---
title: "Manage Local Users"
slug: "manage-local-users"
updated: 2024-12-13T06:57:01Z
published: 2024-12-13T06:57:01Z
canonical: "docs.zpesystems.com/manage-local-users"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.zpesystems.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Manage Local Users

**NOTE**

Regardless of activation options, users can change their passwords at any time.

### Add Local User

1. Go to *Security :: Local Accounts*.
2. Click **Add** (displays dialog).

![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/image-1708001077830.png)
3. Enter **Username.**
4. On the ***Account Type*****menu, select one.
  - **Regular Account** radio button (expands dialog).

![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/image-1708001488252.png)
    - Enter **Password** and **Confirm Password**(If the password is in a hash format, select the **Hash Format Password** checkbox.). Alternatively, select **Require password change at the login time** checkbox.

***Note:***

***Set the password based on the rules defined under the Security :: Password Rules tab. You can change the rules from the same tab.***
  - **API Account**radio button
    - An API Account will only have access to API requests (not CLI nor WebUI). The API Key can be used directly for API requests authentication in any endpoint, using the `api_key` and `username` headers instead of authenticating to get a ticket and then using the `ticket`header. For example:

ShellShell

** **

```shell
curl -X GET "https://nodegrid/api/v1/system/preferences" \
    -H "accept: application/json" -H "Content-Type: application/json" \
    -H "api_key: 0PPEC37CuhKJ68fHEh+ihfjh7nW0tZfDAg==" \
    -H "username: myapiuser" -k
```
    - To turn the user into an API Account, select the **API Account** option. The API Key will be automatically generated and displayed.

![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/image-1678883614286.png)
    - On the **API Key**, follow this instruction: "*Copy and store the API Key as it will not be possible to recover it after clicking on Save button.*"
5. (optional) **Account Expiration Date (YYYY-MM-DD)**.
6. On the *User Group* panel, select from the left-side panel, and click **Add**► to move to the right-side panel. To remove from the right-side panel, select, and click ◄**Remove**.
7. Click **Save**.

### Edit Local User

1. Go to *Security :: Local Accounts*.
2. Locate and select checkbox next to username.
3. Click **Edit** (displays dialog).
4. Make changes as needed.
5. Click **Save**.

### Delete Local User

Deleting a local user account on your Nodegrid device involves removing a user profile and all associated data, such as files, settings, and installed applications. This step is crucial when a user no longer requires access to the device. Removing unused accounts helps protect your device from unauthorized access, safeguarding sensitive information.

#### Web UI Procedure

1. Go to *Security :: Local Accounts*.
2. Locate and select checkbox next to username.
3. Click **Delete**.
4. On the confirmation dialog, click **OK**.

#### CLI Procedure

Use the delete command to delete the user account using CLI.

**Syntax**

```plaintext
[admin@nodegrid /]# delete
```

**Parameters**

| Parameter | Description |
| --- | --- |
| delete <target> | Delete one target |
| delete - | Deletes ALL targets |
| delete <target1>,<target2> | Deletes multiple targets |

**Arguments**

| Arguments | Description |
| --- | --- |
| -f, --force | Skips all confirmation prompts |
| -q, --quiet | Hides all error and warning messages |
| -fq, -qf | Arguments can be combined for simultaneous functionality |

**Examples**

To delete users:

```plaintext
[admin@nodegrid local_accounts]# show
  username  state     user group  type
  ========  ========  ==========  =======
  admin     Unlocked  admin       Regular
  user1     Unlocked  user        Regular
  user2     Unlocked  user        Regular
[admin@nodegrid local_accounts]# delete -
are you sure you want to delete this user from the local database? (yes, no) : yes
Warning: Protected users cannot be deleted
[+admin@nodegrid local_accounts]# show
  username  state     user group  type
  ========  ========  ==========  =======
  admin     Unlocked  admin       Regular
```

To delete users by including - -force and - -quiet arguments. The - -force argument deletes the users without a confirmation message and the - -quiet argument suppresses error and warning messages, making it ideal for automation deployment.

