Adding an Administrator or User (CLI)

Use the following procedure to create a user with or without the administrator role.

Go to configuration users.
```
hostname:> configuration users
```
Enter a user type followed by a username.
```
hostname:configuration users> type username
```
For descriptions of user types and for help with setting the username value, see Understanding Users and Roles.

If you specify directory for the user type, the user is immediately configured because no additional information is needed.
```
hostname:configuration users> directory NISorLDAPorAD-username
hostname:configuration users>
```
If you specify local, data, or nologin for the user type, you are prompted to set properties.
```
hostname:configuration users> local username
hostname:configuration users username (uncommitted)>
```
Set properties for local, data, and nologin users.
1. Enter get to list the properties to set.
```
hostname:configuration users username (uncommitted)> get
Properties:
                       logname = username
                          type = local
                           uid = (unset)
                      fullname = (unset)
              initial_password = (unset)
            require_annotation = false
```
2. Set required properties.
  - For local, data, and nologin types, a user ID is required. If you do not set uid explicitly, a uid is automatically assigned. For help with setting the uid value, see "User Properties" in Managing User Properties.
  - For local and data types, you must set initial_password.
3. Enter commit.
Enter show.

The new user is listed.
Optional: Set additional properties and preferences.
1. Select the new user.
2. Enter show to see what you can set.
  
  You might see additional properties that you can set. For descriptions of properties, see "User Properties" in Managing User Properties.
3. Enter preferences, and then enter show to see what preferences you can set. See Setting Appliance Preferences.
Optional: For local and directory users, assign additional roles.

Users of type local or directory have the basic role by default.

Roles that are listed in configuration roles are available to choose.
1. Enter the following command to add a role for this user:
```
hostname:configuration users username> set roles=basic,additional_role
                         roles = basic,additional_role (uncommitted)
```
2. Enter commit.
Optional: For local and directory users, assign additional authorizations.

See the table for "Scopes, Filters, and Authorizations Available for Users and Roles" in User Authorizations.
1. Select the new user.
2. Enter exceptions.
```
hostname:configuration users username> exceptions
```
3. Iterate the following steps until you have added all of the authorizations that you want this user to have:
  1. Enter create.
  2. Enter set scope= followed by the scope name. Use tab-completion to see the list.
  3. Enter show to see available filters, if any, and authorizations.
  4. If a filter is available, set the filter value. Use tab-completion to see the list of possible filter values.
  5. Set to true all authorizations that you want this user to have.
  6. Enter commit.
  Note that these authorizations can also be used to exclude authorizations that are granted to this user in a role. If you assign authorizations that have a more limited (more narrowly filtered) scope than the same authorizations that are granted in a role, then this user will only have the authorizations for the more limited scope.
4. Enter done.

Alternative Method

To create a new user of the same type as an existing user and with the same roles and authorizations assigned, use the clone command. In configuration users, enter clone existing-user-name new-user-name. Set a fullname for the new user. If the type of the user that you are cloning is local or data, set a password.