Skip to main content
A newer release of this product is available.

Create a new user account

Contributors

POST /security/accounts

Creates a new user account.

Required parameters

  • name - Account name to be created.

  • applications - Array of one or more application tuples (of application and authentication methods).

Optional parameters

  • owner.name or owner.uuid - Name or UUID of the SVM for an SVM-scoped user account. If not supplied, a cluster-scoped user account is created.

  • role - RBAC role for the user account. Defaulted to admin for cluster user account and to vsadmin for SVM-scoped account.

  • password - Password for the user account (if the authentication method is opted as password for one or more of applications).

  • second_authentication_method - Needed for MFA and only supported for ssh application. Defaults to none if not supplied.

  • comment - Comment for the user account (e.g purpose of this account).

  • locked - Locks the account after creation. Defaults to false if not supplied.

  • security login create

Request Body

Name Type Description

_links

_links

applications

array[account_application]

comment

string

Optional comment for the user account.

locked

boolean

Locked status of the account.

name

string

User or group account name

owner

owner

Owner name and UUID that uniquely identifies the user account.

password

string

Password for the account. The password can contain a mix of lower and upper case alphabetic characters, digits, and special characters.

role

role_reference

scope

string

Scope of the entity. set to "cluster" for cluster owned objects and to "svm" for SVM owned objects.

Example request
{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "applications": [
    {
      "application": "string",
      "authentication_methods": [
        "string"
      ],
      "second_authentication_method": "string"
    }
  ],
  "comment": "string",
  "name": "joe.smith",
  "owner": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  },
  "password": "string",
  "role": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "admin"
  },
  "scope": "string"
}

Response

Status: 201, Created

Error

Status: Default

ONTAP Error Response Codes

Error Code Description

7077897

Invalid character in username.

7077898

The username must contain both letters and numbers.

7077899

Username does not meet length requirements.

7077906

A role with that name has not been defined for the Vserver.

7077918

Password cannot contain the username.

7077919

Minimum length for new password does not meet the policy.

7077920

New password must have both letters and numbers.

7077921

Minimum number of special characters required do not meet the policy.

7077929

Cannot lock user with non-password authentication method.

7077940

Password exceeds maximum supported length.

7077941

The defined password composition exceeds the maximum password length of 128 characters.

7078900

The admin password is not set. Set the password by including it in the request.

5636099

User creation with non admin role is not supported for service-processor application.

5636121

User account name is reserved for use by the system.

5636126

Cannot create a user with the username or role as autosupport because it is reserved by the system.

5636140

Creating a login with application console for a data Vserver is not supported.

5636141

Creating a login with application service-processor for a data Vserver is not supported.

5636154

The second-authentication-method parameter is supported for ssh application.

5636155

The second-authentication-method parameter can be specified only if the authentication-method password or public key nsswitch.

5636156

The same value cannot be specified for the second-authentication-method and the authentication-method.

5636157

If the authentication-method is domain, the second-authentication-method cannot be specified.

5636164

If the value for either the authentication-method second-authentication-method is nsswitch or password, the other parameter must differ.

Name Type Description

error

error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

self

href

account_application

Name Type Description

application

string

Applications

authentication_methods

array[string]

second_authentication_method

string

An optional additional authentication method for MFA. This only works with SSH as the application. It is ignored for all other applications.

owner

Owner name and UUID that uniquely identifies the user account.

Name Type Description

_links

_links

name

string

The name of the SVM.

uuid

string

The unique identifier of the SVM.

role_reference

Name Type Description

_links

_links

name

string

Role name

account

Name Type Description

_links

_links

applications

array[account_application]

comment

string

Optional comment for the user account.

locked

boolean

Locked status of the account.

name

string

User or group account name

owner

owner

Owner name and UUID that uniquely identifies the user account.

password

string

Password for the account. The password can contain a mix of lower and upper case alphabetic characters, digits, and special characters.

role

role_reference

scope

string

Scope of the entity. set to "cluster" for cluster owned objects and to "svm" for SVM owned objects.

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.