Skip to end of metadata
Go to start of metadata

To create local users and groups in SuperADMIN, use the account command.

This page contains a worked example of:

  • Creating new user accounts for the users John Smith and Jane Doe.
  • Creating a group called standardusers.
  • Adding the new users to this group.

To create these new users, login to SuperADMIN, then use the following commands:

  1. Create the user accounts:

    > account createuser jsmith "John Smith" us$rpwd!
    > account createuser jdoe "Jane Doe" us$rpwd2!

    In this example:

    • jsmith and jdoe are the unique IDs for these new users.

    • John Smith and Jane Doe are the display names for these users. Quotes need to be used because the names have a space in them.
    • The passwords are specified inline. As an alternative you can omit the password and you will be prompted to enter and confirm the user password.
  2. Create the new group:

    > account creategroup standardusers "Standard System Users"
  3. Add the new users to this group:

    > account jsmith addmembership standardusers
    > account jdoe addmembership standardusers
  4. We now can check the group to confirm the list of group members using the following command:

    > account standardusers users
    [jdoe:Jane Doe, jsmith:John Smith]

    These new users can now login using one of the clients, but they will not have access to any databases on this server. To change that, we need to use the cat command.

  5. Suppose we want to give these users access to the sample Retail Banking database. We can do this by giving the new group access, using the cat command:

    > cat bank access standardusers read true

    In this case bank is the internal ID for the Retail Banking database. You can find out the database ID of any database by typing the cat command on its own (this will list all the databases on this server, showing their database IDs).

The two new users can now login using one of the clients (such as SuperCROSS or SuperWEB2) and access the Retail Banking database.

Other Typical Settings

The following are some other typical changes you might need to make to the user accounts. All of these commands are explained in more detail in the account reference page:

OperationDescriptionExamples
Check or set the maximum login attempts before an account is locked

As a security measure, you can configure user accounts to automatically lock if the wrong password is entered a certain number of times.

Use the maxattempts command to check and set this parameter.

account maxattempts 3
Set the lock time for accounts

If an account becomes locked because of too many failed logins you can set a time (in seconds) before the account automatically unlocks. During this time the user will not be able to login even if they specify the correct credentials.

If you set the locktime to 0 then accounts will never unlock automatically, and will have to be manually unlocked by an administrator in SuperADMIN.

account locktime 60
Lock or unlock a user's accountUse the lock and unlock commands to manually lock or unlock a user's account.
account jsmith lock
account jdoe unlock

Change a user's password

 Use the setpassword command to change a user's password. You will be prompted to enter the new password.
account jsmith setpassword

Note about Deleting Users and Groups and Reuse of User and Group IDs

If you delete a user account or group, you are recommended not to reuse the ID when creating subsequent users or groups. Due to a known issue, in some cases a new user or group may inherit the permission of the previous user or group, if they share the same user ID.

For this reason, you are recommended not to reuse IDs from previously deleted users and groups when creating new users and groups. The problem only occurs when IDs are reused; you can use the same display name as a previously deleted user or group and the issue will not occur (as long as the ID is different).

Learn More...

  • No labels