In this section:

Creating and Editing Users (Admin)

The User and Session Management configuration provides tools for creating user accounts, monitoring the list of logged-in users, and closing a session when necessary. 

As user 'admin,' go to Administration > Users and Application Management > User and Session Management. The User Management window is displayed.


The User Management window includes three tables that appear as separate frames:

  • User Sessions
  • NETCONF Sessions
  • Users

The parameters (displayed as column heads) in the tables are:

TableColumnDescription


User Sessions

UserThe name of the user.
Remote SystemThe IP address of the system from which the user is remotely accessing the SBC.



NETCONF Sessions

UserThe name of the user.
Session IDA unique ID is assigned to a particular session by the SBC.
Session State

The state of the session - whether the SBC is being actively used by the user or the session is idle.

  • Idle
  • In Use
Session LockThe value of this parameter denotes whether the SBC has locked a session or is in an unlocked state.




Users

UserThe name of the user.
RoleThe user's role indicates the privileges and levels of access the user has during a session.
Account Expiration

Indicates whether the account can expire.

  • Enabled
  • Disabled
Password Expiration

Indicates whether the password can expire.

  • Enabled
  • Disabled
Account

Indicates the current state of the account.

  • Enabled
  • Disabled

 

Note

If the web browser crashes, hangs, or is manually closed while logged into the EMA GUI, the EMA session will still remain open. Manual intervention by the administrator is required to terminate the session from the EMA GUI. To terminate a user session, click the "x" icon at the far right of the user session entry. 


Note

For security protection, the Netconf interface does not support "/aaa" records.

Note

To terminate a NETCONF session that is not locked, click the "x" icon at the far right of the NETCONF session entry.

Create a User

  1. On the SBC main screen, navigate to Administration > User and Application Management > User and Session Management.
  2. Click New User on the Users section of the User Management window. The Create User window appears:

  3. In the User field, enter a username for the new user you are creating. 

    The following user-naming rules apply:

    • Usernames can begin with A-Z a-z _ only.
    • Usernames cannot start with a period, dash, or digit.
    • Usernames can contain a period(.), dash(-), alphabetic characters, digits, or underscore(_).
    • Usernames cannot consist of digits only.
    • Usernames can contain a maximum of 23 characters.

    The following names are not allowed:

    tty disk kmem dialout fax voice cdrom floppy tape sudo audio dip src utmp video sasl plugdev staff users nogroup i2c dba operator


  4. In Role, select the type of role to assign to this user.  For descriptions of the roles, refer to Managing SBC Core Users and Accounts
    • Administrator
    • Calea
    • FieldService
    • Guest
    • Operator
    • SecurityAuditor 
  5. Specify the following options for the new user account:
    • Allow Interactive Access (CLI and EMA): Enable this flag to allow the user to access interactive interfaces such as CLI/EMA.
    • Allow Machine to Machine Access (REST): Enable this flag to allow the specified user machine-to-machine access to the RESTCONF API. By default, this is Enabled.
    • Account Expiration Enabled: If checked, the current user account expires as per the account expiration parameters set in the Application Management window. For more information, refer to Users and Application Management - Application Management. An account can expire in either of the following conditions:
      • Number of failed log in attempts, set in the Application Management window. 
      • Number of days the account is unused, set in the Application Management window. 
    • Password Expiration Enabled: If checked, the current account's password will expire after a duration specified in the Application Management window. For more information, refer to Users and Application Management - Application Management.
    • Account Enabled: If checked, the account will be enabled immediately.
    • Access Type: Specifies the type of access that should be given to this user. The options are:
      • Public Key Only (CAC Card): The user can login only with U.S. Department of Defense's Common Access Card (CAC) for authentication.
      • Password and Public Key: The user can login with the provided password along with the U.S. Department of Defense's Common Access Card (CAC) for authentication.
  6. Click Save. A temporary password is provided for the user to initially log in and then create a new password.

Note

Each new user will initially receive an auto-generated temporary password which must be changed upon initial login to the system. Except for the admin user, users are not allowed to change their password more than once per calendar day.

