epadmin-user

epadmin user target — Manages user names in a local authentication realm.

SYNOPSIS

epadmin [globalparameters] command user [commandparameters]

DESCRIPTION

Use the user target to manage user names, passwords, and roles in a local authentication realm. The TIBCO Streaming security model is documented in StreamBase Security Model.

The user target has four commands:

The designation [sn|ad] in syntax examples is a reminder that this command requires either the global parameter ‑‑servicename or the ‑‑adminport and ‑‑hostname combination to identify the node or cluster of interest.

epadmin add user

Adds a user to the specified or default local authentication realm.

epadmin [sn|ad] add user --username=auser --roles=monitor
epadmin [sn|ad] add user --username=auser --password=supersecret --roles=monitor,administrator --locked
epadmin [sn|ad] add user --username=auser --roles=monitor --passwordexpirationdays=10
epadmin [sn|ad] add user --username=auser --roles=monitor --realm=my-local-authentication-realm
Command Parameter Description Required
locked Boolean to lock the user's account. true locks the account, false leaves the account unlocked. No. The default value is false.
password Password. If not provided, a prompt is displayed. Yes.
passwordexpirationdays Password expiration time, in days. A value of 0 means that the password does not expire. No. The default value is 0.
realm Add user to this local authentication realm. No. The default value is default-realm.
roles Comma separated list of roles to which this user belongs. Yes. At least one must be specified.
username User name. Yes.

epadmin display user

Displays local authentication realm user names and their settings. Several lines of the output refer to settings of the account lockout feature.

epadmin [sn|ad] display user
epadmin [sn|ad] display user --realm=my-local-auth-realm

Example:

epadmin --servicename=A.sbuser display user
[A.sbuser] Realm Name = default-realm
[A.sbuser] User Name = bwright
[A.sbuser] Password Expiration (Days) = 0
[A.sbuser] Account Locked = false
[A.sbuser] Lock Reason = not currently locked
[A.sbuser] Time Remaining Before Auto-Unlock (minutes) = disabled
[A.sbuser] Failed Login Lockout Threshold = disabled
[A.sbuser] Failed Login Lockout Duration (minutes) = disabled
[A.sbuser] Roles = administrator, switchadmin
[A.sbuser] Authentication via Secure Communication Allowed = true
[A.sbuser] Password Always Required = false
[A.sbuser] Trusted Host Membership Required of Client = false
Command Parameter Description Required
realm Filter output to a specific realm. No. All local authentication realms are displayed by default.

epadmin remove user

Removes a user from the specified or default local authentication realm.

epadmin [sn|ad] remove user --username=auser
epadmin [sn|ad] remove user --username=auser --realm=my-local-auth-realm
Command Parameter Description Required
realm Remove user from this local authentication realm. No. The default value is default-realm.
username User name. Yes.

epadmin update user

Updates an existing user's account values.

Note

This command cannot be used to change a user's password. Use epadmin-password(1) command to change a user's password.

epadmin [sn|ad] update user --username=auser --roles="monitor,administrator"
epadmin [sn|ad] update user --username=auser --locked=false
epadmin [sn|ad] update user --username=auser --roles=monitor --passwordexpirationdays=20
epadmin [sn|ad] update user --username=auser --roles=monitor --realm=my-local-auth-realm --locked
Command Parameter Description Required
locked Boolean to lock the user's account. true locks the account, false unlocks the account. A user account can be locked interactively with this command, or if the number of login attempts exceeds the number set in the node's configuration, if any. See account lockout feature in the StreamBase Administration Guide. No. The default value is false.
passwordexpirationdays Password expiration time, in days. A value of 0 means that the password does not expire. No. The default value is 0.
realm Update the specified user in this local authentication realm. No. The default value is default-realm.
roles Comma-separated list of roles for this user. Yes. At least one must be specified.
username User name. Yes.