Managing Users

By configuring system administrators, you can effectively ensure the security of system data. Only the default super administrator has the right to manage users. The super administrator can modify user information, delete users, force users to go offline, lock users, and unlock users.

About Users

By configuring different users, you can configure system security policies, implement rights-based service management, and monitor and manage online users in real time.

User Roles and Permissions

The eBackup system provides three user levels: super administrator, administrator, and common user. describes their permissions.

A maximum of 2000 users can be created in the system.

**Table 1** User permissions
Role	Description
Super administrator permissions	The system provides a default super administrator admin. This user has all operation rights and can manage all resources. The default super administrator cannot be deleted, locked, deleted, or forcibly logged out. The super administrator can change its own login password. The default super administrator can create administrators and common users to implement rights-based service management.
Administrator	Has all rights except system settings. After logging in to the system as an administrator, you can view only your own user information, operations, and events generated by the system.
Common user	Common users have only the permission to view system resources. After logging in to the system as a common user, you can view only your own user information, operations, and events generated by the system.

System Security Policy
System security policies include password policies and login policies. For details about how to configure system security policies, see "Configuring Security Policies" in Related Operations.
- A password policy defines parameters such as the password length, complexity, validity period, and expiration notification time threshold for users logging in to the eBackup backup management system.
- A login policy defines the session timeout period for a user to log in to the eBackup management system, whether the user is automatically locked by the system after the number of consecutive incorrect password attempts reaches a specified value, and how long the user is automatically unlocked.

For details about all accounts of the eBackup system, see Account Information Overview.

