Name
[Windows Manager]
Installation_folder\SVROR\Manager\bin\rcxadm user - user operations
[Linux Manager]
/opt/FJSVrcvmr/bin/rcxadm user - user operations
Format
rcxadm user create -file file.xml rcxadm user create -name name [{-passwd password|-passwd_file password_file}] [-label label] [-comment comment] [-usergroup usergroup] [-role scope=role[,scope=role,...]] rcxadm user list [-format text|xml|ldif] rcxadm user show -name name rcxadm user modify -name name -file file.xml rcxadm user modify -name name {[-new_name newname] [-label label] [-comment comment] [-usergroup usergroup] {-passwd password |-passwd_file password_file} [-role scope=role[,scope=role,...]]} rcxadm user delete -name name
Description
rcxadm user is the command to perform the following operations:
Register a User
Modify a Password
Delete a User
Change User Roles and Restrict Access Scopes
Subcommands
Creates a user.
For directory service authentication, user information must be registered in the directory service beforehand.
Displays a list of user information in the text format, XML format, or LDIF.
For the text format or XML format, the following information is displayed. The information is also displayed for directory service authentication.
Item Name | Description |
|---|---|
NAME | User ID |
USERGROUP | Name of the user group the user belongs to |
LABEL | Label for the user |
ROLE | Scope and role of access of the user Displayed as "access_scope=role", and when there are multiple roles, they are displayed separated by commas. |
LDIF is necessary when migrating user information from the internal authentication function to the directory service. When LDIF is specified, user IDs are output.
Displays the detailed information for the specified user in the text format.
The following detailed information is displayed:
Item Name | Description |
|---|---|
NAME | User ID |
USERGROUP | Name of the user group the user belongs to |
LABEL | Label for the user |
COMMENT | Comment for the user |
ROLE[num] | Scope and role of access of the user A number starting from "0" is displayed for num, and when there are multiple roles, they are displayed separated by commas. |
When user information is managed using a directory service, only the user information that is registered in the management information of Resource Orchestrator is displayed.
Modifies the following items of the specified user.
User ID
Label
Comment
User Groups
Password
Operations
Access Scope
Deletes the specified user.
For directory service authentication, the user information cannot be deleted from the directory service.
Options
In file.xml, specify the XML file that defines the attributes of the user to register or change.
It is not possible to perform batch registration or changes of multiple users using the output results of list -format xml.
For details on the XML file definition, refer to "15.16 User (for Basic mode)".
In name, specify the user ID.
In label, specify the label for the user.
In comment, specify the comments for the user.
In usergroup, specify the user group to use for setting users in batches.
In password, specify the password for the user.
When using Single Sign-On or directory services as external authentication functions, this option cannot be specified for the create subcommand.
In password_file, specify the password file for the user. When users other than administrators use an admin server, it is dangerous to specify the password using an argument such as -passwd because the arguments of commands issued by other users can be viewed. Use the -passwd_file option.
In the file that defines the passwords, enter a user ID and password on each line, separated by a comma (","). The password entered in the line including the user ID specified with the -name option will be registered.
When using Single Sign-On or directory services as external authentication functions, this option cannot be specified for the create subcommand.
In scope, specify the names of the resource folders, resource pools, and resources in the orchestration tree to include in the access scope.
Specify resources inside resource folders by entering a slash ("/") and the resource name after the resource folder name.
Specify resource folder names or resource names for the access scope. If you do not want to restrict the access scope, omit the access scope, or specify "all".
In role, specify the most appropriate role of the standard roles. Multiple access scopes and roles can be specified, separated by a comma (",").
administrator (Administrator)
operator (Operator)
monitor (Infrastructure Monitor, Monitor)
tenant_admin (Tenant Administrator)
tenant_operator (Tenant Operator)
tenant_monitor (Tenant Monitor)
tenant_user (Tenant User)
infra_admin (Infrastructure Administrator)
infra_operator (Infrastructure Operator)
Specify the display format. You can specify text, xml, or ldif format.
When -format is omitted, it is displayed in text format.
In newname, specify the new user ID.
Examples
To create a user:
>rcxadm user create -name myuser -passwd mypassword -role all=infra_admin <RETURN> |
To set an access scope and a role to a user for directory service authentication:
>rcxadm user modify -name myuser2 -role all=tenant_admin <RETURN> |
To display a list of user information in the text format:
>rcxadm user list <RETURN>
NAME USERGROUP LABEL ROLE
---- --------- ----- ----
aaa - - all=administrator
admin_user administrator - -
bbb - - /folder001=administrator
folder_user folder_group - -
manage - - - |
To display the detailed information for the specified user in the text format:
>rcxadm user show -name aaa <RETURN>
Name : aaa
UserGroup :
Label :
Comment :
Role[0] : all=administrator |
