Creating a User and Attaching the User to a Role

Prerequisites

You have logged in to the NetEco as a security administrator.

Context

If only a few users are required, create them one by one.
If multiple users need to be created or users are obtained from the files exported from other systems, create users in batches.
If a user has logged in to the management system, disabling the user will force a logout of the user. Therefore, exercise caution when performing this operation.

Procedure

Creating a single user

Choose System > System Management > User Management from the main menu.
In the navigation pane, choose Users.
On the Users page, click Create.

You can quickly create a user by clicking Copy in the Operation column of a user and adjusting the information as required.
On the displayed page, set basic user information.
Users are classified into three types: Local, Third-party, and Remote, with different parameters for each user type.
- To create a user for logging in to the local system, set the user type to Local.
- In the scenario that a third-party system is connected, set the user type to Third-party. Third-party users can log in only through the third-party authentication interface, and are not allowed to log in using a web browser.
- To create a user for interconnecting an LDAP or RADIUS server, locally create a user with the same username as a user on the LDAP or RADIUS server and set the user type to Remote.

Click Advanced Settings, set parameters such as Max. online sessions, and click Next.

Parameters are described in Table 1.

**Table 1** Advanced parameters
Parameter	Description	Value Range
Max. online sessions	Maximum number of online sessions of an account.	By default, this parameter is disabled, indicating that the number of the user login sessions is not limited. If this parameter is enabled, the value range is from 1 to 500. The setting of this parameter is described as follows: If Max. online sessions is set to 1, Login when maximum online sessions already in use can be Not allowed or Log out of the session. Not allowed: After the number of online sessions reaches the upper limit, the user cannot log in to the management system. Log out of the session: After the number of online sessions reaches the upper limit, the user's subsequent session causes the logout of a previous session. If Max. online sessions is set to a value from 2 to 500, Login when maximum online sessions already in use is Not allowed and the value cannot be changed.
Account validity	Number of days during which an account can log in to the management system.	By default, this parameter is disabled, indicating that the account is permanently valid. If this parameter is enabled, the value range is from 1 to 180 (unit: day). This user account is not allowed to log in to the management system after the validity period elapses, and the user needs to contact the security administrator.
Allowed logins	Number of times during which an account can log in to the management system.	By default, this parameter is disabled, indicating that the number of the user account's login times is not limited. If this parameter is enabled, the value range is 0 to 10. The user account is not allowed to log in to the management system after the allowed login times are used up, and the user needs to contact the security administrator.
Auto-logout if no activity within	If a user does not perform any operation within the period specified by this parameter after logging in to the management system, the user will be logged out. This parameter can be set for local users and remote users. The default value for the third-party user is 30 minutes and cannot be changed.	The default value is 30 min. The value can be System setting (subject to the system account policy), 10 min, 30 min, 2 h, 6 h, 12 h, 24 h, 48 h, or Unlimited.
Enable the user policy if no login within a period	If a user does not log in to the management system for the period specified by this parameter, one of the following policies will be taken: Deleting users Disabling a user Unlimited	By default, a user is disabled if the user remains offline for 60 consecutive days. The value range of this parameter is 1 to 1000 days. By default, this parameter is unselected. In this case, the account policy in the system applies to this user. If this parameter is selected, the system deletes or disables a user based on the selected policy when the period during which this user does not log in reaches the value specified by this parameter.
Compulsory password renewal	Password validity period policy. (This parameter is not displayed during the creation of remote users.) Password validity (days) In advance warning before password expires (days) Min. password usage period (days)	By default, this parameter is unselected. In this case, the password policy in the system applies to this user. If this parameter is selected, the system prompts the user to change its password if the usage period of the password reaches the values specified by this parameter. The default value of Password validity (days) is 90, and the value range is from 2 to 999. 0 indicates that the password never expires. The default value of In advance warning before password expires (days) is 10, and the value range is from 1 to 99. The default value of Min. password usage period (days) is 10, and the value range is from 1 to 999.

If the same parameters are set in Advanced Settings and Account Policy, the settings in Advanced Settings are used.For details about how to set the account policy,see Setting the Account Policy.
If the same parameters are set in Advanced Settings and Password Policy, the settings in Advanced Settings are used.For details about how to set the password policy,see Setting the Password Policy.

Select the role to which the user is attached and click Next.
Click a role name to view the permissions of the role.

You can create a role and attach the user to the new role. For details about how to create a role, see Creating a Role and Granting Permissions. After creating a role, you can click Refresh on the role list page and select the new role for the user from the role list.

When creating a user as the system administrator user, you are advised not to attach the new user to both the Administrators and SMManagers roles to ensure system security. A user attached to both the Administrators and SMManagers roles has the maximum permissions of all resources in the system. Exercise caution when using such users to perform operations and do not perform any operations that affect system security. For example, do not share or disclose the names and passwords or names of these users.
Select a login time policy and a client IP address policy for the user.
You can also click Create to create a login time policy or client IP address policy as needed.
Click OK.

Creating users in batches

Choose System > System Management > User Management from the main menu.
In the navigation pane, choose Users.
On the Users page, click and choose Import Users.
On the Import Users page, click the template name to download the template and enter user information in the template.

The system provides two template formats: User Template.xls and User Template.xlsx, and you can edit the template in .csv format. Select a template format as required.
Choose Create Users to import users.

If the passwords for the non-remote users are not configured in the imported file, set the passwords on the page.
Click . In the displayed dialog box, select the edited template.
Click Create. After the import is complete:
1. On the displayed page, view the number of successfully imported users and the number of users who fail to be imported.
2. In the Result list, view the imported users and their details.
3. If partial failure occurs, modify the user information that failed to be imported based on the details, and import them again.
Click OK.