Managing User Accounts
Users need to authenticate as the login to SecureSync. The system administrator is responsible for maintaining a list of user accounts (user names, passwords etc.) via the MANAGEMENT > OTHER: Authentication screen of the SecureSync Web UI (HTTP/HTTPS). Note that user accounts CANNOT be created or edited via CLI commands using telnet or SSH.
Types of Accounts
There are three types of accounts:
Account Type | Permissions |
---|---|
"user" | These accounts are intended for users only e.g., operators. These "user" accounts are read-only accounts, i.e. they do not allow any editing rights and are restricted to reviewing status-related information. The Web UI will not show (or gray-out) any editing functionality. |
"admin" | Administrator accounts are intended to be used by system administrators. These accounts have writing access. You can add additional admin accounts to the pre-installed administrator account spadmin . |
"factory" | The default factory account with the username spfactory is meant to provide access to Safran technical support personnel. You can delete this account, if you so prefer. Note, however, that executing the Clean and Halt command will recreate the Factory account. |
About "user" Account Permissions
As outlined above – unlike "administrator" accounts – "user" accounts are read-only accounts, i.e. they do not allow any editing rights and are restricted to reviewing status-related information. Otherwise, the privileges assigned to admin groups are exactly the same whether logging in via the Web UI, or connecting via SSH.
While most menus look the same to "admin" and "user" type accounts(except the MANAGEMENT menu, see below), the screens and panels located below the main menus will differ in such that the "user" UI will show fewer (if any) configuration options:
The status information presented, however, will be largely identical.
The most significant differences are visible in the MANAGEMENT menu, since most of the Setup menus are hidden from "user" accounts:
INTERFACES Menu
"user" and "admin" accounts can view and modify all settings in these pages (can view/edit GNSS receiver, Outputs, and Option Cards).
MANAGEMENT Menu
Network: While the toggle switches in the Network Services panel are displayed, "user" cannot modify any of the network-related configurations (such as telnet, FTP, SSH and HTTP/HTTPS). The switches can be moved, but an error message will be displayed shortly thereafter.
Authentication: "user" can access this page but can only change his/her own password. Users cannot create any new accounts and cannot modify any accounts.
Reference Priority: "user" can access this page and modify settings.
Notifications: "user" can access this page and modify settings.
Time Management: "user" can access this page and modify settings.
Front panel: "user" can access this page and modify settings.
Log Configuration: "user" can access this page and modify settings.
Disciplining: "user" can access this page and modify settings.
Change my password: "user" can access this page and change only their password.
TOOLS Menu
Logs: "user" can view only the listed logs
Upgrade/Backup: "user" cannot perform any updates.
Reboot/Halt: "user" cannot reboot/shutdown/halt the unit.
Rules for Usernames
- Length: Usernames can be between 3 and 32 characters long.
- Accepted characters:
- All letters, including the first, must be lower-case.
- Numbers, underscores and dashes are accepted.
- Next to punctuation symbols, the following special characters are NOT accepted: ! @ # $ % ^ & * ( )
Adding/Deleting/Changing User Accounts
To access the Users list, and the Password Security panel:
- Navigate to MANAGEMENT > OTHER: Authentication.
- The Users panel on the right shows a list of all user accounts, including their Username, the Group to which that user account is assigned to, and any Notes about the user account:
SecureSync units are shipped with two default accounts:
- The "administrator" account (
spadmin
), and - The "factory" service account (
spfactory
).
Additional accounts may be added and deleted as desired. The number of accounts that can be setup is virtually unlimited.
Note: The password for the spadmin
account can be changed (and it is recommended to do so for security reasons). However, the spadmin
account name cannot be changed, and the account cannot be removed from SecureSync.
Note: The spfactory
account is for use by Safran service personnel. While the spfactory
account can be deleted by an administrator, it should be noted that this may potentially limit remotely provided technical support.
User accounts can be created to have either limited user or full administrator rights. Each user can be assigned his own login password.
- To ADD a user account, click the PLUS icon in the top-right corner of the Users screen.
- To DELETE a user account, click the Delete button in that account’s entry on the Users screen.
- To APPLY CHANGES to a user account, click the Change button next to the desired user account.
When either the Change button or the PLUS icon is clicked, the Add or Change User window appears:
- Enter a Username. (For rules, see Rules for Usernames.)
- Enter a Password. The password requirements are configurable, see Managing Passwords. By default a password can be any combination of upper- and lower-case characters. Minimum password length = 8 characters, maximum length = 32 characters.
- Repeat the new Password.
- In the Group field, choose the permission group to which you want the user to belong to: user or admin. The user permission level assigns permission to access and change all settings, with the following exceptions that are limited to the admin accounts:
- Changing network settings
- Adding and deleting user accounts
- Web Interface Settings
- Upgrading SecureSync system software
- Resetting the SecureSync configuration
- Clearing log files
- Changing Disciplining Setup options
- Changing configuration options for the following protocols or features:
- NTP
- HTTPS, SSH
- LDAP/RADIUS
- SNMP (with the exception of configuring SNMP notifications).
- In the Add or Change User window the Username field will be populated.
- To change it, type the new name.
- To change the user account’s password, type the new password in the Password field and confirm it in the Repeat New Password field. Note that the password requirements are configurable, see Managing Passwords.
- To change the user account’s user permission group, select the group from the drop-down menu.
For more information, see also Managing Passwords.