Users

Users are the administrators and direct users of the resource.

A user is a direct user of a resource. When a user joins a project as a role, the user has the right to use the resources in the project. Depending on the role rights, the user has different rights to manage the platform resources.

User source

  • Synchronizes users on LDAP authentication sources and authentication sources with “auto-create users” enabled.
  • After the system is deployed, an administrator user is created by default, who joins the system project with the role of admin, and is the super administrator of the system with system backend privileges. After the system deployment is completed, users can use this role to log in to the cloud management platform for configuration operations.
  • Create local users.

Entry: In the cloud management platform, click the top left corner of navigation menu, and click “IAM & Security/IAM/User” menu item in the left menu bar that pops up to enter the user page.

Create user

This function is used to create a user.

  1. On the user page, click the “Create” button at the top of the list to enter the Create User page.
  2. Configure the following parameters.
    • Name: The name of the user.
    • Password: The password of the user.
    • Domain: Select the domain to which the user belongs.
    • Display name: The display name of the user.
    • Login Console: Set whether the user has the permission to login to the cloud management platform.
    • Enable MFA: Multi-Factor Authentication, a multi-factor authentication based on TOTP technology, users need to pass two types of authentication to log in to the OneCloud platform. That is, in addition to user name and password, you also need to use MFA security code to verify login. Please ensure that two-factor authentication is enabled in the global configuration, otherwise MFA cannot be enabled at the user.
  3. Click the “OK” button to enter the Add User to Project (optional) page.
  4. If you need to add a project, configure the following parameters, when the configuration is complete, click the “Join” button to add the user to the project.
    • Project: Select the domain and project that the user needs to join.
    • Role: Set the role of the user when joining the project, different roles have different privileges.
  5. If you don’t need to join the project, just click “Skip” button.

Import Users

This function is used to import local users in batch. Users need to prepare an Excel file containing user information in advance.

  1. On the Users page, click the “Import Users” button at the top of the list to bring up the Import Users dialog box.

  2. To import user information in a predefined format, please download the template and add user information in the downloaded user_template.xlsx file, all user information should be added in one sheet page.

  3. Drag and drop the Excel file containing user information to the dotted box or click “Click to upload” button to upload the file and batch import local sql users.

Modify Properties

This function is used to modify user login console and enable MFA properties.

User Modify Attributes

  1. On the User page, click the “Modify Attributes” button in the action bar to the right of the user to flex the Modify Attributes dialog box.
  2. Configure the following parameters.
    • Display name: The display name of the user.
    • Login Console: Set whether the user has the permission to login to the cloud management platform.
    • Enable MFA: Multi-Factor Authentication, a multi-factor authentication based on TOTP technology, users need to pass two types of authentication to log in to the OneCloud platform. That is, in addition to user name and password, you also need to use MFA security code to verify login. Please ensure that two-factor authentication is enabled in the global configuration, otherwise MFA cannot be enabled at the user.
  3. click the “OK” button.

Batch Modify Properties

  1. Check one or more users in the user list, click the**_“Batch Action”_** button at the top of the list, and select the drop-down menu **_“Modify Properties”_** menu item to bring up the Modify Properties dialog box.
  2. Select whether to enable Login Console and enable MFA, and click “OK” button.

Enable

This feature is used to enable users with “disabled” status.

Enable

  1. On the user page, click the “More” button in the action bar to the right of the user, and select the drop-down menu item “Enable” to bring up the action confirmation dialog. Click the “OK” button to enable the user in the “Disabled” status.
  2. Enabled users can log in and use the cloud management platform normally.

Batch Enable

  1. Check one or more “disabled” users in the user list, click the**_“Batch Action”_** button at the top of the list, select the drop-down menu **_“Enable”_** menu item, and the operation confirmation dialog box pops up. Click the **_“OK”_** button to enable the users with “Disabled” status in batch.
  2. Enabled users can log in and use the cloud management platform normally.

Disable

This function is used to disable users in the “enabled” state. Users in the disabled state cannot successfully log in to the management platform, and if they are disabled when they are already logged in to the cloud management platform, they cannot be forced to log out, and their next login will fail after logging out.

Disable

  1. On the user page, click the “More” button in the operation column on the right side of the user, and select the “Disable” menu item to bring up the operation confirmation dialog. Click the “OK” button to disable the user.
  2. Users with “Disabled” status are prohibited from signing in the cloud management platform.

Batch Disable

  1. Check one or more users with “Enabled” status in the user list, click the “Batch Action” button at the top of the list, and select the “Disable” menu item in the drop-down menu to bring up the operation confirmation dialog. Click the “OK” button to disable the user.
  2. Users with “Disabled” status are prohibited from using the cloud management platform.

Reset Password

Only sql authentication source users are supported to reset their passwords.

  1. In the user page, click the “Change Password” button on the right side of the user who needs to change the password to bring up the Reset User Password dialog box.
  2. Enter the password and click the “OK” button.

Manage Projects

This function is used to manage the projects added by users, and supports adding and removing projects as well as modifying users' roles in the projects, etc.

Join Project

This function is used to add users to a project in batch.

