No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Disk Encryption User Guide

OceanStor V5 Series V500R007

This document is applicable to OceanStor 5110 V5, 5110F V5, 5300 V5, 5300F V5, 5500 V5, 5500F V5, 5600 V5, 5600F V5, 5800 V5, 5800F V5, 6800 V5, 6800F V5, 18500 V5, 18500F V5, 18800 V5, and 18800F V5. It introduces how to install and configure key management servers connected to the storage systems that use self-encrypting disks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Managing Users

Managing Users

User management includes creating users, changing passwords, and modifying password rules.

Creating an Administrator User

This section describes how to create an administrator.

Context
  • Only an administrator can perform this operation.
  • Create at least two administrator users. If you forget the password of user admin, you can manage and configure the key management server using the new administrator users.
  • Record the system generated passwords of the newly created users, and change the passwords in a timely manner.
Procedure
  1. Log in to the key management server's web interface as an administrator.
  2. Click the Users tab and click Add User.

    The Add User window is displayed, as shown in Figure 3-78.

    Figure 3-78 Creating an administrator

  3. Set the parameters.

    Table 3-22 Administrator user parameters

    Name

    Description

    Value

    Login name

    User name

    [Value range]

    The user name can contain a maximum of 32 characters.

    [Example]

    admin2

    Description

    User description

    [Example]

    User

    Role

    Role of a user. Possible values are as follows:

    • Administrator
    • Unassigned

    In this case, set the role to Administrator.

    [Example]

    Administrator

    Password expiration

    Password validity period

    [Example]

    120 days

    Auto-Logout

    Automatic logout time. If no operations are performed on the system during this period, the user automatically logs out.

    [Value range]

    5 minutes to 50 minutes

    [Example]

    5

    Email address

    Email address used by the new user to receive messages

    [Example]

    xxx@xxx.com

    Confirm Email address

  4. Click Add User.

    The newly created users will be added to the existing user list. Passwords are randomly generated and prompted on the interface. Record them and change them accordingly.

  5. Log in to the key management server's web interface using a newly created user and the system generated password, and change the password by following instructions in Changing Passwords.

Creating a Non-administrator User

Before creating a user of the security officer, recovery officer, or auditor role, you must create a user with the unassigned role.

Context

Create at least two users of the security officer role and two users of the recovery officer role. If you forget the password of user officer or user recovery, you can manage and configure the key management server using the newly created users.

Procedure
  1. Add users using user admin.

    1. Log in to the key management server's web interface as user admin.
    2. Click the Users tab and click Add User.

      The Add User window is displayed, as shown in Figure 3-79.

      Figure 3-79 Creating a user

    3. Set the parameters.
      Table 3-23 Unassigned user parameters

      Name

      Description

      Value

      Login name

      User name

      [Value range]

      The user name can contain a maximum of 32 characters.

      [Example]

      admin2

      Description

      User description

      [Example]

      User

      Role

      Role of a user. Possible values are as follows:

      • Administrator
      • Unassigned

      In this case, set the role to Unassigned.

      [Example]

      Unassigned

      Password expiration

      Password validity period

      [Example]

      120 days

      Auto-Logout

      Automatic logout time. If no operations are performed on the system during this period, the user automatically logs out.

      [Value range]

      5 minutes to 50 minutes

      [Example]

      5

      Email address

      Email address used by the new user to receive messages

      [Example]

      xxx@xxx.com

      Confirm Email address

    4. Click Add User.

      The newly created users will be added to the existing user list. Passwords are randomly generated and prompted on the interface. Record the passwords for follow-up use.

      Figure 3-80 Successfully creating a user

  2. Use user officer to assign roles and permissions to the new users.

    1. Log in to the key management server's web interface as user officer.
    2. Click the Users tab.

      The Users window is displayed.

    3. Find a newly created user in the user list and click its user name.

      The Edit User window is displayed, as shown in Figure 3-81.

      Figure 3-81 Configuring user permissions

    4. Set the parameters.
      Table 3-24 User parameters

      Name

      Description

      Value

      Use smart card authentication

      Indicates whether to enable user smart card authentication.

      [Example]

      Disable

      Role

      Role of a user.

      • Officer: The user's role is a security officer.
      • Manager: The user's role is a group manager.
      • Recovery: The user's role is a recovery officer.
      • Audit: The user's role is an auditor.

      [Example]

      Manager

      Manageable group

      Groups to be managed by a group manager.

      [Example]

      storagepoc.com/kmipgroup2

      Visible group

      Groups visible to a group manager. A group manager only has the read permission for these groups.

      [Example]

      storagepoc.com/kmipgroup

    5. Click Save.

  3. Log in to the key management server's web interface using a newly created user and the system generated password, and change the passwords by following instructions in Changing Passwords.

Changing Passwords

To ensure security, change passwords of new users upon their creation, and periodically change passwords for existing users.

Context
  • You can change a password for a maximum of three times within 24 hours.
  • Keep the new passwords properly.
Procedure
  1. Log in to the web interface using the user whose password is to be changed.
  2. Click the Users tab.
  3. In the user list, find the current user name, and click .

    The Change User Password window is displayed, as shown in Figure 3-82.

    Figure 3-82 Changing the password

  4. Enter the current password in Old password, and enter the new password in New password and Confirm password.

    NOTE:

    The new password cannot be the same as any of the ten passwords set previously.

  5. Click Change Password.

    The password change is completed.

Translation
Download
Updated: 2019-07-11

Document ID: EDOC1000181504

Views: 23048

Downloads: 181

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next