To create, edit, and delete user accounts on the Users page, click the Settings icon > User Admin section> Users. By default, the admin account is the single user account built into the appliance. You cannot remove this account.
In the Users window, each user account lists the following:
User Name: The network identity of the user.
First Name and Last Name: The configured first name and surname for the user.
Last Login: The time and date of the last login.
Last Authentication: This shows the authentication service that granted the last login.
Last Authorization: This field is updated at each user login. Possible values are as follows:
Remote: When the user logs in using their remote password, and their Force Local Authorization setting is set to False for their user account. The user is granted the roles defined from the remote group assignment in the authentication service properties.
Local: In cases where the user simply logs in using their local appliance password, or when the user logs in to the remote authentication service using their remote password, and the Disable Authorization checkbox is enabled for that service is disabled for their account.
Forced Local: When the user logs in using their remote password and their Force Local Authorization setting is set to False in their User properties. The user is granted the local roles and access to their device groups.
For remotely authenticated users, including new accounts learned from logins to a configured remote service, the field will show No and the service will show the service name.
Roles: The role(s) assigned to the account.
Account Status (active or disabled): An admin can disable a user account by enabling its Account Disabled checkbox. When you do so, the user will receive a User Disabled or Locked message upon the subsequent login.
The Actions menu for each account in the Users list represents the actions that the admin user can take on that user account. For example, Edit or Delete.
When scheduling or running a job, if user credentials are required and the Use the requester's stored CLI credentials or Use the approver's stored CLI credentials job options are selected, then the CLI credentials associated with the given user account are used to login to the network devices that are part of the job. For more information, see Creating and Scheduling Jobs. Admins can modify command-line execution credentials for any user account.
Additionally, admins can enable credentials for a user to access the NetMRI database using SQL queries. This allows quick retrieval of specific data from the database tables. For more information about SQL database access, see Accessing the NetMRI Database Using SQL. For information on defining database credentials for a user, see the corresponding procedure further in this section.
To create a new user account, complete the following:
1. Click Add User below the table.
2. If you want the new account to be disabled by default, select the Account Disabled checkbox.
3. If you want the user to be authenticated and authorized by the NetMRI appliance for their roles and device group assignments, select the Force Local Authorization checkbox. This enables the user to have a locally defined login that is separate from the remote one on the AAA server. Leaving this checkbox clear enables the user account to be subjected to authorization through a remote AAA server.
4. On the User Details tab, enter values for the First Name, Last Name, Username, and Password fields. Fill in optional fields as needed.
User account names are case-sensitive. A username can contain spaces and the following non-alphanumeric characters: a period (.), at sign (@), exclamation point (!), number sign (#), dollar sign ($), percent (%), caret (^), ampersand (&), asterisk (*), parentheses, brackets, braces. A username cannot contain any of the following characters: a semicolon (;), comma (,), equal sign (=), vertical bar (|), quotation marks ("), or single quotation marks (').
If you use TACACS+ authentication and authorization with NetMRI, keep in mind that TACACS user names are case-insensitive. Therefore, the case must not be the only difference between NetMRI and TACACS user names.
5. Click Save. The Roles, CLI Credentials, and Database Credentials tabs become available.
6. Click the Roles tab, and then click Add.
7. In the Add Role to User dialog, choose a role from the drop-down list.
8. Under In device groups, click to choose the device group(s) the user is allowed to access.
9. Click OK. The new role settings are saved for the user account.
10. On the CLI Credentials tab, define the command-line credentials as described in the procedure below.
11. On the Database Credentials tab, define the database credentials as described in the procedure below.
12. In the Add New User dialog, click Close.
To define CLI credentials for a user account, complete the following:
In the Add New User or Edit User dialog, click the CLI Credentials tab. This tab allows CLI credentials (username, password, and Enable password for devices) to be associated with specific user accounts.
Select the User CLI Credentials Enabled checkbox. The admin account can log in to network devices using the CLI credentials associated with the given account, instead of the admin credentials associated with devices during their Discovery.
Enter the user's Username and Password values, and confirm the password.
Enter the admin account's Enable Password and confirm it.
Click Save.
To define database credentials for a user account, complete the following:
In the Add New User or Edit User dialog, click the Database Credentials tab. This tab allows giving access to the NetMRI database to a user.
Select the Database Credentials Enabled checkbox.
Enter the user's Username and Password values, and confirm the password. NetMRI uses these credentials for a new SQL user to access the database.
The SQL username should be from 8 to 16 characters long. It should not contain special symbols.
Click Save.
To edit an existing user account, complete the following:
Click the Edit icon for the account.
In the Edit User dialog, make the necessary changes, and then click Close.
To delete a user account, complete the following:
Click the Delete icon for the account.
Confirm the deletion.