REST API reference
Update a user account
Suggest changes
PDFs
PATCH /security/accounts/{owner.uuid}/{name}
Introduced In: 9.6
Updates a user account. Locks or unlocks a user account and/or updates the role, applications, and/or password for the user account.
Required parameters
-
name- Account name to be updated. -
owner.uuid- UUID of the SVM housing the user account to be updated.
Optional parameters
-
applications- Array of one or more tuples (of application and authentication methods). -
role- RBAC role for the user account. -
password- Password for the user account (if the authentication method is opted as password for one or more of applications). -
second_authentication_method- Needed for MFA and only supported for ssh application. Defaults tononeif not supplied. -
comment- Comment for the user account (e.g purpose of this account). -
locked- Set to true/false to lock/unlock the account.
Related ONTAP commands
-
security login create -
security login modify -
security login password -
security login lock -
security login unlock
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
owner.uuid |
string |
path |
True |
Account owner UUID |
name |
string |
path |
True |
User account name |
Request Body
| Name | Type | Description |
|---|---|---|
_links |
||
applications |
array[account_application] |
|
comment |
string |
Optional comment for the user account. |
locked |
boolean |
Locked status of the account. |
name |
string |
User or group account name |
owner |
Owner name and UUID that uniquely identifies the user account. |
|
password |
string |
Password for the account. The password can contain a mix of lower and upper case alphabetic characters, digits, and special characters. |
role |
||
scope |
string |
Scope of the entity. Set to "cluster" for cluster owned objects and to "svm" for SVM owned objects. |
Example request
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"applications": {
"application": "amqp",
"authentication_methods": {
},
"second_authentication_method": "none"
},
"comment": "string",
"name": "joe.smith",
"owner": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"role": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "admin"
},
"scope": "cluster"
}Response
Status: 200, OkError
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
1261215 |
The role was not found. |
1261218 |
The user was not found. |
1263343 |
Cannot lock user with password not set or non-password authentication method. |
5636096 |
Cannot perform the operation for this user account since the password is not set. |
5636097 |
The operation for user account failed since user password is not set. |
5636100 |
Modification of a service-processor user's role to a non-admin role is not supported. |
5636125 |
The operation not supported on AutoSupport user account which is reserved. |
5636129 |
The role does not exist. |
5636154 |
The second-authentication-method parameter is supported for ssh application. |
5636155 |
The second-authentication-method parameter can be specified only if the authentication-method password or public key nsswitch. |
5636156 |
Same value cannot be specified for the second-authentication-method and the authentication-method. |
5636157 |
If the authentication-method is domain, the second-authentication-method cannot be specified. |
5636159 |
For a given user and application, if the second-authentication-method is specified, only one such login entry is supported. |
5636164 |
If the value for either the authentication-method second-authentication-method is nsswitch or password, the other parameter must differ. |
5636174 |
You are not authorized to change the password for other users. |
7077896 |
Cannot lock the account of the last console admin user. |
7077906 |
A role with that name has not been defined for the Vserver. |
7077911 |
The user is not configured to use the password authentication method. |
7077918 |
The password cannot contain the username. |
7077919 |
The minimum length for new password does not meet the policy. |
7077920 |
The new password must have both letters and numbers. |
7077921 |
The minimum number of special characters required do not meet the policy. |
7077924 |
The new password must be different than last N passwords. |
7077925 |
The new password must be different to the old password. |
7077929 |
Cannot lock user with password not set or non-password authentication method. |
7077940 |
The password exceeds maximum supported length. |
7077941 |
Defined password composition exceeds the maximum password length of 128 characters. |
7078900 |
An aAdmin password is not set. Set the password by including it in the request. |
| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": {
"code": "string",
"message": "string"
},
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
self |
account_application
| Name | Type | Description |
|---|---|---|
application |
string |
Applications |
authentication_methods |
array[string] |
|
second_authentication_method |
string |
An optional additional authentication method for MFA. This only works with SSH as the application. It is ignored for all other applications. |
owner
Owner name and UUID that uniquely identifies the user account.
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
role
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
Role name |
account
| Name | Type | Description |
|---|---|---|
_links |
||
applications |
array[account_application] |
|
comment |
string |
Optional comment for the user account. |
locked |
boolean |
Locked status of the account. |
name |
string |
User or group account name |
owner |
Owner name and UUID that uniquely identifies the user account. |
|
password |
string |
Password for the account. The password can contain a mix of lower and upper case alphabetic characters, digits, and special characters. |
role |
||
scope |
string |
Scope of the entity. Set to "cluster" for cluster owned objects and to "svm" for SVM owned objects. |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |