Local user accounts

Edit online

The local user accounts allowed to access the GUI, CLI, or REST API when local authentication is enabled.

In TS4500, the following default user accounts exist on the library:
  • admin: The default admin user account with an initial password of admin is the default user account that is used to manage the library. This user account is mapped to the Administrator role and can perform all library tasks, including managing access and security, but cannot access service-related functions. As with other user accounts, the password must be reset on first login.

    If you want to delete the admin account, you need to first create a new user account with the Administrator role in the Access > Users page. After you create the new user account with Administrator role, log in to the new user account and delete the default admin account.

    During remote authentication setup, the Remote Authentication wizard confirms that the remote user repository has at least one mapping to a user with the Administrator role.

  • localUser: The default localUser is used internally by the integrated management console (IMC) to ensure that the library can be queried by this device even when no user is logged in to the Management GUI on the IMC. The user account is mapped to the Monitor role and can view all physical and library configuration but cannot modify it. The password for this user account is maintained internally by the library and this specific user account cannot be accessed through the management Ethernet ports.

    This specific user account cannot be deleted. After you set up remote authentication, this account is left active to continue to allow the IMC to access the library.

  • Service: The default Service user account is created so that the IBM Support has a known way to log in to the library. It is mapped to the Service role and can view all library configuration and perform service-related functions, such as calibrating library components and performing diagnostic tests. The default password is ibm2serv which is set to never expire on this specific user account. You can modify this password by using a user account with the Administrator role. If the password is modified in this way, it is subject to expiration as normal.

    This specific user account cannot be deleted. Also, it can execute additional service functions beyond what other Service role user accounts can do. Finally, unlike other user accounts, this account may only be logged in to when connected through the service or TSSC Ethernet port.

    No verification is done during remote authentication setup to ensure that a user with the Service role mapping exists in the remote user repository. However, it is recommended that one exist.

In Diamondback, the following default user accounts exist on the library:

  • admin: The default admin user account with an initial password of admin is the default user account that is used to manage the library. This user account is mapped to the Administrator role and can perform all library tasks, including managing access, security, and service-related functions. As with other user accounts, the password must be reset on first login.

    If you want to delete the admin account, you need to first create a new user account with the Administrator role in the Access > Users page. After you create the new user account with Administrator role, log in to the new user account and delete the default admin account.

    During remote authentication setup, the Remote Authentication wizard confirms that the remote user repository has at least one mapping to a user with the Administrator role.

  • Service: The default Service user account is created so that the IBM Support has a known way to log in to the library. It is mapped to the Local Service role and can view all library configuration, perform service-related functions such calibrating library components and performing diagnostic tests. The user accounts mapped to Local Service role may only be logged in when connected through the service or TSSC Ethernet port. The default password is ibm2serv which is set to never expire on this specific user account, although you can modify this password by using a user account with the Administrator role. If the password is modified in this way, it is subject to expiration as normal.

    No verification is done during remote authentication setup to ensure a user with the Service role mapping exists in the remote user repository. However, it is recommended that one exist.