Skip to main content
A newer release of this product is available.

Update a user account

Contributors

PATCH /security/accounts/{owner.uuid}/{name}

Updates a user account. Locks or unlocks a user account and/or updates the role, applications, and/or password for the user account.

Required parameters

  • name - Account name to be updated.

  • owner.uuid - UUID of the SVM housing the user account to be updated.

Optional parameters

  • applications - Array of one or more tuples (of application and authentication methods).

  • role - RBAC role for the user account.

  • password - Password for the user account (if the authentication method is opted as password for one or more of applications).

  • second_authentication_method - Needed for MFA and only supported for ssh application. Defaults to none if not supplied.

  • comment - Comment for the user account (e.g purpose of this account).

  • locked - Set to true/false to lock/unlock the account.

  • security login create

  • security login modify

  • security login password

  • security login lock

  • security login unlock

Parameters

Name Type In Required Description

owner.uuid

string

path

True

Owner UUID of the account.

name

string

path

True

User account name

Request Body

Name Type Description

_links

_links

applications

array[account_application]

comment

string

Optional comment for the user account.

locked

boolean

Locked status of the account.

name

string

User or group account name

owner

owner

Owner name and UUID that uniquely identifies the user account.

password

string

Password for the account. The password can contain a mix of lower and upper case alphabetic characters, digits, and special characters.

role

role_reference

scope

string

Scope of the entity. set to "cluster" for cluster owned objects and to "svm" for SVM owned objects.

Example request
{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "applications": [
    {
      "application": "string",
      "authentication_methods": [
        "string"
      ],
      "second_authentication_method": "string"
    }
  ],
  "comment": "string",
  "name": "joe.smith",
  "owner": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  },
  "password": "string",
  "role": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "admin"
  },
  "scope": "string"
}

Response

Status: 200, Ok

Error

Status: Default

ONTAP Error Response Codes

Error Code Description

7077906

A role with that name has not been defined for the Vserver.

7077918

Password cannot contain the username.

7077919

Minimum length for new password does not meet the policy.

7077920

New password must have both letters and numbers.

7077921

Minimum number of special characters required do not meet the policy.

7077929

Cannot lock user with non-password authentication method.

7077940

Password exceeds maximum supported length.

7077941

The defined password composition exceeds the maximum password length of 128 characters.

7078900

The admin password is not set. Set the password by including it in the request.

7077911

The user is not configured to use the password authentication method.

7077896

Cannot lock the account of the last console admin user.

7077924

New password must be different than last N passwords.

7077925

New password must be different to the old password.

5636096

Cannot perform the operation for this user account since the password is not set.

5636097

Operation for User account failed since user password is not set.

5636100

User modification is not supported for service-processor application.

5636125

Operation not supported on autosupport user account which is reserved.

5636129

Role does not exist.

5636159

For a given user and application, if the second-authentication-method is specified, only one such login entry is supported.

5636154

The second-authentication-method parameter is supported for ssh application.

5636155

The second-authentication-method parameter can be specified only if the authentication-method password or public key nsswitch.

5636156

The same value cannot be specified for the second-authentication-method and the authentication-method.

5636157

If the authentication-method is domain, the second-authentication-method cannot be specified.

5636164

If the value for either the authentication-method second-authentication-method is nsswitch or password, the other parameter must differ.

5636174

You are not authorized to change the password for other users.

Name Type Description

error

error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

self

href

account_application

Name Type Description

application

string

Applications

authentication_methods

array[string]

second_authentication_method

string

An optional additional authentication method for MFA. This only works with SSH as the application. It is ignored for all other applications.

owner

Owner name and UUID that uniquely identifies the user account.

Name Type Description

_links

_links

name

string

The name of the SVM.

uuid

string

The unique identifier of the SVM.

role_reference

Name Type Description

_links

_links

name

string

Role name

account

Name Type Description

_links

_links

applications

array[account_application]

comment

string

Optional comment for the user account.

locked

boolean

Locked status of the account.

name

string

User or group account name

owner

owner

Owner name and UUID that uniquely identifies the user account.

password

string

Password for the account. The password can contain a mix of lower and upper case alphabetic characters, digits, and special characters.

role

role_reference

scope

string

Scope of the entity. set to "cluster" for cluster owned objects and to "svm" for SVM owned objects.

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.