Modifying a User
As a Super Administrator or User Administrator, you can modify any user account in Junos Space Network Management Platform. The only attribute that cannot be modified is the login ID.
The Modify User page has three areas—General, Role Assignment, and Domain Assignment—in which user information is grouped accordingly. Each user account can have multiple roles and a role can be associated with multiple users.
To modify an existing user account:
- On the Junos Space Network Management Platform user interface,
select Role Based Access Control > User Accounts.
The User Accounts inventory page appears.
- From the inventory page, select the user account that
you want to modify. For instructions on filtering and sorting, see Viewing Users.
You can modify only one user account at a time.
- From the menu bar above the table, click the Modify
User icon (the pencil icon).
The Modify User page appears, displaying the General area by default, with the existing account information for that user.
- You can change any of the information in the General area
except the login ID.
To generate a temporary password, select the Generate a temporary password check box. You generate passwords for new users or existing users whose passwords have expired. Generation of temporary passwords is supported only for local authentication mode. It is not supported for remote-local authentication or remote authentication modes.
To generate a temporary password, configure the following fields:
Temporary password will expire after—Specify the duration after which the temporary password expires. The user must log in to Junos Space within this duration and change the temporary password. Otherwise, after the expiry of the password, the user is not allowed to log in. When the temporary password expires, Junos Space displays the following message:
Your password has expired. Please contact your administrator.
The user must request the administrator for a new password.
By default, the temporary passwords expire after 24 hours of its generation. The administrator can enter a value from 1 through 10,000.
Temporary Password—View the temporary password generated by the Junos Space server. To generate another password, click Generate next to this field. The new generated password is displayed in this field.
Email password to user—Select this check box to e-mail the generated temporary password to the user. This check box is disabled if the SMTP server is not configured.
If the e-mail does not reach the user or the password is lost, the administrator needs to generate a new temporary password. There is no option to resend the old temporary password.
Tip:For the Junos Space server to automatically send the temporary password and expiry date by e-mail to the user, ensure that you configure:
The e-mail ID of the user in the Email field on the Create user page (the page that you are currently in)
The SMTP server that receives the e-mail from the Junos Space server and routes it to the intended recipient
You configure the SMTP server on the Administration > SMTP Servers inventory landing page. After configuring the SMTP server, test the connection between the Junos Space server and the SMTP server to ensure that communication between the servers is established. For more information about SMTP server configuration and how to test the configuration, see Adding an SMTP Server and Managing SMTP Servers.
To view the rules governing password creation, mouse over the information icon, the small blue i to the right of the Password field. To configure the password rules, see Modifying Junos Space Network Management Platform Settings.
To change the username, enter a new name in the First Name and Last Name fields.
To change the e-mail account, enter a new e-mail address in the Email field.
To change the maximum number of concurrent UI sessions for the user:
If the Use global settings check box is selected, clear it.
The Maximum concurrent UI sessions field becomes active.
Enter the number of sessions in the Maximum concurrent UI sessions field.
You can enter a value from 0 through 999. Entering 0 (zero) means that there is no restriction on the number of concurrent UI sessions allowed for the user. However, the system performance may be degraded if you allow unlimited sessions.
If you want to replace a user-specific value with the global value, select the Use global settings check box.
To change the idle time out — a period of inactivity after which the user session expires — setting for the user:
Note:You can configure user-specific idle time out from Release 17.1R1 onward.
If the Use global settings check box next to Automatic logout after inactivity is selected, clear it.
The Automatic logout after inactivity field becomes active.
Enter the number of minutes the user session can remain inactive before the session expires because of inactivity. You can enter a value in the range of 0 through 480. If you set the value to 0 (zero), the user session never expires.
If you want to replace a user-specific value with the global value, select the Use global settings check box.
If you select the Use global settings check box, the value you configured for the Automatic logout after inactivity (minutes) field under User Settings of the Modify Network Management Platform page (Administration > Applications > Modify Application Settings) is applied to the user.
(Optional) To upload an image file from your local file system:
Use the Browse button adjacent to the Image File field to locate the new user photo ID file.
You can upload BMP, GIF, JPG, and PNG image file formats.
Click Upload.
Junos Space Network Management Platform updates the photo ID file for the user account.
(Optional) To upload the user’s X.509 certificate file from your local file system:
Use the Browse button adjacent to the X509 Cert File field to locate the user’s X.509 certificate file on your local system.
You can upload certificate file formats with the following extensions: .der, .cer, and .crt.
Click Upload.
Junos Space Network Management Platform uploads and saves the certificate file for the user account. If you upload a certificate, the user is authenticated based on the certificate and not the user credentials (username and password). For more information about certificate-based user authentication, see Certificate Management Overview.
- To add or remove role assignments, click Role Assignment on the upper right of the Modify User page or click Next on the bottom right of the Modify User page.Tip:
When you install various applications in Junos Space, predefined roles for each of these applications are made available to you, and you can view these roles from the Role Based Access Control workspace. So when you want to restrict a user to a specific application, make sure that you assign the role specific to that application while creating or modifying the user.
To add role assignments, select one or more roles from the Available Roles column and click the right arrow to move the roles to the Selected Roles column.
To remove role assignments, select one or more roles from the Selected Roles column and click the left arrow to move the roles to the Available Roles column.
Select or clear the GUI Access and API Access check boxes depending on the type of access you want to allow for the user.
Select View All Jobs or View User’s Own Jobs Only to enable users to view jobs triggered by all users or view only their own jobs. By default, a user with the Super Administrator or Job Administrator role can view jobs of all users and you cannot modify this configuration.
- To add, remove, or change domain assignments, click Domain Assignment on the upper right of the Modify User page,
or click Next on the lower right of the Modify User page.
Select the domains to which the new user must be assigned. By default, the user is assigned to the Global domain.
Note:The user must be assigned to at least one domain.
- Click Finish at the bottom of the page to complete
the modification.
Junos Space Network Management Platform updates the user account with the changes you specified. However, a confirmation message appears if you have removed any role; for example, if you removed the Device Script Manager role from a user, a confirmation pop-up is displayed.
Perform one of the following tasks:
Click No to ensure that previously scheduled jobs are not affected. Junos Space Platform automatically adds the necessary role (that you removed) to the user ensuring that the user has the permissions to execute the jobs and that the jobs are not affected.
Click Yes to modify the user role. If you choose this option, scheduled jobs affected by this modification are not executed because this user no longer has access to the workspaces in which the jobs are scheduled. To ensure that the jobs are executed, you must reassign these jobs to another user. For more information, refer to the Reassigning Jobs topic.
When you remove the role, this user cannot perform any actions on the impacted job on the Job Management page, such as cancel the job, reassign the job, reschedule the job, and so on. The only actions permitted are: the user can tag the job and clear the selection of the job.
Note:When a job is executed, Junos Space Platform verifies whether the job owner has the permission to execute the job. If the job owner does not have the necessary permissions, the job is canceled. When you double-click the job, a message indicating that the user does not have the necessary permission to execute the job is displayed.
If the Email password to user check box is enabled during user modification, then the "Mail user password" job is triggered and an audit entry is made to record this action.
Related Documentation
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.