Edit Users

The access permission, role, and account-related information can be modified for an existing user.

Note

"Call Trace User" is a special category user for which editing and changing password is not supported.

  1. In the Users section of the User Management screen, click the button adjacent to the account you want to edit. The Edit User window appears.

  2. You cannot edit the name of the user, but you can modify the following settings. See Create a User above for descriptions of the options.

    • Role
    • Allow Interactive Access (CLI and EMA)
    • Allow Machine to Machine Access (REST)
    • Account Expiration Enabled
    • Password Expiration Enabled
    • Account Enabled
    • Access Type

  3. Click Save to save your edits.

Reset Password

The Administrator can reset the password for any user. 

  1. In the Users list, click the button adjacent to the account for which you would like to reset the password. The Edit User window appears.
  2. Click Reset Password. A temporary password is created for that user.......

  3. You can optionally click the email icon (envelope) at the bottom right of the window to email the temporary password to yourself.
Note

Use this temporary password to log on to the SBC system. Once logged in, you will be prompted to change the password to a custom one.


You must run the following command on the OAM after changing the temporary password to push the new password to the the non-OAM nodes.

request system admin <SYSTEM NAME> saveAndActivate

Refer to System - Admin - Password Rules for details on setting passwords.

Creating and Editing Secondary CALEA Users

 

Modified: for 12.1.2



Previously, the User and Session Management screen was exclusively available to admin users, who were only authorized to create one user under the Calea group named "calea." Additionally, the calea user was not permitted to create new users.

From release 12.1.2 onwards, the SBC is enhanced with the following functionality to support multi-country LI for VoLTE IMS:

User and Session Management enhancements

  • The User and Session Management screen is enabled for the calea user.
  • The calea user can create new users under the Calea group only.
  • The calea user can see Calea group users only in the User table. 
  • The Netconf sessions panel lists the Calea group users.
  • The User and Session Management screen is not visible to new Calea group users.
    • They can, however, perform all other operations of a calea user.
  • The admin user is able to view all SBC users.

LI Target Creation by multiple Calea group users

  • The SBC is enhanced to allow any user under the Calea group to manage LI Targets.
  • LI Targets created by one Calea group user is not visible to any other Calea group user.

Create CALEA Users

  1. Login as user 'calea' and navigate to User and Session Management. The User Management window is displayed.


  2. Click New User on the Users section of the User Management window. The Create User window appears:


  3. In the User field, enter a username for the new calea user you are creating. 

    The following user-naming rules apply:

    • Usernames can begin with A-Z a-z _ only.
    • Usernames cannot start with a period, dash, or digit.
    • Usernames can contain a period(.), dash(-), alphabetic characters, digits, or underscore(_).
    • Usernames cannot consist of digits only.
    • Usernames can contain a maximum of 23 characters.

    The following names are not allowed:

    tty disk kmem dialout fax voice cdrom floppy tape sudo audio dip src utmp video sasl plugdev staff users nogroup i2c dba operator


  4. The Role field is hard-coded to "Calea."  
  5. Specify the following options for the new user account:
    • Allow Interactive Access (CLI and EMA): Enable this flag to allow the user to access interactive interfaces such as CLI/EMA.
    • Allow Machine to Machine Access (REST): Enable this flag to allow the specified user machine-to-machine access to the RESTCONF API. By default, this is Enabled.
    • Disabling of Account Enabled
    • Password Expiration Enabled: (This option is not editable by the calea user)
    • Account Removal Enabled: (This option is not editable by the calea user)
    • Account Enabled: If checked, the account will be enabled immediately.
    • Account Type: (This field is not editable by the calea user
  6. Click Save. A temporary password is provided for the user to initially log in and create a new password.

Edit CALEA Users

The access permission, role, and account-related information can be modified for an existing user.

  1. You cannot edit the name of the user, but you can modify the following settings. See Create a 'calea' User above for descriptions of the options.

    • Allow Interactive Access (CLI and EMA)
    • Allow Machine to Machine Access (REST)
    • Disabling of Account Enabled
    • Account Enabled
  2. Click Save to save your edits.