  1. On the user page, click the “More” button in the action bar on the right side of the user, and select the drop-down menu “Manage Projects” menu item to enter the Details - Joined Projects page.
  2. Click the “Join Project” button at the top of the list to bring up the Join Project dialog box.
  3. Select Domain, Project, Role, and click “OK” button to add the user to the project with the specified role.

Modify Role

This function is used to modify the user’s role in the project.

  1. On the User page, click the “Manage Projects” button in the action column to the right of the user to enter the Details - Manage Projects page.
  2. Click the “Modify Role” button on the right column of the project to bring up the Modify Role dialog box.
  3. After modifying the role, click “OK” button to finish the operation.

Remove Project

This function is used to move the user out of the project.

Remove

  1. On the user page, click the “Manage Projects” button on the right action bar of the user to enter the Details - Manage Projects page.
  2. Click the “Remove” button on the right action bar of the item you belong to to bring up the action confirmation dialog.
  3. Click the “OK” button to remove the user from the project.

Batch Removal

  1. On the User page, click the “Manage Projects” button in the action bar to the right of the user to enter the Details - Manage Projects page.
  2. Select one or more items in the list and click the “Remove” button at the top of the list to bring up the action confirmation dialog.
  3. Click the “OK” button to move the user out of the project.

Delete

This function is used to delete a user.

Individual Delete

  1. On the user page, click the “More” button in the action bar on the right side of the user, and select the “Delete” menu item in the drop-down menu to bring up the action confirmation dialog box.
  2. Click the “OK” button to complete the operation.

Batch Delete

  1. Check one or more users in the user list, click the**_“Batch Action”_** button at the top of the list, select the drop-down menu **_“Delete”_** menu item, and the operation confirmation dialog box pops up.
  2. Click the “OK” button to complete the operation.

View User Details

This function is used to view the information of the user’s projects, direct projects and groups.

  1. On the user page, click the user name item to enter the user details page.
  2. The menu item at the top of the details page supports managing users.
  3. View the following information.
    • Basic Information: Including Cloud ID, ID, name, status, domain, project, enable status, console login, MFA, number of groups they belong to, number of projects they belong to, authentication source, created at, updated at, and description.
    • Other information: Including last login IP address, last access method, last login time, password expiration time.

Joined groups management

This function is used to manage the groups that users have joined, and supports joining and exiting groups.

Join group

This function is used to add users to groups.

  1. On the User page, click the user name item to enter the user details page.
  2. Click the “Joined Groups” tab to enter the joined groups page.
  3. Click the “Join Group” button at the top of the list to bring up the Join Group dialog box.
  4. Click the “OK” button to add the user to the group.

Quit Group

This function is used to exit the user from the group.

Exit

  1. On the Users page, click the User Name item to enter the User Details page.
  2. Click the Joined Groups tab to enter the Joined Groups page.
  3. Click the “Exit Group” button on the right action bar of the group to bring up the action confirmation dialog box.
  4. Click the “OK” button to complete the operation.

Batch Exit

  1. On the Users page, click the User Name item to enter the User Details page. Click the Joined Groups tab to enter the Joined Groups page.
  2. Check one or more groups in the list, and click the “Exit Group” button at the top of the list to bring up the action confirmation dialog box.
  3. Click the “OK” button to complete the operation.

Cloud User Management

Cloud user is the user on the public cloud platform. This feature is used to manage the cloud user information associated with local users.

Create Cloud User

This function is used to create a cloud user for a local user on any public cloud platform. After successful creation, the local user can view the associated cloud user information in the user information at user on cloud and support convenient login to the public cloud platform using the cloud user. Only after the local user joins the project, the new cloud user is supported.

  1. On the user page, click the user name item to enter the user details page.
  2. Click the “Cloud Users” tab to enter the Cloud Users page.
  3. Click the “Create Cloud User” button at the top of the list to bring up the Create Cloud User dialog box.
  4. Set the following information.
    • Project: Select the project that the user has joined, and subsequently filter the optional cloud accounts based on the domain where the project is located.

    • Cloud account: Select the corresponding platform (Ctyun Cloud and UCloud are not supported), and filter the optional cloud accounts by platform.

    • Cloud subscriptions: Only Google Cloud needs to set this parameter, Google Cloud subscriptions correspond to Google Cloud items. Specifying cloud subscription means adding the corresponding items for the specified Google Cloud account.

    • User name: Set the name of the cloud user, which will be used to create users in the corresponding public cloud platform (except Google Cloud). Google Cloud must be filled in with an existing account.

    • Cloud user group: Add the cloud user to the cloud user group and the cloud user will have all the permissions of the cloud user group.

    • Email: Configure the mailbox to receive the creation of cloud user information. When “Send create cloud user email” is checked, creation information will be sent the Email address.

  5. Click the “OK” button to complete the operation.

Delete cloud user

This function is used to delete the cloud user. The deletion operation will delete the corresponding user on the corresponding public cloud platform.

Delete

  1. On the user page, click the user name item to enter the user details page.
  2. Click the Cloud Users tab to enter the Cloud Users page.
  3. Click the “Delete” button on the right column of the cloud user to bring up the operation confirmation dialog.
  4. Click the “OK” button to complete the operation.

