chauth

Edit online

Use the chauth command to change the authorization level of a user.

Syntax

Read syntax diagramSkip visual syntax diagramchauth-help-h-?-quiet -authlevel adminuseradminoperatorautomationmonitor -allsessions-allowguiaccess-allowcliaccess-onlyruntasks -name name -type groupuser ; session_name -

Parameters

-help | -h | -?
Lists help for the command. If you specify additional parameters and arguments, those parameters and arguments are ignored.
-quiet
Suppresses the confirmation prompt for this command. This flag answers yes to all confirmation prompts.
-authlevel admin | operator | monitoradmin | useradmin | operator | monitoradmin | useradmin | operator | automation | monitor
Specifies the new authorization level. You can specify one of these authorization levels: admin, useradmin, operator, automation, or monitor.
-allsessions
When authlevel is set to operator, this option indicates that the user will be authorized to manage all existing and future sessions. When set all session names specified will be ignored. The option will be ignored for all other authlevel values.
-allowguiaccess
If specified, and the authlevel is set to automation, this option indicates that the user will be allowed to login to the GUI. If not specified, and the authlevel is set to automation, the user will not be allowed to login to the GUI. This property is ignored if the authlevel is not set to automation.
-allowcliaccess
If specified, and the authlevel is set to automation, this option indicates that the user will be allowed to login to the CLI. If not specified, and the authlevel is set to automation, the user will not be allowed to login to the CLI. This property is ignored if the authlevel is not set to automation.
-onlyruntasks
If specified, and the authlevel is set to automation, this option indicates that the user will only be allowed to run scheduled tasks. This property is ignored if the authlevel is not set to automation. If specified, -allowguiaccess will be ignored and GUI access will not be allowed.
-name name
Specifies a user ID or group name for which you are changing the authorization level.
-type group | user
Specifies whether authorization is to be changed for a user group or user.
session_name | -
Use this optional parameter when you are assigning operator authorization to a user and want to specify one or more sessions to which the operator has access. This parameter does not apply to monitors, user administrators, administrators, or users with automation authority.

To specify multiple sessions, use a semicolon (;) to separate the session names.

If you specify -authlevel operator but do not specify a session name, the user is not granted operator status to any of the existing sessions but is granted permission to create new sessions.

Alternatively, use the dash (-) to specify that input for this parameter comes from an input stream (stdin). You can specify multiple session names from stdin when the dash (-) is specified. The dash is supported only in single-shot mode.

Example: Changing user authorization to session operator

The following command changes the authorization level for the user csmuser to operator privileges with permission to manage session session1.

csmcli> chauth -name csmuser -type user -authlevel operator session1

The following output is returned:

Are you sure you want to change access for user csmuser? [y/n]:y
IWNR4016I  Successfully granted the session operator role to csmuser.

IWNR4026I  Successfully granted permission for session session1 for 
user csmuser.

Example: Changing user authorization to monitor privileges

The following command changes the authorization level for the user named guest to monitor privileges.

csmcli> chauth -name guest -type user -authlevel monitor

The following output is returned:

Are you sure you want to change access for user guest? [y/n]:y
 IWNR4017I  Successfully granted the monitor role to guest.