Configuring Security Settings : Managing User Permissions
  
Managing User Permissions
This section describes how to change the administrator or monitor passwords and define users in the Settings > Security: User Permissions page.
Accounts
The system uses these accounts based on what actions the user can take:
•  Admin - The administrator user has full privileges: for example, as an administrator you can set and modify configuration settings, add and delete users, restart and reboot Core services, and create and view performance and system reports. The system administrator role allows you to add or remove a system administrator role for any other user, but not for yourself.
•  Monitor - A monitor user may view reports, user logs, and change their password. A monitor user cannot make configuration changes, modify private keys, view logs, or manage cryptographic modules in the system.
Note: The default administrator password is password.
You can also create users, assign passwords to the user, and assign varying configuration roles to the user.
An administrator role configures a system administrator role. Read-only permission is not allowed for this role. This role allows permission for all other RBM roles, including creating, editing and removing user accounts.
A user role determines whether the user has permission to:
•  Read-only - With read-only privileges you can view current configuration settings but you cannot change them.
•  Read/Write - With read and write privileges you can view settings and make configuration changes for a feature.
•  Deny - With deny privileges you cannot view settings or save configuration changes for a feature.
As an example, you might have user Jane who can make configuration changes to storage settings whereas user John can only view these configuration settings; and finally, user Joe cannot view, change, or save the storage settings.
Available menu items reflect the privileges of the user. For example, any menu items that a user does not have permission to use are unavailable. When a user selects an unavailable link, the User Permissions page appears.
To configure user permissions
1. Choose Settings > Security: User Permissions to display the User Permissions page.
2. Under Accounts, complete the configuration as described in this table.
Control
Description
admin/monitor
Click the right arrow to change the password or to create a default user account.
 
Change Password - Enables password protection.
Password protection is an account control feature that allows you to select a password policy for more security. When you enable Account Control on the Password Policy page, a user must use a password.
When a user has a null password to start with, the administrator can still set the user password with account control enabled. However, once the user or administrator changes the password, it cannot be reset to null as long as account control is enabled.
 
Password - Specify a password in the text box.
 
Password Confirm - Retype the new administrator password.
 
Enable Account - Select to enable or clear to disable the administrator or monitor account.
When enabled, you may make the account the default user for Radius and TACACS+ authorization. You may only designate one account as the default user. Once enabled, the default user account may not be disabled or removed. The Accounts table displays the account as permanent.
In the Accounts panel of the User Permissions page, you can create user accounts, assign them passwords, and assign varying configuration roles and access restrictions.
To configure user permissions
1. Choose Settings > Security: User Permissions to display the User Permissions page.
2. Under Accounts, complete the configuration using the controls described in this table.
Control
Description
Add a New User
Click to display the controls for creating a new account.
Account Name
Specify a name for the account.
Password/New Password Confirm
Specify a password in the text box, and then retype the password for confirmation.
Enable Account
Select the check box to enable the new account.
System Settings
Any nonstorage settings.
System Diagnostics and Reports
All nonstorage reports such as CPU and memory utilization, system logs, system dumps, or TCP dumps. You can set permissions to either Deny or Read/Write. This user role has restricted configuration capabilities.
Storage Settings
Any settings relating to the Core configuration, such as configuring LUNs, Edges, and Failover.
Storage Diagnostics and Reports
Storage-specific graphs and statistics, such as memory logs. You can set permissions to either Deny or Read/Write. This user role also has Read/Write access to System Diagnostics and Reports to assist you with troubleshooting.
Permissions
Configures a role that determines whether the user:
•  Has permission to view current configuration settings but not change them (Read-Only).
•  Has permission to view settings and make configuration changes for a feature (Read/Write).
•  Cannot view or save settings or configuration changes for a feature (Deny).
Add
Click to add the new user to the system. The new user appears in the User table.
Remove Selected Users
Select the check box next to the name and click Remove Selected Users.