This post is regarding how to add a new Os admin user and what privilege these users can be given.

Command to create a new OS admin users

set account name NEWUSERName

User Privilege

The privilege level can be 0 or 1 for the new user, it can not have the same privilege level as original username. However, it does allow you access and modification privileges on OS Admin and DRS pages just like the original OS user.

Privilege level 0: Specifies an ordinary privilege level. Users with ordinary privileges can run CLI commands with privilege level 0 only.

Privilege level 1: Specifies an advanced privilege level. Users with advanced privileges can run CLI commands with privilege level 1 and below,

The administrator account that the system creates when Unified CM installs has a privilege level of 4. The administrator can run all commands in the CLI

Example

admin:set account name NEWUSER
Privilege Levels are:
Ordinary – Level 0
Advanced – Level 1

Please enter the privilege level :4
privilege level must be 0 or 1, please try again…

Please enter the privilege level :1

Allow this User to login to SAML SSO-enabled system through Recovery URL ? (Yes / No) :yes

To authenticate a platform login for SSO, a Unique Identifier (UID) must be provided that identifies this user to LDAP (such as sAMAccountName or UPN).
Please enter the appropriate LDAP Unique Identifier (UID) for this user:[ NEWUSER ]
Storing the default SSO UID value as username

   Please enter the password :********
         re-enter to confirm :********

Account successfully created. This user must login to the CLI and update the password before they can login to OS Administration.

show account
Account = admin, Privilege = 4, UidValue = admin, SSORecoveryUrlAccess = yes
Account = NEWUSER , Privilege = 1, UidValue = mhdcisco, SSORecoveryUrlAccess = y