Batch Delete

  1. On the user page, click the user name item to enter the user details page.
  2. Click the Cloud Users tab to enter the Cloud Users page.
  3. Select one or more cloud users in the list, and click the “Delete” button at the top of the list to bring up the operation confirmation dialog.
  4. Click the “OK” button to complete the operation.

User management for password-free login

This function is used to manage the public cloud platform where users can log in without password.

Create user

This function is used to set the local users in the system as the unclassified login users of the public cloud platform.

  1. On the cloud account page, click the cloud account name item of the public cloud platform to enter the cloud account details page.
  2. Click the “Free Login User” tab to enter the Free Login User page.
  3. Click the “Create” button to bring up the Create unclassified login user.
  4. Configure the following information.
    • Associated local user: The current user is the associated local user.
    • Project: Select the project that the user has joined, and then filter the optional cloud account according to the domain where the project is located.
    • Cloud account: Select the corresponding platform and cloud account. At present, only Tencent cloud platform is supported.
    • Cloud user group: Select the cloud user group that the user has joined, and the user will log in to the public cloud platform according to the permission on the cloud user group.
  5. Click the “OK” button to complete the operation.

Delete unclassified login user

This function is used to delete the user with unclassified login. After deletion, the user in the system will not be able to login to the public cloud with unclassified login again.

Delete unclassified login user

  1. In the cloud account page, click the cloud account name of the public cloud platform to enter the cloud account details page.
  2. Click the “Free Login Users” tab to enter the Free Login Users page.
  3. Click the “Delete” button in the operation column on the right side of the user to bring up the operation confirmation dialog.
  4. Click “OK” button to finish the operation.

Batch delete users without password

  1. On the cloud account page, click the cloud account name item of the public cloud platform to enter the cloud account details page.
  2. Click the “Free Login Users” tab to enter the Free Login Users page.
  3. Select one or more users in the list, and click the “Delete” button to bring up the operation confirmation dialog.
  4. Click the “OK” button to complete the operation.

View cloud user details

This function is used to view cloud user details.

  1. On the user page, click the user name item to enter the user details page.
  2. Click the “Cloud Users” tab to enter the cloud user page.
  3. Click the cloud user name item to enter the cloud user details page.
  4. View the following information: Cloud ID, ID, name, status, domain, project, platform, login address, associated local user, console login, created at, updated at, and description.

View cloud user associated cloud user group

This feature is used to view the cloud user groups associated with the cloud user and supports the operation to remove the cloud user from the cloud user group.

Remove cloud user group

This function is used to remove the cloud user from the cloud user group.

Remove

  1. On the user page, click the user name item to enter the user details page.
  2. Click the Cloud Users tab to go to the Cloud Users page.
  3. Click the Cloud User Name item to enter the Cloud User Details page.
  4. Click the “Cloud User Group” tab to enter the cloud user group page.
  5. Click the “Delete” button on the right action column of the cloud user group to bring up the action confirmation dialog.
  6. Click the “OK” button to complete the operation.

Batch Remove

  1. On the user page, click the user name item to enter the user details page.
  2. Click the Cloud Users tab to enter the Cloud Users page.
  3. Click the cloud user name item to enter the cloud user details page.
  4. Click the Cloud User Group tab to enter the Cloud User Group page.
  5. Select one or more cloud user groups in the list and click the “Delete” button at the top of the list to bring up the action confirmation dialog.
  6. Click the “OK” button to complete the operation.

View the operation log of the cloud user

This function is used to view the operation logs of the cloud user related operations.

  1. On the user page, click the user name item to enter the user details page.
  2. Click the Cloud Users tab to enter the Cloud Users page.
  3. Click the cloud user name item to enter the cloud user details page.
  4. Click the Operation Log tab to enter the Operation Log page.
    • Load More Logs: In the Operation Logs page, the list shows 20 operation logs by default. To view more operation logs, please click the “Load More” button to get more logs.
    • View Log Details: Click the “View” button on the right column of the operation log to view the log details. Copy details are supported.
    • View logs of specified time period: If you want to view the operation logs of a certain time period, set the specific date in the start date and end date at the top right of the list to query the log information of the specified time period.
    • Export logs: Currently, only the logs displayed on this page are supported to be exported. Click the upper-right corner of icon, set the export data column in the pop-up Export Data dialog box, and click the “OK” button to export the logs.

View Operation Logs

This function is used to view the log information of user-related operations.

  1. On the User page, click the User Name item to enter the User Details page.
  2. Click the Operation Log tab to enter the Operation Log page.
    • Load More Logs: In the Operation Logs page, the list shows 20 operation logs by default. To view more operation logs, please click the “Load More” button to get more logs.
    • View Log Details: Click the “View” button on the right column of the operation log to view the log details. Copy details are supported.
    • View logs of specified time period: If you want to view the operation logs of a certain time period, set the specific date in the start date and end date at the top right of the list to query the log information of the specified time period.
    • Export logs: Currently, only the logs displayed on this page are supported to be exported. Click the upper-right corner of icon, set the export data column in the pop-up export data dialog, and click the “OK” button to export the logs.