Creating a user who can run GuardAPI commands
Create a user who has the proper roles and entitlements to run GuardAPI commands from the command-line interface (CLI).
About this task
You can use the Guardium CLI to run both CLI commands and GuardAPI functions. This task describes how to create a user with access to the GuardAPI functions.
- Log in as accessmgr to create a user who can use GuardAPI commands. Select User Browser. to open the
- From the User Browser pane, click Add User.
- Complete the User Form. To enable the user immediately, clear the
Disabled checkbox. Click Add User to create the
The first time the new user logs in, they must change the password.
- From the User Browser, click Roles for the new user to display the User Role Form pane.
- Select CLI, along with any additional roles that the user
requires. Note: Many GuardAPI commands are associated with specific applications and their roles. That is, only a user with the accessmgr role can view and run access management commands (such as create_user).
- Click Save to grant the specified roles to this user.
What to do next
- From the CLI, log in as one of the guardclin users (that is, guardcli1 to guardcli5
- Run the set guiuser CLI command to associate the new user with the guardcli
user. The first time the user logs in, they are prompted to change their password. For example, if
you created a user with CLI privileges for Hadrain
company.com> set guiuser Hadrian.Swall Enter current password: First login as Hadrian.Swall. Please change the default password. Enter new password: Re-enter new password: ok
For more information about set guiuser, see User Account, Password, and Authentication CLI Commands.
- The user, Hadrian Swall, can now access to any GuardAPI commands that are available for the associated roles.