Retrieve user accounts in the cluster

security login show

Learn more

DOC /security/accounts

Parameters

Name	Type	In	Required	Description
password_hash_algorithm	string	query	False	Filter by password_hash_algorithm Introduced in: 9.11
applications.second_authentication_method	string	query	False	Filter by applications.second_authentication_method Introduced in: 9.7
applications.is_ns_switch_group	boolean	query	False	Filter by applications.is_ns_switch_group Introduced in: 9.15
applications.application	string	query	False	Filter by applications.application Introduced in: 9.7
applications.authentication_methods	string	query	False	Filter by applications.authentication_methods Introduced in: 9.7
applications.is_ldap_fastbind	boolean	query	False	Filter by applications.is_ldap_fastbind Introduced in: 9.14
role.name	string	query	False	Filter by role.name Introduced in: 9.7
scope	string	query	False	Filter by scope Introduced in: 9.7
owner.name	string	query	False	Filter by owner.name Introduced in: 9.7
owner.uuid	string	query	False	Filter by owner.uuid Introduced in: 9.7
comment	string	query	False	Filter by comment Introduced in: 9.7
locked	boolean	query	False	Filter by locked Introduced in: 9.7
name	string	query	False	Filter by name Introduced in: 9.7 maxLength: 64 minLength: 3
fields	array[string]	query	False	Specify the fields to return.
max_records	integer	query	False	Limit the number of records returned.
return_records	boolean	query	False	The default is true for GET calls. When set to false, only the number of records is returned. Default value: 1
return_timeout	integer	query	False	The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached. Default value: 15 Max value: 120 Min value: 0
order_by	array[string]	query	False	Order results by specified fields and optional [asc

Name

Type

In

Required

Description

password_hash_algorithm

string

query

False

Filter by password_hash_algorithm

Introduced in: 9.11

applications.second_authentication_method

string

query

False

Filter by applications.second_authentication_method

Introduced in: 9.7

applications.is_ns_switch_group

boolean

query

False

Filter by applications.is_ns_switch_group

Introduced in: 9.15

applications.application

string

query

False

Filter by applications.application

Introduced in: 9.7

applications.authentication_methods

string

query

False

Filter by applications.authentication_methods

Introduced in: 9.7

applications.is_ldap_fastbind

boolean

query

False

Filter by applications.is_ldap_fastbind

Introduced in: 9.14

role.name

string

query

False

Filter by role.name

Introduced in: 9.7

scope

string

query

False

Filter by scope

Introduced in: 9.7

owner.name

string

query

False

Filter by owner.name

Introduced in: 9.7

owner.uuid

string

query

False

Filter by owner.uuid

Introduced in: 9.7

comment

string

query

False

Filter by comment

Introduced in: 9.7

locked

boolean

query

False

Filter by locked

Introduced in: 9.7

name

string

query

False

Filter by name

Introduced in: 9.7
maxLength: 64
minLength: 3

fields

array[string]

query

False

Specify the fields to return.

max_records

integer

query

False

Limit the number of records returned.

return_records

boolean

query

False

The default is true for GET calls. When set to false, only the number of records is returned.

Default value: 1

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.

Default value: 15
Max value: 120
Min value: 0

order_by

array[string]

query

False

Order results by specified fields and optional [asc

Response

Status: 200, Ok

Name	Type	Description
_links	_links
num_records	integer	Number of records
records	array[account]

Name

Type

Description

_links

num_records

integer

Number of records

records

array[account]

Example response

{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "num_records": 1,
  "records": [
    {
      "_links": {
        "self": {
          "href": "/api/resourcelink"
        }
      },
      "applications": [
        {
          "application": "string",
          "authentication_methods": [
            "string"
          ],
          "second_authentication_method": "string"
        }
      ],
      "comment": "string",
      "name": "joe.smith",
      "owner": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "svm1",
        "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
      },
      "password_hash_algorithm": "sha512",
      "role": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "admin"
      },
      "scope": "string"
    }
  ]
}

Error

Status: Default, Error

Name	Type	Description
error	returned_error

Name

Type

Description

error

returned_error

Example error

{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name	Type	Description
href	string

Name

Type

Description

href

string

_links

Name	Type	Description
next	href
self	href

Name

Type

Description

self

href

_links

Name	Type	Description
self	href

Name

Type

Description

self

href

account_application

Name	Type	Description
application	string	Applications
authentication_methods	array[string]
is_ldap_fastbind	boolean	Optional property that specifies the mode of authentication as LDAP Fastbind.
is_ns_switch_group	boolean	Optional property that specifies whether the user is an LDAP or NIS group.
second_authentication_method	string	An optional additional authentication method for multi-factor authentication (MFA). This property is only supported for SSH (ssh) and Service Processor (service_processor) applications. It is ignored for all other applications. Time-based One-Time Passwords (TOTPs) are only supported with the authentication method password or public key. For the Service Processor (service_processor) application, none and publickey are the only supported enum values.

Name

Type

Description

application

string

Applications

authentication_methods

array[string]

is_ldap_fastbind

boolean

Optional property that specifies the mode of authentication as LDAP Fastbind.

is_ns_switch_group

boolean

Optional property that specifies whether the user is an LDAP or NIS group.

second_authentication_method

string

An optional additional authentication method for multi-factor authentication (MFA). This property is only supported for SSH (ssh) and Service Processor (service_processor) applications. It is ignored for all other applications. Time-based One-Time Passwords (TOTPs) are only supported with the authentication method password or public key. For the Service Processor (service_processor) application, none and publickey are the only supported enum values.

owner

Owner name and UUID that uniquely identifies the user account.

Name	Type	Description
_links	_links
name	string	The name of the SVM. This field cannot be specified in a PATCH method.
uuid	string	The unique identifier of the SVM. This field cannot be specified in a PATCH method.

Name

Type

Description

_links

name

string

The name of the SVM. This field cannot be specified in a PATCH method.

uuid

string

The unique identifier of the SVM. This field cannot be specified in a PATCH method.

role

Name	Type	Description
_links	_links
name	string	Role name

Name

Type

Description

_links

name

string

Role name

account

Name	Type	Description
_links	_links
applications	array[account_application]
comment	string	Optional comment for the user account.
locked	boolean	Locked status of the account.
name	string	User or group account name
owner	owner	Owner name and UUID that uniquely identifies the user account.
password_hash_algorithm	string	Password hash algorithm used to generate a hash of the user's password for password matching.To modify "password_hash_algorithm", use REST API "/api/security/authentication/password".
role	role
scope	string	Scope of the entity. Set to "cluster" for cluster owned objects and to "svm" for SVM owned objects.

Name

Type

Description

_links

applications

array[account_application]

comment

string

Optional comment for the user account.

locked

boolean

Locked status of the account.

name

string

User or group account name

owner

Owner name and UUID that uniquely identifies the user account.

password_hash_algorithm

string

Password hash algorithm used to generate a hash of the user's password for password matching.To modify "password_hash_algorithm", use REST API "/api/security/authentication/password".

role

scope

string

Scope of the entity. Set to "cluster" for cluster owned objects and to "svm" for SVM owned objects.

error_arguments

Name	Type	Description
code	string	Argument code
message	string	Message argument

Name

Type

Description

code

string

Argument code

message

string

Message argument

returned_error

Name	Type	Description
arguments	array[error_arguments]	Message arguments
code	string	Error code
message	string	Error message
target	string	The target parameter that caused the error.

Name

Type

Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.

Retrieve user accounts in the cluster

Creating your file...

Related ONTAP commands

Learn more

Parameters

Response

Error

Definitions