Related Operations

Operation	Navigation Path	Description	Key Parameters
Configuring Security Policies	On the navigation bar, choose > Account > Security Policy.	Background System security policies include password policies and login policies. Perform this operation when you want to improve system security. Precautions For security purposes, you are advised to enable Password validity period (days), Minimum password validity period (minutes), and Password lock. The value of Password Advance Warning Threshold must be less than or equal to the value of Password Validity Period. If the former value is greater than the latter value, the password warning threshold automatically changes to the current password validity period. The minimum password validity period must be shorter than or equal to the password validity period. Otherwise, the system displays an error message.	Session Timeout (minutes) The session timeout period refers to the period during which a user's session with the eBackup backup management system is disconnected due to timeout. After a user logs in to the eBackup system, if the user does not perform any operation within the session timeout period, the current session is disconnected due to timeout. When you perform operations on the eBackup system again, you need to log in to the system again. Errors Maximum number of allowed consecutive incorrect password attempts. When the number of incorrect password attempts reaches the value of this parameter, the system automatically locks the account. NOTE: This parameter is available only when Password Lock is enabled. After an account is locked, the super administrator can manually unlock the account. Alternatively, the system automatically unlocks the account after the preset automatic unlocking time. Automatic Unlock in (Minutes) Duration after which an account is automatically unlocked. You can set this parameter when Password Lock is enabled. This parameter takes effect only for user accounts automatically locked by the system. If an administrator account or a common user account is manually locked by the super administrator, the locking duration does not take effect. Only the super administrator can manually unlock the account. The automatic unlocking time takes effect only for administrator accounts and common user accounts. The super administrator will be automatically unlocked 15 minutes after being locked.
Viewing user details	On the navigation bar, choose > Account > User.	Background Perform this operation when you want to view the basic information, role, and lock status of a user. Precautions After logging in to the system, the super administrator can view information about all users. Administrators and common users can view only their own user information after logging in to the system.	Type Type of a user. The options are as follows: Local Users A local user is a man-machine interaction account (local authentication) and is used to log in to the eBackup system to manage backup and restore services. LDAP user An LDAP user is a man-machine interaction account (LDAP authentication). It is used to log in to the eBackup system to manage backup and recovery services. Interface interconnection user The interface interconnection user is a machine-machine interaction account and is used to interconnect the eBackup management system with other systems. eBackup provides a preset interface interconnection user. The default user name is NBIUser, and the default password is Huawei@CLOUD8!. CCR-Node roles User role. For details about role types and their rights, see. NOTE: Administrators and common users can only search for themselves in the search box in the upper right corner. Pin Status Check whether the user is automatically locked by the system or locked by the super administrator. NOTE: If the IP address is locked, you can click Lock IP to view the IP address of the node that is locked due to incorrect password of the interface interconnection user.
Creating a user	On the navigation bar, choose > Account > User and click Create.	Background Perform this operation when you want to create users with the administrator and common user roles to restrict different users' operations on the system and improve system security. Precautions The super administrator has the highest rights in the system. Log in to the system as the super administrator.	Type For details about how to create a user type, see "Viewing User Information" in Related Operations. Users of the Interface interconnection user type have the administrator rights. Role Role of the new user. For details about role types and their rights, see. Create users based on the operation rights of users with different roles defined in the system to restrict user operations on the system, ensuring service system stability and service data security. Password Login password of the new user. The default password complexity requirements are as follows: Contains 8 to 16 characters. Contains at least one special character chosen from !"#$%&'()*+,-./:;<=>?@[\]^`{_\|}~ and spaces. Contains at least two types of uppercase letters, lowercase letters, and digits. Cannot contain three consecutive same characters. Cannot be the same as the user name or the user name in reverse order. Besides, passwords in the blacklist are invalid. The blacklist file is stored in the /opt/huawei-data-protection/ebackup/conf directory on the backup server. Passwords in the blacklist are case insensitive. Maximum number of user connections Indicates the maximum number of sessions for a single user. If this parameter is not set, there is no restriction.
Modification of user details	On the navigation bar, choose > Account > User. Move the mouse pointer to the user to be modified and click in the button area on the right.	Background Perform this operation when you want to modify user information, for example, reset the passwords of administrators and common users and change user roles. Precautions Only the information about users except the super administrator can be modified. After resetting the password when modifying user information, notify the corresponding user to use the new password to log in to the eBackup system. NOTE: If an interface interconnection user has been used to configure the eBackup driver, you need to reconfigure the eBackup driver once the password of the interface interconnection user is changed.	None
Delete the user.	On the navigation bar, choose > Account > User. Move the mouse pointer to the user to be deleted and click in the button area on the right.	Background The super administrator can delete an administrator or common user account that is no longer needed. Precautions Only the super administrator can delete a user. The super administrator cannot delete itself.	None
Forcing a subscriber to go offline	On the navigation bar, choose > Account > User. Move the mouse pointer to the user to be forced offline and click in the button area on the right.	Background The super administrator can force an administrator or a common user to log out of the system. Precautions Only the super administrator can force a user to go offline. The super administrator cannot force itself to go offline.	None
Locking a user	On the navigation bar, choose > Account > User. Move the mouse pointer to the user to be locked and click in the button area on the right.	Background Perform this operation when you want to lock a user with the administrator or common user role. Precautions Only the super administrator can lock a user. The super administrator cannot lock itself. A locked user cannot log in to the eBackup system. The super administrator can lock a user in either of the following ways: Automatic lock: You can set Password lockout and Number of incorrect password attempts in the password policy to automatically lock a user whose number of consecutive incorrect password attempts exceeds the upper limit. For details, see "Configuring Security Policies" in Related Operations. Manual locking: A user is manually locked. The locked user can log in to the system only after being manually unlocked by the super administrator.	None
Unlocking a User	On the navigation bar, choose > Account > User. Move the mouse pointer to the user to be unlocked and click in the button area on the right.	Background Perform this operation when you want to unlock a user with the administrator or common user role. Precautions Manually unlock a locked user in the system. You can unlock the account in either of the following ways: Automatic unlocking: If Password Lock is set in the password policy, the system automatically unlocks the user when the locking duration expires. Manual unlocking: The super administrator can manually unlock a user that is automatically or manually locked.	None