User and Group Management
builtin-group-user-add
Usage: builtin-group-user-add [options]
Add user to a builtin group
| Options | Descriptions |
|---|---|
| *--group | Group name to be added to |
| --help |
Display this help and exit |
| *--username | The username to be added |
builtin-group-user-list
Usage: builtin-group-user-list [options]
List users of a builtin group
| Options | Descriptions |
|---|---|
| *--group | Group name to be added to |
| --help |
Display this help and exit |
| *--username | The username to be added |
builtin-group-user-remove
Usage: builtin-group-user-remove [options]
Remove user from a builtin group
| Options | Descriptions |
|---|---|
| *--group | Group name to be removed from |
| --help |
Display this help and exit |
| *--username | The username to be removed |
login-policy-update
Usage: login-policy-update [options]
Update the system login policies
| Options | Descriptions |
|---|---|
| --allowed-networks | Space separated list of allowed networks in CIDR notation (i.e. 10.50.100.0/24) |
| --allowed-networks-clear | Allow access from all remote networks |
| --help |
Display this help and exit |
| --lock-after-failures | The number of consecutive login failures after which an account will be locked. When not set, the account lockout feature is disabled |
| --lock-after-failures-clear | Clears all login failure lock attributes. Resets failure counts for all users |
| --lock-failure-interval | The time in seconds between failed login attempts that constitutes consecutive failures. When not set, the default is 15 minutes. Requires that lock-after-failures is, or has been set |
| --lockout-time | The amount of time in seconds an account remains locked due to too many consecutive login failures. When not set, the default is 10 minutes. Requires that lock-after-failures is, or has been set |
login-policy-view
Usage: login-policy-view [options]
View the default login policies
| Options | Descriptions |
|---|---|
| --help |
Display this help and exit |
role-create
Usage: role-create [options]
Create a user role with access permissions
Example: role-create --name graham --acl "ANY:+c+r+u+d"
Available OBJECT_TYPEs include ANY,EVENT,NODE,DATA_MOVER,NETWORK_IF,SHARE,USER,USER_GROUP,ROLE,TASK,SMTP,NOTIFICATION_RULE,HEARTBEAT,NTP,LOGICAL_VOLUME,LDAP,CLUSTER,ELEMENTAL_OBJECTIVE,OBJECTIVE,SCHEDULE,CONDITION,SNAPSHOT_RETENTION,FILE_SNAPSHOT,OBJECT_STORAGE_VOLUME,CLOUD_MOVER,OBJECT_STORE_LOGICAL_VOLUME,SNMP,SW_UPDATE_TASK,CTDB,SHARE_SNAPSHOT,BACKUP,SAMBA_AD,DOMAIN_IDMAP,DATA_PORTAL,DNS,VOLUME_GROUP
| Options | Descriptions |
|---|---|
| --acl | ACL, in the format: {OBJECT_TYPE}:{+{grant permissions}}{-{revoke permissions}}. possible permissions: 'c'-create, 'r'-read, 'u'-update, 'd'-delete |
| --help |
Display this help and exit |
| *--name | The role name |
role-delete
Usage: role-delete [options]
Remove a user role
| Options | Descriptions |
|---|---|
| --help |
Display this help and exit |
| *--id | The ID of the role to be deleted. Required unless "--name" is specified |
| *--name | The name of the role to be deleted. Required unless "--id" is specified |
role-list
Usage: role-list [options]
List user roles
| Options | Descriptions |
|---|---|
| --full | Print extra information for each element |
| --help |
Display this help and exit |
| --id | The ID of the role to list |
| --name | The name of the role to list |
role-update
Usage: role-update [options]
Update an existing user role
Example: role-update --name graham --acl "ANY:+c+r+u-d"
Available OBJECT_TYPEs include
ANY,EVENT,NODE,DATA_MOVER,NETWORK_IF,SHARE,USER,USER_GROUP,ROLE,TASK,SMTP,NOTIFICATION_RULE,HEARTBEAT,NTP,LOGICAL_VOLUME,LDAP,CLUSTER,ELEMENTAL_OBJECTIVE,OBJECTIVE,SCHEDULE,CONDITION,SNAPSHOT_RETENTION,FILE_SNAPSHOT,OBJECT_STORAGE_VOLUME,CLOUD_MOVER,OBJECT_STORE_LOGICAL_VOLUME,SNMP,SW_UPDATE_TASK,CTDB,SHARE_SNAPSHOT,BACKUP,SAMBA_AD,DOMAIN_IDMAP,DATA_PORTAL,DNS,VOLUME_GROUP
| Options | Descriptions |
|---|---|
| *--acl | ACL, in the format: {OBJECT_TYPE}:{+{grant permissions}}{-{revoke permissions}}. possible permissions: 'c'-create, 'r'-read, 'u'-update, 'd'-delete |
| --help |
Display this help and exit |
| *--id | The ID of the role to update. Required unless "--name" is specified |
| *--name | The name of the role to update. Required unless "--id" is specified |
user-create
Usage: user-create [options]
Create a system user
| Options | Descriptions |
|---|---|
| The user's email address | |
| --first-name | The user's first name |
| --grid | Group identifier |
| --help |
Display this help and exit |
| --last-name | The user's last name |
| *--password | The user's password. Passwords must be 8-20 characters long and contain at least one each of: lower case letter, upper case letter, digit and non alpha-numeric. |
| --public-key | The user's public encryption key |
| *--role-id | The role ID to apply to the user (that includes the user's access permissions. Required unless "--role-name" is specified |
| *--role-name | The role name to apply to the user (that includes the user's access permissions. Required unless "--role-id" is specified |
| --uid | User identifier |
| *--username | The username that will be used to identify the user in the system |
user-delete
Usage: user-delete [options]
Delete a system user
| Options | Descriptions |
|---|---|
| --help |
Display this help and exit |
| *--id | The ID of the role to update. Required unless "--name" is specified |
| *--name | The name of the role to update. Required unless "--id" is specified |
user-import
