Use this page to create one or more users for the cluster.
A user can be a member of up to
64 groups. To assign a user to a group, both the user and the group
must have the same registry type.
Fields
- User name
- Specify a unique name for the user that you are
creating. To ensure that your user database remains uncorrupted, you
must be careful when naming users. User names must not begin with
a hyphen (-), plus sign (+), at sign (@), or tilde (~). Additionally,
you cannot use any of the following characters in the name: colon
(:), single quotation mark (’), double quotation mark ("), number
sign (#), comma (,), equal sign (=), forward slash (/), backslash
(\), or a space ( ).
- User ID
- Specify a unique decimal integer string to associate with this
user account on the system. If you do not specify a user ID, one is
specified for you.
For a local registry configuration, PowerHA® SystemMirror creates this
user ID on all cluster nodes. For a Lightweight Directory Access Protocol
(LDAP) registry configuration, PowerHA SystemMirror creates this
user ID on the LDAP server.
Home directory
Specify the full path of the home directory for the user. 
- Primary group
- Select a group as the primary group to which the user is to belong.
The primary group is the group under which the user accesses PowerHA SystemMirror for the first
time. If you do not specify a primary group, one is specified for
you.
Administrative user
Select whether to designate this user as an administrator.
- Registry
- Indicates the type of registry that you selected on the Configure
registry page of this wizard. The registry is the storage location
for all information and credentials for the user.
- Role
- Select a predefined role for the user. Roles define the tasks
and information in PowerHA SystemMirror that
a user can access. You must select a role for the user only if the
value is LDAP for the Registry property.
Select one of the following roles for the user:
- ha_admin
- This PowerHA SystemMirror administrator
role gives operator, configuration, and other privileges to the user
that the administrator role provides. Examples of administrator privileges
include being able to change the server user ID and password, configuring
authentication and authorization mechanisms, and enabling or disabling
administrative security.
Note: Only an LDAP administrative
user can assign users to administrator roles.
- ha_mon
- This PowerHA SystemMirror monitor
role gives the user monitor privileges and the capability to change
the runtime state of PowerHA SystemMirror.
Examples
of monitor privileges include tasks such as stopping the server, starting
the server, and monitoring server status.
- ha_op
- This PowerHA SystemMirror operator
role gives the user the capability to view reports. Examples of reports
that this user can view include the WebSphere® application controller configuration
and the current state of the application controller.
- ha_view
- This PowerHA SystemMirror viewer
role gives the user the capability to view PowerHA SystemMirror log files
in the /var/hacmp* /var/log/clcomd directory.
- Login authentication grammar
- Indicates the method for the user to authenticate successfully
before gaining access to the system. If LDAP is defined for the cluster,
LDAP is the default value.
- EFS keystore access
To configure this property,
you first must configure EFS in this wizard. Select
whether to create a keystore file for this user that provides access
to Encrypted File Systems (EFS). If you select Yes, you can provide
information for the following EFS properties:- Keystore password mode
- Select one of the following modes to define how
the keystore password for the root user or other privileged users
can be reset:
- Admin
- Allows privileged system users (for example, the root user) to
reset the user keystore password. This option does not allow these
users to access the user EFS file system.
- Guard
- Prevents administrative users from resetting the user keystore
password.
- Keystore encryption algorithm
- Select the algorithm to use for generating the private key for
the user within the keystore. This key protects the encrypted key
for files that the user creates within EFS. The default value is RSA_1024.
- Administrative access
Indicates the location for storing the EFS administrator
keystore file in the keystore of the user. This property is set to
either the LDAP or the Local value,
based on the value of the Registry property.
- File encryption algorithm
- Select the encryption algorithm for encrypting files that the
user creates in an EFS. The default value is AES_128_CBC.

For more information
about adding users to security groups for clusters, see the Adding users to security groups topic in the AIX® Information Center.
Actions
- Add Another
- Click Add Another to add another set of
property fields so that you can configure another user.
- Remove
- Click Remove to remove a configured user
and to remove all content from the property fields for that user.