This topic explains how to delete users from HSM using the deleteUser command.
Feature description
The deleteUser command allows for the removal of HSM users. While CO users can delete any user, they cannot delete the user currently logged in. Only a Crypto Officer (CO) has the authority to execute this command.
Ensure you have initiated the hsm_mgmt_tool, logged onto the HSM, and that the logged-in user's type is authorized to use the command before executing it.
User types
The following user type can execute this command. For a description of user types, refer to HSM user permission table.
Administrator (CO)
Syntax
Enter the following syntax. For a description of the parameters, see Parameters.
deleteUser <user-type> <user-name>Parameters must be entered in the order specified by the syntax.
Example
The following example demonstrates deleting the CO user named alice.
Retrieve a list of all HSM users with the listUsers command.
aws-cloudhsm> listUsers Users on server 0(172.16.0.2): Number of users found:4 User Id User Type User Name MofnPubKey LoginFailureCnt 2FA 1 CO admin NO 0 NO 2 AU app_user NO 0 NO 3 CU crypto_user NO 0 NO 4 CO alice NO 0 NOProceed to delete the user alice.
cloudmgmt>deleteUser CO alice Deleting user alice(CO) on 1 nodes deleteUser success on server 0(172.16.0.2)Confirm the user's deletion with the listUsers command.
cloudmgmt>listUsers Users on server 0(172.16.0.2): Number of users found:3 User Id User Type User Name MofnPubKey LoginFailureCnt 2FA 1 CO admin NO 0 NO 2 AU app_user NO 0 NO 3 CU crypto_user NO 0 NO
Parameters
Parameter Name |
Description |
Required |
Valid Values |
<user-type> |
Specifies the type of user to delete. |
Yes |
Note
For user type descriptions, see HSM user permission table. |
<user-name> |
The username to delete, which is case-insensitive. |
Yes |
No specific requirements |