account ‑modify

Changes account settings.

SYNOPSIS

account ‑modify 
   [‑account account‑id‑or‑fqn]
   [‑fullName full‑name]
   [‑password]
   [‑email email‑address]
   [‑phone phone‑number]
   [‑name new‑account‑name]
   [‑role { admin1 | admin2 | monitor | support}]
   [{‑enable | ‑disable}]
   [‑passwordDuration duration‑in‑days]

   [{‑sessionKey | ‑u admin‑user ‑oracleFS oracle‑fs‑system}]
   [{‑outputformat | ‑o} { text | xml }]
   [{‑timeout timeout‑in‑seconds | ‑verify | ‑usage | ‑example | ‑help}]

DESCRIPTION

Use the account ‑modify command to change any of the following fields for administrator‑defined accounts:

Full name
Password duration
Email address
Phone number
Account name
Role
Account availability status (enabled or disabled)

Disabling an account that has active sessions does not terminate the sessions. You cannot change the Primary administrator role that is permanently assigned to the /⁠administrator account. Also, you cannot change the Oracle Customer Support role that is permanently assigned to the /⁠pillar account.

If one or more administrators are logged in to a specific account, you cannot modify the role for that account until all of the administrators log out. However, changes to the other fields are permitted, including resetting the password and disabling the account. These changes take effect immediately after the administrators end their sessions.

When logging in, if a non-primary administrator fails to enter the correct password after making a maximum number of attempts, the Oracle FS System automatically disables the account. Use the system ‑modify ‑maximumFailedLogins command to change the maximum number of failed attempts that are permitted before an account is disabled. Because the default /⁠⁠administrator and /⁠pillar accounts are required for basic administration, that account cannot be disabled even if the maximum number of failed attempts has been reached.

To prevent security breaches, frequently change the passwords of the /⁠administrator and /pillar accounts and provide access to the current password through a restricted site.

To enable an administrator-defined account that has been disabled, log in with the /⁠administrator account or an Administrator 1 account and run the account ‑modify ‑enable command.

To disable an account, run the account ‑modify ‑disable command.

Note: Only administrators with primary administrator, admin1, admin2, or support roles are authorized to run the account ‑modify command.

OPTIONS

‑account

Specifies the fully qualified name (FQN) or unique identifier (ID) of the account. Account names are case sensitive.

If you do not supply an account name, the account under which you are currently logged in will be modified.

‑disable

Disables the specified account.

‑email

Specifies the email address of the account owner. The Oracle FS System does not verify the validity of the email address.

Important! An email address is required to allow accounts to recover their passwords.

‑enable

Enables the specified account.

‑fullName

Specifies the name of the account owner. If the full name contains spaces, enclose the entire name inside double quotation marks. For example: “Tyler Leslie Mendoza”.

‑name

Specifies the account name. Use double quotation marks around names containing dashes.

‑password

Requests that the administrator provide a new password.

‑passwordDuration

Specifies the number of days that the password that the administrator provides is valid. When the password expires, the Oracle FS System prompts the account user to provide a new password.

‑phone

Specifies the phone number of the account owner. The Oracle FS System does not verify the validity of the phone number.

‑role

Specifies the permissions that are granted to users of the account. To specify permissions, assign one of the following roles:

admin1

Authorizes the administrator to perform the following types of tasks:

Administration
Configuration
Recovery

admin2

Authorizes the administrator to perform all administrative tasks that an admin1 role can perform except for the following tasks:

Create, modify, or delete administrator accounts
Modify Call‑Home settings.
Create, modify, or delete LUNs, File Servers, and filesystems.
Modify system-wide settings.
Modify software configurations
Modify hardware configurations.
Shut down the Oracle FS System.

monitor

Authorizes the administrator to perform read-only tasks and to modify the attributes of their account.

support

Authorizes the administrator to perform support operations as instructed by Oracle Customer Support. This role does not authorize the administrator to modify or delete data resources, system alerts, or administrator accounts.

GLOBAL OPTIONS FOR SUBCOMMANDS

The following global options can be used for fscli command-subcommand pairs that do not include other command-line options:

‑help: Returns the context-sensitive help for the specified subcommand.
‑usage: Returns the subcommand syntax for the given command, including all of the options that are available for the command-subcommand pair.

GLOBAL OPTIONS FOR COMMANDS

The following global options can be used for fully formed fscli commands:

‑example

Returns sample output from the specified command.

Note: To see the output in XML format, include the ‑o xml option.

‑timeout timeout-in-seconds

Specifies the length of time (timeout-in-seconds) that the command line interface waits before another command is allowed to run. If the command takes longer to run than the specified time limit, the system continues processing the command, but the command prompt is made available so that you can issue another command. If the -timeout option is omitted, the command line interface blocks until the one of the following conditions is met:

The command completes successfully.
The command returns with an error.
The session times out.

Note: Be sure to check the state of the system after initiating a long running command with the ‑timeout option. Many fscli commands run a series of underlying commands in sequence. When the timeout value is reached before all of the underlying commands have completed, the fscli command does not complete with the outstanding tasks reporting a failure status.

‑outputformat | ‑o { text | xml }: Controls the type of the output the system returns from a command. If the ‑outputformat option is not included, the format of the output defaults to simple text. If xml is provided, the output is a collection of XML elements.
Note: For XML output, if internal errors occur during command execution, each error is included in a separate <ErrorList> tag.

‑verify: Inspects the validity of the command syntax, not the semantics. Used to test the structure of a command without running the command. Does not determine whether errors would be produced if you issue a structurally correct command with the input provided.
‑sessionkey: Directs the CLI to prompt you to supply a session key when you issue the command. The CLI displays Sessionkey: as the prompt. To obtain a session key, log in with the ‑returnKey option specified. After the session is established, the session key is displayed in STDOUT. If you request a session key, the ‑sessionkey option is required syntax for all commands that are issued in a given session. In environments with more than one Oracle FS System, the session key is used to determine to which Oracle FS System to direct the command for validation. Session keys are also used to establish two or more CLI sessions when using a shared administrator account.
‑u admin-user ‑oracleFS oracle‑fs-system: Routes the command to a particular Oracle FS System for execution. This option passes the name of the administrator account to use when opening the session on the specified system. Identify a specific Oracle FS System by its IP address or by the name that is recorded in the domain name system (DNS). When logging in to the Oracle FS System using the ‑u option and the ‑oracleFS option, the fscli application prompts you for a password on the command line interface for access. The Oracle FS System and the account login information are used to authenticate the current session. Establishing a login session by specifying an Oracle FS System and an account does not change the credentials that are associated with the active sessions that are running on other clients.
Caution
Oracle recommends that you not use the Cygwin command line interface to run the fscli application on Windows platforms. If you are running the Cygwin interface and include the ‑u option as a part of the ‑list subcommand, the password for the specified account is included in the results. Exposing the password can cause a breach in security.

EXAMPLE

Task

Disable an account.

Parameters

Fully qualified name of the account: /⁠⁠flash_store_admin
Disable account flag

$ fscli account ‑modify ‑account /⁠⁠flash_store_admin ‑disable