Managing Users, User Roles and Groups

This chapter contains the following topics:

Overview

Cisco IMC Supervisor supports the following system-defined user roles by default:

  • System Admin — A user with all privileges including adding users. As an administrator in Cisco IMC Supervisor, you can assign users to system-provided user roles or to custom-defined user roles. In addition, at a later point, you can view information on any assigned role. You can make the following assignments:

    • Create a custom user role in the system, and create new user accounts with this role or assign the role to existing users.

      When you create a new user role, you can specify if the role is that of an administrator or an operator. For more information about creating user accounts, see Creating a User Account. For more information about creating user roles, see Adding a User Role.

    • Modify existing user roles, including default roles, to change menu settings and read/write permissions for users associated with that role.

      The procedure to modify menu settings and permissions for a role is the same as the procedure followed to create a user role.

  • Group Admin — A user with all privileges. A system-defined user group Default Group is available by default in Cisco IMC Supervisor. As a group administrator, you can create and assign user accounts to this group or you can assign them to the groups you have created. A user can be part of multiple user groups. However, the group that the user was most recently added to is set as the default primary group for the user.

  • Operator — Because the system administrator's role type is admin, you can modify the existing Operator role as required with any combination of access restrictions (menu settings and user permissions). By default, following menu settings and user permissions are assigned to an Operator.

Menu Settings

User Permissions

Systems :

  • Inventory and fault status

  • Physical Accounts

  • Firmware Management

  • Server Diagnostics

  • Read - Physical Computing

  • Write - Physical Computing

  • Read - System Admin

  • Read - Users

  • Read - Read Tag Library

  • Write - Write Tag Library

  • Read - Orchestration

  • Write - Orchestration

Policies:

  • Manage Schedules

  • API and Orchestration

Administration:

  • Users and Groups

  • Integration


Note

Reports such as SCP User Configuration, Authentication Preferences and Password Policy are enabled for Operator role under Users and Groups.

Creating a User Account


Note

You cannot edit the User Role and Login Name fields in the Edit User dialog box.

Procedure

Step 1

Choose Administration > Users and Groups.

Step 2

Click Users.

Step 3

Click Add.

Step 4

On the Add User page, complete the following:

Field

Description

User Role drop-down list

Choose Group Admin, Operator, or System Admin.

User Group drop-down list

Select the group that the user will have access to. You can either select a group already available, or you can add a new group.

Note

 

This field is visible only when you select Group Admin as the user role.

Login Name field

The login name for the user.

Password field

The password for the user. If the Lightweight Directory Access Protocol (LDAP) authentication is configured to the user, the password is validated only at the LDAP server, and not at the local server.

Confirm Password field

Repeat the password from the previous field.

User Contact Email field

The email address.

First Name field

(Optional) The first name of the user.

Last Name field

(Optional) The last name of the user.

Phone field

(Optional) The phone number of the user.

Address field

(Optional) The physical address of the user.

Step 5

Click Add.

Step 6

Click OK.

Viewing Online Users

Perform this procedure when you want to view users who are currently online.

Procedure

Step 1

Choose Administration > Users and Groups.

Step 2

Click Current Online Users.

You can see the details such as username, IP address, session start time and so on of users who are currently logged on to Cisco IMC Supervisor.

Reviewing Recent Login History of Users

As an administrator in the system, you can review the recent login history for all users. The system records the following details for every login attempt:

  • Login Name

  • Remote Address

  • Client Detail

  • Client Type

  • Authentication Status

  • Comments

  • Accessed On

Procedure

Step 1

Choose Administration > Users and Groups.

Step 2

On the Users and Groups page, click All Users Login History.

Step 3

Review the information displayed on the screen.

Configuring Session Limits for Users

You can configure the number of user interface sessions and REST API requests that users can initiate on the system.

Procedure

Step 1

Choose Administration > Users and Groups.

Step 2

On the Users and Groups page, click Session Management.

Step 3

In the Session Management screen, complete the required fields, including the following:

Name

Description

Maximum Concurrent Sessions Per User field

The maximum number of concurrent GUI sessions that are supported for each user. Enter a number between 1 and 128.

The default value is 16.

Maximum Concurrent REST API Requests Per User field

The maximum number of concurrent REST API requests that are supported for each user. Enter a number between 1 and 256.

The default value is 128.

Step 4

Click Submit.

What to do next

When users initiate a GUI session or a REST API request to exceed the limit specified on this screen, an error message is displayed in the System Messages screen. In this scenario, either users should clear their sessions and API requests, or as an administrator, you can use the Shell utility and clear the sessions and requests for a user. For more information, see the Cisco IMC Supervisor Shell Guide.

Adding a User Role

On a newly installed Cisco IMC Supervisor appliance, by default, a GroupAdmin role and an Operator role are available. Because the group admin's role type is admin, you can modify the existing Operator role as required with any combination of access restrictions (menu settings and user permissions). Similarly, you can create new roles, as in the following procedure, and assign users to them.

Procedure

Step 1

Choose Administration > System.

Step 2

Click User Roles.

Step 3

Click Add.

Step 4

On the Add User Role page, complete the following for the User Role pane:

Field

Description

User Role field

A descriptive name for the user role.

Role Type drop-down list

Choose Admin.

Description field

(Optional) A description of the user role.

Step 5

Click Next.

Step 6

In the Menu Settings pane, select the required menu options.

To choose the menu option, check the checkbox for the menu setting field.

Step 7

Click Next.

Step 8

In the User Permissions pane, select the required operations.

To choose the operation, check the checkbox for the operation.

Step 9

Click Submit.

Note

 

You can also, edit, clone, or delete user roles.

Branding a User Group

Perform the following procedure when you want to customize the Cisco IMC Supervisor application for a group of users. When users who belong to a selected group login to the system, they will see the customized page.

Procedure

Step 1

Choose Administration > Users and Groups.

Step 2

Click User Groups.

Step 3

Select a user group.

Step 4

Click Branding.

Step 5

On the Group Branding page, complete the following:

Field

Description

Logo Image checkbox

If checked, the logo appears on the top left corner of the application .

Application Labels checkbox

If checked, the application labels appear on top header section of the application.

URL Forwarding on Logout checkbox

If checked, user will be forwarded to the provided URL on logout.

Custom Links checkbox

If checked, custom links will appear on the top right corner of the application.

Step 6

Click Submit.