user accounts. You can also modify user accounts and passwords after an account is created.

How to Create User Accounts

You will need to create new user accounts when users need to access the system.

---

Note –

Any user added to the provisioning system has read permissions on all objects within the system. If you are storing sensitive information in the system, ensure that you only add users that should have access to that sensitive information.

---

You can also create user accounts by using the following command.

• udb.u.add – Adds a user account.

For a detailed description of these commands, see udb.g: Managing User Groups in N1 Grid Service Provisioning System 5.0 Command-Line Interface Reference Manual.

Before You Begin

To create a user account, you must belong to a user group that has write permissions on users and groups.

If you plan to add a user who will be externally authenticated, ensure the following criteria are met.

• The user exists in the external system before the user attempts to login to the provisioning system.

• The user name begins with a letter, does not contain spaces, and does not exceed 32 characters.

Steps

1. Go to the Users page.

   See How to View User Accounts.

2. In the top row of the table that lists user accounts, type a name for the new user account and click Create.

   The Details page for the new user account is displayed.

3. Select an authentication method from the menu.

   If the authentication method that you select has an asterisk, *, you will need to enter a password for the user account in the New Password and Confirm New Password fields.

   To add new login configurations to the provisioning system, see Appendix A, Authentication Methods.

4. Use the controls in the Member of User Groups area to add this user account to one or more user groups.

   ---

   Note –

   In the provisioning system, permissions are based on user groups rather than on individual user accounts. By adding this user account to a group, you determine the privileges it is assigned. For more information, see Folder-Specific Permissions.

   ---

   For more information about adding a user to a user group, see How to Edit User Groups.

5. (Optional) To hide this user account, select Hidden.

6. Click Save.

Viewing User Accounts

You might want to view user accounts in the following situations.

• You need to audit user accounts to ensure that users who are no longer authorized to access the provisioning system are removed.

• You need to ensure that users belong to the correct groups and have the correct set of permissions.

• You need to ensure that you have permissions to perform your job without any obstacles.

How to View User Accounts

This procedure describes how to view user accounts by using the browser interface. You can also view user accounts by using the following commands.

• udb.u.la – Displays all user accounts.

• udb.u.lo – Displays detailed information about a particular user account.

• udb.u.lp – Displays system-wide permissions granted to a particular user account.

For a detailed description of these commands, see udb.g: Managing User Groups in N1 Grid Service Provisioning System 5.0 Command-Line Interface Reference Manual.

Steps

1. From the navigation menu, choose User Setup.

   The User Setup page is displayed.

2. In the User Setup page, click Users.

   The Users page lists user accounts that are active and not hidden.

3. (Optional) To view hidden or deactivated users, select Show Hidden Users.

   The browser interface displays all users. Hidden or deactivated user accounts appear in different colors.

4. (Optional) To view the details of a particular user, find the row describing the user and click Details.

   The Details page for the selected user is displayed.

How to Deactivate or Hide User Accounts

When you deactivate a user account, the user is no longer allowed to access the provisioning system. Since the provisioning system tracks system activity by user account, you are not able to remove user accounts from the provisioning system.

You can hide a user account as a way to manage the number of users that display in the Users page.

This procedure describes how to deactivate or hide user accounts by using the browser interface. You can also deactivate or hide user accounts by using the following command.

• udb.u.mod – Edits a user account.

For a detailed description of this command, see udb.g: Managing User Groups in N1 Grid Service Provisioning System 5.0 Command-Line Interface Reference Manual.

Before You Begin

To deactivate a user account, you must belong to a user group that has write permissions on users and groups.

Steps

1. Go to the Details page of the user account that you plan to edit.

   See How to View User Accounts.

2. In the table that lists users, find the row describing the user you plan to deactivate, and click Details.

   The user's Details page is displayed.

3. To hide or deactivate this user account, select Hidden or Deactivate.

   If you select Deactivate, the user account will automatically be hidden.

4. Click Save.

How to Change a User's Group Membership

This procedure describes how to change a user's group membership by using the browser interface. You can also change group membership by using the following command.

• udb.u.mod – Edits a user account.

For a detailed description of this command, see udb.g: Managing User Groups in N1 Grid Service Provisioning System 5.0 Command-Line Interface Reference Manual.

Before You Begin

To edit a user account, you must belong to a user group that has write permissions on users and groups.

Steps

1. Go to the Details page of the user account that you plan to edit.

   See How to View User Accounts.

2. In the table that lists users, find the row describing the user account you plan to modify, and click Details.

   The user's Details page is displayed.

3. To change membership in any group, use the controls in the Member of User Groups area to add this user account to or remove it from one or more user groups.

4. Click Save.

How to Change Your Password From the Log In Page

If you need to need to change your password, you can change your password from the Log In page as long as you are using internal authentication for your password. If you are using external authentication, change your password through that application.

---

Note –

When you use this procedure to change your password, all of your encrypted session variables are re-encrypted using your new password.

---

Steps

1. In the navigation menu on the Log In page, click Change Password.

   If you are already logged in, click Log Out in the top right corner to navigate to the Log In page.

2. Type your user name in the User Name field.

3. Type your current password in the Current Password field.

4. Type the new password you would like to use in the new password field.

5. Confirm that you have typed the new password correctly by typing it in the Confirm New Password field.

6. Click the Change Password button.

How to Change a User's Password from the User Account's Details Page

You can change anyone's password under the following conditions.

• The password is internally validated.

• You have permission to edit and create users.

If you don't have user and group permissions, see How to Change Your Password From the Log In Page.

This procedure describes how to change a user's password by using the browser interface. You can also change passwords by using the following command.

• udb.u.cp – Changes the password of a specific user.

For a detailed description of these commands, see udb.g: Managing User Groups in N1 Grid Service Provisioning System 5.0 Command-Line Interface Reference Manual.

---

Note –

When you change the password on a user account and the user account has session variables encrypted by the user account's old password, the user is prompted to clear or restore the session variables the next time the user logs in.

---

Before You Begin

To change the password of someone else's user account, you must belong to a user group that has write permissions on users and groups.

Steps

1. Go to the Details page of the user account.

   See How to View User Accounts.

2. Type the new password in the New Password field.

3. Confirm the new password by typing it in the Confirm New Password field.

4. Click Save.

How to Change a User's Authentication Method

This procedure describes how to change a user's authentication method by using the browser interface. You can also change authentication methods by using the following command.

• udb.u.mod – Changes the user's authentication method.

---

Note –

When you change a user's authentication method and the user account has session variables encrypted by the user account's old password, the user is prompted to clear or restore the session variables the next time the user logs in.

---

Before You Begin

Before you can change the authentication method of a user account, the new authentication method must be configured with the provisioning system. See Appendix A, Authentication Methods.

To change a user's authentication method, you must belong to a user group that has write permissions on users and groups.

---

Note –

You cannot change the authentication method of the admin user. The admin user must always be set to internal authentication.

---

Steps

1. Go to the Details page of the user account.

   See How to View User Accounts.

2. From the Authentication Method menu, select the new authentication method.

3. If you change the user from an external to an internal authentication method, you must supply the user a new password.

4. Click Save.