mkusergrp
Use the mkusergrp command to create a new user group.
Syntax
Parameters
- (Required) Specifies the unique user group name. The group name cannot start or end with a blank. The group name must consist of a string of 1 - 64 ASCII characters, except for the following characters: %:",*'.
- (Required) Specifies the role (by ID or name) to be associated with all users that
belong to this user group. One of the following roles must be selected:
- Monitor
- CopyOperator
- Service
- Administrator
- SecurityAdmin
- VasaProvider
- RestrictedAdmin
- 3SiteAdmin
- (Optional) Specifies if this user group should be used to set the role of remote users. The default value is no.
- (Optional) Specifies whether the multifactor authentication access must be disabled for this
user group.
Value can
be yes or no.Note: The -multifactor parameter can only set to yes when a multi-factor authentication service has been enabled first. All users in the user group will use this setting, except for the superuser.
- (Optional) Specifies if this user group should have password and SSH key required or not. Value can be yes or no.
- (Optional) Specifies whether the GUI access must be disabled for this user group. Value can be yes or no.
- (Optional) Specifies whether the CLI access must be disabled for this user group. Value can be yes or no.
- (Optional) Specifies whether the REST-API access must be disabled for this user group. Value can be yes or no.
Description
The mkusergrp command creates a new user group to organize users of the system by role. Use the lsusergrp command to view a list of user groups that have been created on the clustered system.
You must have the security administrator role (SecurityAdmin role name) to create, delete, or change a user group. For more information, refer to User role.
When two person integrity (TPI) is enabled, a restricted security administrator user will need an approved role elevation to create new user groups of security administrator role.
The command returns the ID of the created user group.
An invocation example
mkusergrp -name MFA_Disabled_Group -role 0 -multifactor no -passwordkeyrequired yes
Modifying the authentication setting for this user group will affect logins for all users in the group.
Are you sure you want to continue? (y/yes to confirm) yes
The resulting output:
User Group, id [6], successfully created