Manage users for a cluster

Use this task to create, view, and edit user properties.

A user can be a member of up to 64 groups and must have the same registry type as the groups, which it is assigned to.

Fields

User ID
Specify a unique decimal integer string to associate with this user account on the system. If you do not specify an user ID, one is specified for you.

The specified user ID is created on all cluster nodes or in the Lightweight Directory Access Protocol (LDAP) server. If you do not specify this value, the AIX® operating system can assign different user IDs on each node.

A mismatch of user IDs for an account can prevent a user from logging on to another cluster node in the event of a fallover.

Primary group
Select the group for the user to log in to for the first time. If you do not specify a primary group, one is chosen for you.
Registry
Select a method for storing authentication, group, and user information.
If Lightweight Directory Access Protocol (LDAP) is defined for the cluster, the default method is LDAP. If LDAP is not defined, Local is the default method and you cannot edit this value.
LDAP
All information and credentials are stored in the LDAP server.
Local
All information and credentials are stored locally on each affected node in the cluster. More than one node can be targeted.
Roles
Select a role for the user for PowerHA® SystemMirror.
Roles define the tasks that a user can access and perform. A selection for this field is required only if the registry type is LDAP.
Admin
The user has operator, configuration, and other privileges that are granted to the administrator role.

Examples of administrator privileges include modifying the server user ID and password, configuring authentication and authorization mechanisms, enabling or disabling administrative security, and others.

Note: An admin user can map users to the admin roles.
Monitor
The user has monitor privileges and access to change the runtime state.

Examples of monitor privileges include stopping and starting the server, monitoring the server status, and others.

Operator
The user is able to view reports such as the WebSphere® Application Controller configuration, the current state of the Application Controller, and others.
Viewer
The user is able to view PowerHA SystemMirror log files in /var/hacmp* /var/log/clcomd.
Login authentication grammar
Shows the method for the user to authenticate successfully before gaining access to the system. If LDAP is defined for the cluster, the default is LDAP.
EFS keystore access
Select an option to create a keystore file associated with this user that allows access to encrypted file systems (EFS).
Yes
A keystore file is created to use file systems with encryption enabled.
No
A keystore file is not created, and all other EFS attributes do not have effect.
Keystore password mode
Select the mode for resetting the keystore password for the root or other privileged users.
Admin
Privileged system users (for example, root) are allowed to reset the user keystore password, but they are not able to access the user EFS file system.
Guard
The administrative user cannot reset the user keystore password.
Keystore encryption algorithm
Select the algorithm that is used to generate the key for the user within the keystore. This key protects the encrypted key for files that the user creates within the EFS.
Administrative access
Specify the location for the EFS admin keystore file in the keystore of the user.
LDAP
Keystore attributes are stored in a centralized store called LDAP.
Local
Keystore attributes are stored locally in files. It is the common approach in the AIX operating system for the normal user, and for the group administration and management.
File encryption algorithm
Select the encryption algorithm and mode to be used for encrypted files when they are created in an EFS.

For more information about adding users to security group for clusters, see the Adding users to security groups topic in the AIX Information Center.