Managing User Properties

The BUI Configuration: Users page lists both users and roles. Hover over an entry to see the clone, edit, and destroy buttons for the user or role. Double-click a user or role, or click its edit icon to display its Edit User or Edit Role dialog box. The following table describes the buttons on this page.

Table 2-34 BUI Users Page Buttons

Button	Description
	Add a new user or role. A new Add User or Add Role dialog box is displayed where you enter values for properties.
	Open a search box. Enter a search string to display only user or role entries in which that search text appears in the listing. Click the search button again, or click Show All, at the top of the list, to display the full list.
	Clone a user or role. Add a new user or role with the same authorizations as the cloned user or role. Specify a role type for the clone, as defined in Table 2-36. If no type is specified, the clone will have the same type as the original role.
	Edit a user or role.
	Remove a user, role, or authorization.

Depending on the type of user, all of the following properties can be set when adding a user. A subset of these properties can be set when editing a user.

Table 2-35 User Properties

BUI Property	CLI Property	Description
Type	`type`	For a description of user types, see Understanding Users and Roles.
Username	`logname`	Unique login name for the user.
User ID	`uid`	Enabled only for Local, Data, and No-login users. You can specify the user ID or allow the system to assign the user ID. If you specify the user ID, the user ID cannot be less than 100, cannot be greater than 2147483646, and cannot be equal to 60001, 60002, or 65534. Those UIDs are reserved by the operating system vendor for use in future applications. Their use by end-system users or vendors of layered products is not supported and can cause security issues with other applications.
Full Name	`fullname`	Full name or real name for the user. In the BUI, the full name is shown to the left of the Logout button at the top of the dashboard, and it might also be shown on the browser tab.
Password/Confirm	`initial_password`	For Local and Data users, type the initial password in these fields.
Require session annotation	`require_annotation`	When enabled: BUI – Require the user to enter a comment prior to displaying the initial BUI page. CLI – Require the user to enter a comment prior to displaying the CLI prompt. REST – Requests fail as unauthorized. The comment appears in the audit log. This annotation can be used to describe the purpose of the login. A ticket number could be used to track particular project work.
Kiosk user	`kiosk_mode`	When enabled, this user is a kiosk user: BUI – The user is restricted to viewing only the screen that is the value of the `Kiosk screen` property. CLI – Login fails. REST – Requests fail as unauthorized.
Kiosk screen	`kiosk_screen`	The screen that this user is restricted to if Kiosk user is enabled or `kiosk_mode` is true. Default: `status/dashboard`
Roles	`roles`	The roles assigned to a directory or local user.
Group Assigned	`group_roles`	Implicit role assignment based on user's group membership, for both directory and automatic directory users. This role cannot be modified.
Exceptions	`exceptions`	Additional authorizations assigned to a directory or local user, or limitations on authorizations that are assigned in a role.
-	`preferences`	User environment preferences such as locale, BUI start page, timeouts, SSH public keys, and REST login tokens. See Setting Appliance Preferences.

The following properties can be set when creating or editing a role.

Table 2-36 Role Properties

BUI Property	CLI Property	Description
Name	`name`	Name of the role as it will be shown in lists.
Description	`description`	Verbose description of the role.
Authorizations	`authorizations`	Authorizations for this role.
Type	`type`	Type of role: Local - Applies to this appliance only. Directory - Applies to the appliances controlled by a directory service: NIS, LDAP, or Active Directory (AD).