user
Access the user-level command. With the user commands, the HSM Appliance admin can create (add) additional named users and assign them roles of greater or lesser capability on the system. The admin can also lock (disable), unlock (enable) such accounts, set/reset their passwords, or delete them entirely, as needed.
Users without the "admin" role cannot execute any "user" command, even to change their own password. They should use the my password set command to change their own password.
The current implementation creates named users that are separate from the roles that those users can hold. The purpose is to allow administrators to assign any of the roles to multiple people, to allow logged tracking, by name, of the actions of each user in a given role (this was not possible previously when the role was the user, and only one of each could exist).
Syntax
user
add
delete
disable
enable
list
password
radiusadd
role
| Argument(s) | Shortcut | Description |
|---|---|---|
| add | a | Add LunaSH user. See user add. |
| delete | de | Delete a named LunaSH user. See user delete. |
| disable | di | Disable a LunaSH user (but the user still exists with role(s) assigned. See user disable |
| enable | e | Enable a locked LunaSH user (with whatever roles are assigned to that user). See user enable. |
| list | l | List the LunaSH user accounts. See user list. |
| password | p | Set User Password. See user password. |
| radiusadd | ra | Add a RADIUS-authenticated user. See user radiusadd. |
| role | ro | Access the user role commands. See user role. |
