Network Access Switch Owner's Manual
Managing system users and groups 221
9 Remove the admin user from the certadmin group.
Again, this step is only necessary if you want to fully separate
the Certificate Administrator user role from the Administrator user
role. Note however, that once the admin user is removed from
the certadmin group, only a user who is already a member of
the certadmin group can grant the admin user certadmin group
membership anew.
When the admin user is removed from the certadmin group,
only the Certificate Administrator user can access the Certificate
menu (
/cfg/cert).
>> User# edit admin
>> User admin# groups/list
1: admin
2: oper
3: certadmin
>> Groups# del 3
ATTENTION
It is critical that a Certificate Administrator user is created and
assigned certadmin group membership before the admin user is
removed from the certadmin group. Otherwise there is no way to
assign certadmin group membership to a new user, or to restore
certadmin group membership to the admin user, should it become
necessary.
10 Verify and apply the changes.
>> Groups# list
Old:
1: admin
2: oper
3: certadmin
Pending:
1: admin
2: oper
>> Groups# apply
--End--
Changing a users group assignment
Only users who are members of the admin group can remove other users
from a group. All users can add an existing user to a group, but only to
a group in which the "granting" user is already a member. The admin
user, who by default is a member of all three groups (admin, oper, and
certadmin) can therefore add users to any of these groups.
Nortel Secure Network Access Switch
Using the Command Line Interface
NN47230-100 03.01 Standard
28 July 2008
Copyright © 2007, 2008 Nortel Networks
.










