.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.TH nethsm-user-add 1  "nethsm-user-add " 
.SH NAME
nethsm\-user\-add \- Add a user
.SH SYNOPSIS
\fBnethsm user add\fR [\fB\-p\fR|\fB\-\-passphrase\-file\fR] [\fB\-a\fR|\fB\-\-auth\-passphrase\-file\fR] [\fB\-c\fR|\fB\-\-config\fR] [\fB\-l\fR|\fB\-\-label\fR] [\fB\-u\fR|\fB\-\-user\fR] [\fB\-h\fR|\fB\-\-help\fR] <\fIREAL_NAME\fR> [\fIROLE\fR] [\fINAME\fR] 
.SH DESCRIPTION
Add a user
.PP
Adds a new user by providing a real name and a user role.
If no user name is provided specifically, a random one is generated automatically by the target device.
If no passphrase is provided, it is prompted for interactively.
.PP
New users inherit the scope of the user that created them.
If a system\-wide user in the "Administrator" role creates a new user (e.g. "user1"), then that new user is also a system\-wide user.
As exception to this rule, a system\-wide user in the "Administrator" role can create namespaced users by providing a user name specifically (e.g. "namespace1~user1"), but only if the targeted namespace (i.e. "namespace1") does not yet exist (see "nethsm namespace add").
If a namespaced user in the "Administrator" role creates a new user, then that new user is also a user in that namespace.
If a namespaced user in the "Administrator" role (e.g. "namespace1~admin1") provides a specific user name, it must be in that same namespace (e.g. "namespace1~user1", not "namespace2~user1")!
.PP
The device must be in state "Operational".
.PP
Requires authentication of a user in the "Administrator" role.
.SH OPTIONS
.TP
\fB\-p\fR, \fB\-\-passphrase\-file\fR \fI<PASSPHRASE_FILE>\fR
The path to a file containing the new user\*(Aqs passphrase

The passphrase must be >= 10 and <= 200 characters long.
.RS
May also be specified with the \fBNETHSM_PASSPHRASE_FILE\fR environment variable. 
.RE
.TP
\fB\-a\fR, \fB\-\-auth\-passphrase\-file\fR \fI<AUTH_PASSPHRASE_FILE>\fR
The path to a file containing a passphrase for authentication

The passphrase provided in the file must be the one for the user chosen for the command.

This option can be provided multiple times, which is needed for commands that require multiple roles at once.
With multiple passphrase files ordering matters, as the files are assigned to the respective user provided by the "\-\-user" option.
.RS
May also be specified with the \fBNETHSM_AUTH_PASSPHRASE_FILE\fR environment variable. 
.RE
.TP
\fB\-c\fR, \fB\-\-config\fR \fI<CONFIG>\fR
The path to a custom configuration file

If specified, the custom configuration file is used instead of the default configuration file location.
.RS
May also be specified with the \fBNETHSM_CONFIG\fR environment variable. 
.RE
.TP
\fB\-l\fR, \fB\-\-label\fR \fI<LABEL>\fR
A label uniquely identifying a device in the configuration file

Must be provided if more than one device is setup in the configuration file.
.RS
May also be specified with the \fBNETHSM_LABEL\fR environment variable. 
.RE
.TP
\fB\-u\fR, \fB\-\-user\fR \fI<USER>\fR
A user name which is used for a command

Can be provided, if no user name is setup in the configuration file for a device.
Must be provided, if several user names of the same target role are setup in the configuration file for a device.

This option can be provided multiple times, which is needed for commands that require multiple roles at once.

.RS
May also be specified with the \fBNETHSM_USER\fR environment variable. 
.RE
.TP
\fB\-h\fR, \fB\-\-help\fR
Print help (see a summary with \*(Aq\-h\*(Aq)
.TP
<\fIREAL_NAME\fR>
The real name of the user that is created

This name is only used for further identification, but not for authentication!
.RS
May also be specified with the \fBNETHSM_REAL_NAME\fR environment variable. 
.RE
.TP
[\fIROLE\fR]
The role of the user that is created

One of ["Administrator", "Backup", "Metrics", "Operator"] (defaults to "Operator").
.RS
May also be specified with the \fBNETHSM_USER_ROLE\fR environment variable. 
.RE
.TP
[\fINAME\fR]
A unique name for the user that is created

This name must be unique as it is used for authentication!
.RS
May also be specified with the \fBNETHSM_USER_NAME\fR environment variable. 
.RE