No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionInsight HD 6.5.0 Administrator Guide 02

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Security Policy

Security Policy

Configuring Password Policies

Scenarios

Based on service security requirements, you can set password security rules, user login security rules, and user locking rules on FusionInsight Manager.

  • Modify password policies based on service security requirements, because they involve user management security. Otherwise, security risks may be caused.
  • Change the user password after modifying the password policy, and then the new password policy can take effect.
Procedure
  1. Log in to FusionInsight Manager.
  2. Choose System > Permission > Security Policy > Password Policy.
  3. Modify the password policy as prompted.

    For details about the parameters for modifying the password policy, see Table 10-1.
    Table 10-1 Password policy parameters

    Parameter

    Description

    Minimum Password Length

    Indicates the minimum number of characters a password contains. The value ranges from 8 to 32. The default value is 8.

    Character Types

    Indicates how many character types in the following 5 types a password can contain: uppercase letters, lowercase letters, digits, and special characters (including ~`!?,.:;-_'(){}[]/<>@#$%^&*+|\= and spaces). The value can be 4 or 5. The default value is 4, which means that a password can contain uppercase letters, lowercase letters, digits, and the special characters. If you set the parameter to 5, a password can contain all the five character types mentioned above.

    Password Retries

    Indicates the number of consecutive wrong password attempts allowed before the system locks the user. The value ranges from 3 to 30. Default value is 5.

    User Lockup Time (Min)

    Indicates the time period during which a user is locked when the user lockout conditions are met. The value ranges from 5 to 120. Default value is 5.

    Password Validity Period (Day)

    Indicates the validity period of a password. The value ranges from 0 to 90. 0 indicates that the password is permanently valid. The default value is 90.

    Repetition Rule

    When modifying a password, you are not allowed to use the password that has been used in the recent N times. N ranges from 1 to 5, and the default value is 1. This policy applies to only Human-machine users.

    Password Expiration Notification Days

    Indicates the number of days in advance users are notified that their passwords are about to expire. It is used to notify password expiration in advance. After the value is set, if the difference between the cluster time and the password expiration time is smaller than this value, the user receives password expiration notifications. When logging in to FusionInsight Manager, the user will be notified that the password is about to expire and a message is displayed asking the user to change the password. The value ranges from 0 to X (X must be set to the half of the password validity period and rounded down). The value 0 indicates that no notification is sent. The default value is 5.

    Interval for Deleting Authentication Failure Records (Min)

    Indicates the interval of retaining incorrect password attempts. The value ranges from 0 to 1440. 0 indicates that incorrect password attempts are permanently retained, and 1440 indicates that incorrect password attempts are retained for one day. Default value is 5.

  4. Click OK to save the configurations.

Configuring the Independent Attribute

Scenarios

User admin or administrators who are bound to the Manager_administrator role can configure the Independent attribute function on FusionInsight Manager so that common users (all service users in the cluster) can set or cancel their own Independent attributes.

After the Independent attribute switch is turned on, users need to log in and set the Independent attribute.

Restrictions
  • Administrators cannot set or cancel the Independent attribute of a user.
  • Administrators cannot obtain the authentication credentials of independent users.
Prerequisites

You have obtained the required administrator username and password.

Procedure

Configuring the Independent Attribute Function Switch

  1. Log in to FusionInsight Manager as user admin or a user bound to the Manager_administrator role.
  2. Choose System > Permission > Security Policy > Configuration Independent.
  3. Open or Close the Independent Attribute, enter the password as prompted and click OK.
  4. After the authentication succeeds, and the OMS configuration is modified, click Finish.

    NOTE:

    After the Independent attribute function switch is closed:

    • A user who has the attribute can cancel it by moving the cursor to the username in the upper right corner of the page and choose Cancel Independent from the displayed shortcut menu. After the cancellation, the user cannot set the attribute again. After the attribute is cancelled, existing independent tables will retain the attribute. However, the user cannot create independent tables again.
    • Users without this attribute cannot set or cancel the attribute.

Configuring the Independent Attribute

  1. Log in to FusionInsight Manager as a user.

    After the Independent attribute is set by a user, administrators cannot initialize the password of the user. If the user password is forgotten, the password cannot be retrieved.

    User admin cannot set the Independent attribute.

  2. Move the cursor to the username in the upper right corner of the page.
  3. Choose Set Independent or Cancel Independent from the displayed shortcut menu.

    NOTE:
    • If the Independent attribute function switch is turned on, and the attribute of the user is set, Cancel Independent is displayed in the shortcut menu.
    • If the Independent attribute function switch is turned on, and the attribute of the user is cancelled, Set Independent is displayed in the shortcut menu.
    • If the Independent attribute function switch is turned off, and the attribute of the user is set, Cancel Independent is displayed in the shortcut menu.
    • If the Independent attribute function switch is turned off, and the attribute of the user is cancelled, no options are displayed in the shortcut menu.

  4. Enter the password as prompted and click OK.
  5. After the authentication succeeds, click OK in the confirmation dialog box.
Download
Updated: 2019-05-17

Document ID: EDOC1100074522

Views: 7341

Downloads: 12

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next