POST /userAccounts

Use the POST method to create a user account.

Authentication

Authentication with user name and password is required.

Request URL

POST https://<management_server_IP>/userAccounts

Query parameters

None

Request body

Attributes Required / Optional Type Description
userName Required String User name
userPw Required String Initial account password
description Optional String Description for the user account
groups Required Array of strings List of role groups to which this user account belongs. This can be one of the following values.
  • LXC-ADMIN. Includes the lxca-admin role.

  • LXC-RECOVERY. Includes the lxc-recovery role.

  • LXC-SECURITY-ADMIN. Includes the lxc-security-admin role.

  • LXC-SUPERVISOR. Includes the lxc-supervisor role.

  • LXC-OPERATOR. Includes the lxc-operator role.

  • LXC-FW-ADMIN. Includes the lxc-fw-admin role.

  • LXC-OS-ADMIN. Includes the lxc-os-admin role.

  • LXC-HW-ADMIN. Includes the lxc-hw-admin role.

  • LXC-SERVICE-ADMIN. Includes the lxc-service-admin role.

  • LXC-HW-MANAGER. Includes the lxc-hw-manager role.

PasswordChangeFirstAccess Optional Boolean Indicates if the password must be changed when the user initially accesses the XClarity Administrator. This can be one of the following values.
  • true. The password must be changed.
  • false. The password does not have to be changed.

If not specified, the default value is taken from the user account settings (see /userAccountSettings).

Request example

{
    "userPw": "passw0rd",
    "userName": "test2",
    "description": "test2 description",
    "groups": ["lxc-admin"],
    "PasswordChangeFirstAccess": true
}

Response codes

Code Description
201 Created. The user account was created successfully.
400 Bad request. An argument is missing or not valid. a descriptive error message will be returned in the body.
404 Not found. The user was not found. A descriptive error message will be returned in the body.
409 Conflict. One or more of the following conflicts has occurred:
  • An account with the specified user name exists already.
  • A violation of the security policy occurred.
500 Internal server error. A descriptive error message will be returned in the body.

Response body

Attributes Type Description
response Array Each array element represents a user account
  activeSessions Integer Number of currently active sessions for the user account
  createTimestamp String Date and time when the account was created. The timestamp is returned in ISO 8601 forma (for example, 2014-02-05T15:54:13Z).
  description String Description for the user account
  fullName String Descriptive name of the user account (for example: First M Last)
  groups Array of strings List of role groups to which the user account belongs
  id String Hashed index uniquely identifying a user account
  lastLoginTimestamp String Date and time when the account was last successfully logged in. he timestamp is returned in ISO 8601 format (for example, 2014-02-05T15:54:13Z).
  ldapDn String User's LDAP distinguished name (for example, "cn=USERID,ou=Users,dc=ibmbase,dc=com").
  loginAttempts Integer Number of times that the user has attempted to log in
  loginCount Integer Number of times the user has successfully logged in
  modifyTimestamp String Date and time when the account was last modified. The timestamp is returned in ISO 8601 format (for example, 2014-02-05T15:54:13Z).
  PasswordChangeFirstAccess Boolean Indicates if the user is required to change the password on the initial access. This can be one of the following values.
  • true. The password must be changed.
  • false. The password does not have to be changed.
  pwdAge Integer Number of days that have elapsed since the password was last changed
  pwExpirationWarning Boolean Indicates if a password expiration warning is to be displayed when a user logs in. This can be one of following values.
  • true. The password warning is to be displayed.
  • false. The password has not expired.
  pwExpired Boolean Indicates if the password has expired. This can be one of the following values.
  • true. The password has expired.
  • false. The password has not expired.
  reserved Boolean Indicates whether the user account is reserved for use by the XClarity Administrator. This can be one of the following values.
  • true. The user account is reserved.
  • false. The user account is not reserved.
  state String User-account status. This can be one of the following values.
  • Active. The user account is in an active state.
  • Inactive. The user account is in an inactive state (disabled).
  • Locked. The user account is locked
  timeBeforeExpirationInDays Integer Number of days remaining before a password expires
  userName String Name of the user account
  userPw String Internal use only
result String Request results. This can be one of the following values.
  • success. The request completed successfully.
  • failure. The request failed. A descriptive error message was returned.
messages Array of objects Information about one or more messages
  explanation String Additional information to clarify the reason for the message
  id String Message identifier of a returned message
  recovery Array of objects Recovery information
    text String User actions that can be taken to recover from the event
    URL String Link to the help system for more information, if available
  text String Message text associated with the message identifier

Response example

{
    "response": {
        "createTimestamp": "2015-01-05T22:28:28Z",
        "description": "test2 description",
        "groups": ["lxc-admin"],
        "id": "478e6564-066a-4714-b734-e0f5c3073fbf",
        "lastLoginTimestamp": "",
        "ldapDn": "cn=TEST2,ou=Users,dc=ibmbase,dc=com",
        "loginAttempts": 0,
        "loginCount": 0,
        "modifyTimestamp": "2015-01-05T22:28:28Z",
        "PasswordChangeFirstAccess": true,
        "pwdAge": 0,
        "pwExpirationWarning": false,
        "pwExpired": true,
        "state": "Active",
        "timeBeforeExpirationInDays": 90,
        "userName": "TEST2",
        "userPw": "NA"
    },
    "result": "success",
    "messages": [{
        "explanation": "",
        "id": "FQXHMSE0001I",
        "recovery": {
            "text": "Information only; no action is required.",
            "URL": ""
        },
        "text": "The request completed successfully."
    }]
}