Usage: user-import [options]
Imports users from CSV file Example of a CSV file:
username,password,uid,gid,role,groups,public-key,first-name,last-name,email user1,password1,0,0,viewer,"group1,group2",,John,Doe,john@example.com
| Options | Descriptions |
|---|---|
| --help |
Display this help and exit |
| *--url | The URI for the CSV file containing users details. For example: file:/tmp/user.csv |
user-list
Usage: user-list [options]
List all existing users
| Options | Descriptions |
|---|---|
| --full | Print extra information for each element |
| --help |
Display this help and exit |
| *--id | The ID of the role to update. Required unless "--name" is specified |
| *--name | The name of the role to update. Required unless "--id" is specified |
user-password-update
Usage: user-password-update [options]
Update a user password
| Options | Descriptions |
|---|---|
| --help |
Display this help and exit |
| *--id | The ID of the role to update. Required unless "--name" is specified |
| *--name | The name of the role to update. Required unless "--id" is specified |
| *--new-password | The new password. Passwords must be 8-20 characters long and contain at least one each of: lower case letter, upper case letter, digit and non-alpha-numeric. |
| --old-password | The user's old password |
user-update
Usage: user-update [options]
Update the user's properties, including the applied user role. If a new role is provided it overwrites the current user's role
| Options | Descriptions |
|---|---|
| *--disable | Disable the user. Required unless "--enable" or "--role-name" or "--public-key" or "--last-name-clear" or "--email" or "--first-name-clear" or "--public-key-clear" or "--last-name" or "--first-name" or "--gid-clear" or "--uid-clear" or "--role-id" is specified |
| The user's email address. . Required unless "--enable" or "--disable" or "--role-name" or "--public-key" or "--last-name-clear" or "--first-name-clear" or "--public-key-clear" or "--last-name" or "--first-name" or "--gid-clear" or "--uid-clear" or "--role-id" is specified | |
| *--enable | Enable the user. . Required unless "--disable" or "--role-name" or "--public-key" or "--last-name-clear" or "--email" or "--first-name-clear" or "--public-key-clear" or "--last-name" or "--first-name" or "--gid-clear" or "--uid-clear" or "--role-id" is specified |
| *--first-name | The user's first name. Required unless "--enable" or "--disable" or "--role-name" or "--public-key" or "--last-name-clear" or "--email" or "--first-name-clear" or "--public-key-clear" or "--last-name" or "--gid-clear" or "--uid-clear" or "--role-id" is specified |
| *--first-name-clear | "" Required unless "--enable" or "--disable" or "--role-name" or "--public-key" or "--last-name-clear" or "--email" or "--public-key-clear" or "--last-name" or "--first-name" or "--gid-clear" or "--uid-clear" or "--role-id" is specified |
| --gid | Group identifier |
| *--gid-clear | "" . Required unless "--enable" or "--disable" or "--role-name" or "--public-key" or "--last-name-clear" or "--email" or "--first-name-clear" or "--public-key-clear" or "--last-name" or "--first-name" or "--uid-clear" or "--role-id" is specified |
| --help | Display this help and exit |
| *--id | The ID that will be used to identify the user in the system. Required unless "--name" is specified |
| *--last-name | The user's last name. --. Required unless "--enable" or "--disable" or "--role-name" or "--public-key" or "--last-name-clear """ or "--email" or "--first-name-clear" or "--public-key-clear" or "--first-name" or "--gid-clear" or "--uid-clear" or "--role-id" is specified |
| *--last-name-clear | "" . Required unless "--enable" or "--disable" or "--role-name" or "--public-key" or "--email" or "--first-name-clear" or "--public-key-clear" or "--last-name" or "--first-name" or "--gid-clear" or "--uid-clear" or "--role-id" is specified |
| *--name | The username that will be used to identify the user in the system. Required unless "--id" is specified |
| --public-key | The user's public encryption key. Required unless "--enable" or "--disable" or "--role-name" or "--last-name-clear" or "--email" or "--first-name-clear" or "--public-key-clear """ or "--last-name" or "--first-name" or "--gid-clear" or "--uid-clear" or "--role-id" is specified |
| *--public-key-clear | "". Required unless "--enable" or "--disable" or "--role-name" or "--public-key" or "--last-name-clear" or "--email" or "--first-name-clear" or "--last-name" or "--first-name" or "--gid-clear" or "--uid-clear" or "--role-id" is specified |
| *--role-id | The role ID to apply to the user (that includes the user's access permissions. . Required unless "--enable" or "--role-name" or "--disable" or "--public-key" or "--last-name-clear" or "--email" or "--first-name-clear" or "--public-key-clear" or "--last-name" or "--first-name" or "--gid-clear" or "--uid-clear" is specified |
| *--role-name | The role name to apply to the user (that includes the user's access permissions. Required unless "--enable" or "--disable" or "--public-key" or "--last-name-clear" or "--email" or "--first-name-clear" or "--public-key-clear" or "--last-name" or "--first-name" or "--gid-clear" or "--uid-clear" or "--role-id" is specified |
| --uid | User identifier |
| *--uid-clear | "" . Required unless "--enable" or "--disable" or "--role-name" or "--public-key" or "--last-name-clear" or "--email" or "--first-name-clear" or "--public-key-clear" or "--last-name" or "--first-name" or "--gid-clear" or "--role-id" is specified |