CLI – Managing Spectrum Connect users and groups

User accounts that can be used to access Spectrum Connect must be individually defined.

Use the sc_users CLI command to add, delete, or display user accounts and to change the password of any specific account. Use the sc_ldap_groups CLI command to add, delete, or display LDAP groups.

Use the required argument after the command, as specified in the following tables. In addition, you can configure the password reuse policy and security timeout using the sc_setting CLI command.

Note:

All CLI command arguments are case-sensitive.
The same operations are available from the GUI as well, as explained in Managing Spectrum Connect users and groups.
To define LDAP users or groups, you first need to configure the LDAP server. See CLI - Configuring the LDAP server.

Table 1. Arguments for sc_users
Argument	Use after sc_users to:
add -n <username> or add --user_name <username>	Add the username of the user that may access Spectrum Connect without creating a password for it. You can add more than one user. For example: `sc_users add -n johnvc`
add -n <username> -p <password> or add --user_name <username> --user_password <password>	Add the username and password of the user that may access Spectrum Connect. You can add more than one user. The minimum password length is seven characters and it must include at least one letter and one digit. For example: `sc_users add -n johnvc -p ********`
change_password -n <username> -p <new password> or change_password --user_name <username> --user_password <password>	Change the password of a user account that was already added. The password that you type for the specified username is set as the new password. The minimum password length is seven characters and it must include at least one letter and one digit. For example: `sc_users change_password -n johnvc -p **********`
delete -n <username> or delete --user_name <username>	Delete a user account from the server. For example: `sc_users delete -n johnvc`
list	Display the names of currently defined user accounts. For example: `sc_users list User Name Account Type Last Activity Existing on LDAP Server --------- ------------ ------------- ----------------------- admin LOCAL 20-04-30 03:27:04 N/A xavi1 LDAP 20-04-30 03:27:13 N/A xavi_admin LDAP 20-04-30 03:37:20 True`
-h or --help	Display help information that is relevant to sc_users. You can also display help for the add, change_password, or delete argument if it is typed on the command line as well.

Table 2. Arguments for sc_ldap_groups
Argument	Use after sc_ldap_groups to:
add -n <groupname> -f or add --group_name <groupname> --force	Add the groupname of the LDAP group from the LDAP server that may access Spectrum Connect without creating a password for it. You can add more than one group. For example: `sc_ldap_groups add -n testgroup1` Important: It is not recommended to add both a parent LDAP group and its child user/group at the same time. If you really need to do this, however, use the -f or --force argument to add the group.
delete -n <groupname> or delete --group_name <groupname>	Delete an LDAP group from the server. For example: `sc_ldap_groups delete -n testgroup1`
list	Display the names of currently defined LDAP groups. For example: `sc_ldap_groups list LDAP Group Name Last Activity Existing on LDAP Server --------------- ------------- ----------------------- testgroup1 20-04-30 03:37:30 True xavi_nest_g N/A N/A` Note: Spectrum Connect will check periodically and asynchronously if LDAP groups and users exist on the LDAP server when LDAP is enabled. If LDAP groups do not exist on the LDAP server, please delete them from Spectrum Connect via the web GUI or CLI.
-h or --help	Display help information that is relevant to sc_ldap_groups. You can also display help for the add or delete argument if it is typed on the command line as well.

Table 3. User-related arguments for sc_setting
Argument	Use after sc_setting to:
modify -n USER_PASSWORD_HISTORY_LEN -v <password retention number>	Prevent the user to submit a new password that is the same as any of the prior passwords for that account. For example, to prevent the user to submit a new password that is the same as the last four prior passwords, enter: `sc_setting modify -n USER_PASSWORD_HISTORY_LEN -v 4`
modify -n TOKEN_INACTIVITY_TIMEOUT -v <inactivity timeout in minutes>	Define a time period in minutes after which the Spectrum Connect GUI management session is terminated, if no user input is detected. By default, the timeout is set to 15 minutes. For example, to set the inactivity timeout to 20 minutes, enter: `sc_setting modify -n TOKEN_INACTIVITY_TIMEOUT -v 20`