Create a new user account
POST /security/accounts
Creates a new user account.
Required parameters
-
name
- Account name to be created. -
applications
- Array of one or more application tuples (of application and authentication methods).
Optional parameters
-
owner.name
orowner.uuid
- Name or UUID of the SVM for an SVM-scoped user account. If not supplied, a cluster-scoped user account is created. -
role
- RBAC role for the user account. Defaulted toadmin
for cluster user account and tovsadmin
for SVM-scoped account. -
password
- Password for the user account (if the authentication method is opted as password for one or more of applications). -
second_authentication_method
- Needed for MFA and only supported for ssh application. Defaults tonone
if not supplied. -
comment
- Comment for the user account (e.g purpose of this account). -
locked
- Locks the account after creation. Defaults tofalse
if not supplied.
Related ONTAP commands
-
security login create
Learn more
Request Body
Name | Type | Description |
---|---|---|
_links |
||
applications |
array[account_application] |
|
comment |
string |
Optional comment for the user account. |
locked |
boolean |
Locked status of the account. |
name |
string |
User or group account name |
owner |
Owner name and UUID that uniquely identifies the user account. |
|
password |
string |
Password for the account. The password can contain a mix of lower and upper case alphabetic characters, digits, and special characters. |
role |
||
scope |
string |
Scope of the entity. set to "cluster" for cluster owned objects and to "svm" for SVM owned objects. |
Example request
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"applications": [
{
"application": "string",
"authentication_methods": [
"string"
],
"second_authentication_method": "string"
}
],
"comment": "string",
"name": "joe.smith",
"owner": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"password": "string",
"role": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "admin"
},
"scope": "string"
}
Response
Status: 201, Created
Error
Status: Default
ONTAP Error Response Codes
Error Code | Description |
---|---|
7077897 |
Invalid character in username. |
7077898 |
The username must contain both letters and numbers. |
7077899 |
Username does not meet length requirements. |
7077906 |
A role with that name has not been defined for the Vserver. |
7077918 |
Password cannot contain the username. |
7077919 |
Minimum length for new password does not meet the policy. |
7077920 |
New password must have both letters and numbers. |
7077921 |
Minimum number of special characters required do not meet the policy. |
7077929 |
Cannot lock user with non-password authentication method. |
7077940 |
Password exceeds maximum supported length. |
7077941 |
The defined password composition exceeds the maximum password length of 128 characters. |
7078900 |
The admin password is not set. Set the password by including it in the request. |
5636099 |
User creation with non admin role is not supported for service-processor application. |
5636121 |
User account name is reserved for use by the system. |
5636126 |
Cannot create a user with the username or role as autosupport because it is reserved by the system. |
5636140 |
Creating a login with application console for a data Vserver is not supported. |
5636141 |
Creating a login with application service-processor for a data Vserver is not supported. |
5636154 |
The second-authentication-method parameter is supported for ssh application. |
5636155 |
The second-authentication-method parameter can be specified only if the authentication-method password or public key nsswitch. |
5636156 |
The same value cannot be specified for the second-authentication-method and the authentication-method. |
5636157 |
If the authentication-method is domain, the second-authentication-method cannot be specified. |
5636164 |
If the value for either the authentication-method second-authentication-method is nsswitch or password, the other parameter must differ. |
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
href
Name | Type | Description |
---|---|---|
href |
string |
_links
Name | Type | Description |
---|---|---|
self |
account_application
Name | Type | Description |
---|---|---|
application |
string |
Applications |
authentication_methods |
array[string] |
|
second_authentication_method |
string |
An optional additional authentication method for MFA. This only works with SSH as the application. It is ignored for all other applications. |
owner
Owner name and UUID that uniquely identifies the user account.
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
role_reference
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
Role name |
account
Name | Type | Description |
---|---|---|
_links |
||
applications |
array[account_application] |
|
comment |
string |
Optional comment for the user account. |
locked |
boolean |
Locked status of the account. |
name |
string |
User or group account name |
owner |
Owner name and UUID that uniquely identifies the user account. |
|
password |
string |
Password for the account. The password can contain a mix of lower and upper case alphabetic characters, digits, and special characters. |
role |
||
scope |
string |
Scope of the entity. set to "cluster" for cluster owned objects and to "svm" for SVM owned objects. |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |