chusergrp

Edit online

Use the chusergrp command to change the attributes of an existing user group.

Syntax


1  chusergrp  -role
2.1 role_id
2.1 role_name  -role
2.1 role_name?  -remote
2.1 yes
2.1 no 
2.1 group_id
2.1 group_name?  -multifactor
2.1 yes
2.1 no?  -passwordkeyrequired
2.1 yes
2.1 no?  -disablegui
2.1 yes
2.1 no?  -disablecli
2.1 yes
2.1 no?  -disablerest
2.1 yes
2.1 no

Parameters

-role role_name
(Optional) Specifies the role to be associated with users that belong to this group. One of the following roles must be selected: Monitor, CopyOperator, FlashCopyAdmin, Service, Administrator, or SecurityAdmin.
-remote yes | no
(Optional) Specifies whether this user group should be used to set the role of remote users. Either the yes or no option must be set.
group_id | group_name
(Required) The ID or name of the user group whose attributes are to be changed.
-multifactor yes | no
(Optional) Specifies whether the multifactor authentication access must be disabled for this user group. Value can be yes or no.
Note: The -multifactor parameter can only set to yes when a multifactor authentication service has been enabled first. All users in the user group uses this setting, except for the superuser.
-passwordkeyrequired yes | no
(Optional) Specifies if this user group should have password and SSH key required or not. Value can be yes or no.
-disablegui yes | no
(Optional) Specifies whether the GUI access must be disabled for this user group. Value can be yes or no.
-disablecli yes | no
(Optional) Specifies whether the CLI access must be disabled for this user group. Value can be yes or no.
-disablerest yes | no
(Optional) Specifies whether the REST-API access must be disabled for this user group. Value can be yes or no.

Description

Use the chusergrp command to modify the attributes of an existing user group.

You must have the security administrator role to create, delete, or change a user. You can issue all commands except for sainfo and satask commands. These commands can only be issued by user superuser.

The roles of the default groups cannot be changed.

When two person integrity (TPI) is enabled, you can still use the chusergrp command as a restricted security administrator with the following exceptions:
  • the target user group cannot have a current role of security administrator.
  • you cannot change the role of a user group from a non security administrator role to a security administrator role.
In order to be able to run the two restricted actions mentioned you will need an approved role elevation. But even holding an approved role elevation, you will not be allowed changes:
  • if they do not comply with the minimum security administrator user requirements of TPI, or
  • if the target user group has one or more members that have active role elevations.

An invocation example

chusergrp -multifactor no
Modifying the authentication setting for this user group will affect logins for all users in the group. 
Are you sure you want to continue? (y/yes to confirm)  yes

The resulting output: 

User Group, id [6], successfully created