Creating a user who can run GuardAPI commands

Create a user who has the proper roles and entitlements to run GuardAPI commands from the command-line interface (CLI).

About this task

You can use the Guardium CLI to run both CLI commands and GuardAPI functions. This task describes how to create a user with access to the GuardAPI functions.

Note: Only the cli and guardcli1 to guardcli9 users can log in to the CLI and view or run CLI commands.

Procedure

  1. Log in as accessmgr to create a user who can use GuardAPI commands. Select Access > Access Management > User Browser to open the User Browser.
  2. From the User Browser pane, click Add User.
  3. Complete the User Form. To enable the user immediately, clear the Disabled checkbox. Click Add User to create the user.
    The first time the new user logs in, they must change the password.
  4. From the User Browser, click Roles for the new user to display the User Role Form pane.
  5. Select CLI, along with any additional roles that the user requires.
    Note: Many GuardAPI commands are associated with specific applications and their roles. That is, only a user with the accessmgr role can view and run access management commands (such as create_user).
  6. Click Save to grant the specified roles to this user.

What to do next

After you create a user with the CLI role (along with any other roles they need), that user can log in and use the CLI as follows:
  1. From the CLI, log in as one of the guardclin users (that is, guardcli1 to guardcli9 ). For example:
    ssh guardcli2@company.com
  2. Run the set guiuser CLI command to associate the new user with the guardcli user. The first time the user logs in, they are prompted to change their password. For example, if you created a user with CLI privileges for Hadrain Swall:
    company.com> set guiuser Hadrian.Swall
    Enter current password:
    First login as Hadrian.Swall. Please change the default password.
    Enter new password:
    Re-enter new password:
    ok

    For more information about set guiuser, see User Account, Password, and Authentication CLI Commands.

  3. The user, Hadrian Swall, can now access to any GuardAPI commands that are available for the associated roles.