To delete users by including - -force argument:

```plaintext
[admin@nodegrid local_accounts]# show
  username  state     user group  type
  ========  ========  ==========  =======
  admin     Unlocked  admin       Regular
  user1     Unlocked  user        Regular
  user2     Unlocked  user        Regular
[admin@nodegrid local_accounts]# delete - -- 
--force  --quiet
[+admin@nodegrid local_accounts]# delete - --force
Warning: Protected users cannot be deleted
  [+admin@nodegrid local_accounts]# show
  username  state     user group  type
  ========  ========  ==========  =======
  admin     Unlocked  admin       Regular
```

To delete users by including - -quiet argument:

```plaintext
[admin@nodegrid local_accounts]# show
  username  state     user group  type
  ========  ========  ==========  =======
  admin     Unlocked  admin       Regular
  user1     Unlocked  user        Regular
  user2     Unlocked  user        Regular
[admin@nodegrid local_accounts]# delete - -- 
--force  --quiet
[+admin@nodegrid local_accounts]# delete - --quiet
are you sure you want to delete this user from the local database? (yes, no) : yes
  [+admin@nodegrid local_accounts]# show
  username  state     user group  type
  ========  ========  ==========  =======
  admin     Unlocked  admin       Regular
```

To delete users by combining both the - -force and - -quiet arguments:

```plaintext
[admin@nodegrid local_accounts]# show
  username  state     user group  type
  ========  ========  ==========  =======
  admin     Unlocked  admin       Regular
  user1     Unlocked  user        Regular
  user2     Unlocked  user        Regular
[admin@nodegrid local_accounts]# delete - -- 
--force  --quiet
[+admin@nodegrid local_accounts]# delete - --force --quiet
[+admin@nodegrid local_accounts]# show
  username  state     user group  type
  ========  ========  ==========  =======
  admin     Unlocked  admin       Regular
```

> [!NOTE]
> NOTE:
> 
> There are also short forms for the - -force and - -quiet arguments. The following are these arguments:
> 
> | -f | - -force argument |
> | --- | --- |
> | -q | - -quiet argument |
> | -fq -qf | - -force - -quiet arguments combined |

### Lock Local User

The administrator can lock a user out of the device.

1. Go to *Security :: Local Accounts*.
2. Locate and select checkbox next to username.
3. Click **Lock** (locks user out of device).

### Unlock Local User

As needed, the administrator can unlock a user.

1. Go to *Security :: Local Accounts*.
2. Locate and select checkbox next to username.
3. Click **Unlock** (allows user access)

There is a function whereby the user is authorized by an external authentication provider (LDAP, AD, or TACACS+) and the Local user account is locked. The user can authenticate with the sshkey, but permissions are enforced based on his group permissions with the external authentication provider.

### Hash Format Password

As needed, the administrator can use a hash format password, rather than plain password. This can be used for scripts (avoids requiring scripts to use actual user passwords). The hash password must be generated separately beforehand. Use a hash password generator. These applications (OpenSSL, chpasswd, mkpasswd) use MD5, SHA256, SHA512 engines.

### Hash Format

#### CLI Procedure

The Nodegrid Platform has an OpenSSL version. In the Console, use this:

```plaintext
root@nodegrid:~# openssl passwd -1 -salt mysall
Password:
$1$mysall$YBFr9On0wjde5be32mC1g1
```

### Generate a new API key for a User

In the *Type* column, the user must have a value of **API**.

1. Go to *Security :: Local Accounts*.
2. Locate and click the user’s name – *Type* column must be **API** (displays dialog). (Alternatively, select checkbox and click **Edit**.) ![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/image-1678883869269.png)
3. Click **Reset API Key**.

**IMPORTANT**

The new key is displayed in the API Key field. Copy the key and save in a secure location.
4. Click **Save**.