Deletes a user from an HSM cluster. Only a Crypto Officer (CO) can run this command, and a CO cannot delete the user that is currently logged in.
Feature description
The deleteUser command removes a user from the HSM. A CO can delete any user type (CO, CU, or AU), except the user that is currently logged in.
Before running this command, make sure that you have started hsm_mgmt_tool, logged in to the HSM, and that your user type is authorized to run this command.
User types
The following user type can run this command. For descriptions of all user types, see HSM user permission table.
Administrator (CO)
Syntax
deleteUser <user-type> <user-name>Enter parameters in the order shown in the syntax.
Parameters
| Parameter | Description | Required | Valid values |
|---|---|---|---|
<user-type> | The type of user to delete. For descriptions of user types, see HSM user permission table. | Yes | CO, CU, AU |
<user-name> | The username of the user to delete. The username is case-insensitive. | Yes | No specific requirements |
Example
The following example deletes the CO user alice.
Run listUsers to get a list of all HSM users.
aws-cloudhsm> listUsers Users on server 0(172.16.0.2): Number of users found:4 User Id User Type User Name MofnPubKey LoginFailureCnt 2FA 1 CO admin NO 0 NO 2 AU app_user NO 0 NO 3 CU crypto_user NO 0 NO 4 CO alice NO 0 NODelete user
alice.cloudmgmt>deleteUser CO alice Deleting user alice(CO) on 1 nodes deleteUser success on server 0(172.16.0.2)Run listUsers to confirm the deletion.
cloudmgmt>listUsers Users on server 0(172.16.0.2): Number of users found:3 User Id User Type User Name MofnPubKey LoginFailureCnt 2FA 1 CO admin NO 0 NO 2 AU app_user NO 0 NO 3 CU crypto_user NO 0 NO