usermgr - API for user and group administration
interface UserMgr User[] users ; Group[] groups ; string[] shells ; User defaultUser ; string[] scopes ; string[] roles ; string[] profiles ; string[] auths ; string[] defaultPrivs ; string[] limitPrivs ; string[] supplGroups ; string[] auditClasses ; string[] pamUserConfFiles ; User getUser(string username); User addUser(User user, secret password); User modifyUser(User user, UserChangeFields changeFields, secret password); deleteUser(string username); selectScope(ScopeType scope); setFilter(UserType usertype, string searchstring); boolean isSystemLabeled(); UserType getUserType(string username);
USERMGR(3rad) RAD Module Definitions USERMGR(3rad) NAME usermgr - API for user and group administration SYNOPSIS interface UserMgr User[] users ; Group[] groups ; string[] shells ; User defaultUser ; string[] scopes ; string[] roles ; string[] profiles ; string[] auths ; string[] defaultPrivs ; string[] limitPrivs ; string[] supplGroups ; string[] auditClasses ; string[] pamUserConfFiles ; User getUser(string username); User addUser(User user, secret password); User modifyUser(User user, UserChangeFields changeFields, secret password); deleteUser(string username); selectScope(ScopeType scope); setFilter(UserType usertype, string searchstring); boolean isSystemLabeled(); UserType getUserType(string username); DESCRIPTION API com.oracle.solaris.rad.usermgr INTERFACES interface UserMgr Set of operations that can be performed on users and roles. UserMgr Properties User[] users (read-only) -- Lists users. Lists the users present in the selected scope based on the filter options. Read Error: UserMgrError o READERROR - when unable to read user after Group[] groups (read-only) -- Lists groups. Lists the groups present in the selected scope. Read Error: UserMgrError o READERROR - when unable to read the groups database. string[] shells (read-only) -- Lists shells. Lists the set of available shells that can be set as default shell for users. Read Error: UserMgrError o READERROR - when unable to read the default shells. User defaultUser (read-only) -- Lists user defaults. Lists the default values for groups, basedir, project, shell, skel, inactive, expire, auths, profiles, roles, limitPriv, defaultPriv, lockAfterRetries used for creation of users and roles. Read Error: UserMgrError o READERROR - when unable to read default user properties. string[] scopes (read-only) -- Lists scopes. Lists the set of name service repositories that can be administered. Read Error: UserMgrError o READERROR - when unable to read the name services that can be managed. string[] roles (read-only) -- Lists assigned roles. Lists the roles assigned to a user. Read Error: UserMgrError o READERROR - when unable to read user roles string[] profiles (read-only) -- Lists assigned profiles. Lists the profiles assigned to a user. Read Error: UserMgrError o READERROR - when unable to read user profiles. string[] auths (read-only) -- Lists assigned authorizations. Lists the authorizations assigned to a user. Read Error: UserMgrError o READERROR - when unable to read user authorizations. string[] defaultPrivs (read-only) -- Lists default privileges. Lists the default privileges assigned to a user. Read Error: UserMgrError o READERROR - when unable to read user's default privileges. string[] limitPrivs (read-only) -- Lists limit privileges. Lists the limit privileges assigned to a user. Read Error: UserMgrError o READERROR - when unable to read user's limit privileges. string[] supplGroups (read-only) -- Lists supplemental groups. Lists the supplemental groups that the user is a member of. Read Error: UserMgrError o READERROR - when unable to read user's supplemental groups. string[] auditClasses (read-only) -- Lists Assigned Audit Classes. Lists the audit classes that are assigned to the user. Read Error: UserMgrError o READERROR - when unable to read user's assigned audit classes. string[] pamUserConfFiles (read-only) -- Lists users PAM configuration files. Lists the per-user PAM configuration files. Read Error: UserMgrError o READERROR - when unable to read user specific PAM configuration files. UserMgr Methods User getUser(string username) gets User information for a given username. Gets the user information for a given username from the name service repository based on the filter options. Arguments: username -- Specifies the username for which the account information is to be retrieved. Result: User Error: UserMgrError o READERROR - when unable to read user User addUser(User user, secret password) Add user or role. Adds a user or role to the selected name service repository based on the filter options. Applies the properties set in the user object as the account, password, security attributes. Sets INVALIDDATA error when arguments are not valid. Sets PASSERROR error when password update fails. Sets READERROR error when unable to read user after successful addition of new user. Sets USEREXISTS error user already exists with same username. Arguments: user -- user object which contains attributes of new user account to be created. password -- password to be set for the new user account. Result: User Error: UserMgrError o INVALIDDATA - when arguments are not valid. o INVALIDDATA - when arguments are not valid. o READERROR - when unable to read user after adding new user. User modifyUser(User user, UserChangeFields changeFields, secret password) Modify user or role. Modifies users or roles present in the selected scope based on the filter options. Applies the changed fields in the user object to the user or role attributes. Sets INVALIDDATA error when arguments are not valid. Sets PASSERROR error when password update fails. Sets READERROR error when unable to read user after successful modification of user. Arguments: user -- user object which contains user attributes to be modified. changeFields -- Indicates which fields have been modified in the user object by the client. password (nullable) -- password to be set for the new user account. Result: User Error: UserMgrError o INVALIDDATA - when arguments are not valid. o INVALIDDATA - when arguments are not valid. o READERROR - when unable to read user after adding new user. deleteUser(string username) Delete user. Deletes user or role based on username present in the selected scope based on the filter options. Sets READERROR error on failure. Arguments: username -- username of account that needs to be deleted. Error: UserMgrError o READERROR - when unable to read user selectScope(ScopeType scope) sets the name-service repository scope. Sets the name-service repository scope. All subsequent operations will use the specified scope. Arguments: scope -- Specifies the name-service scope to be used for managing users. setFilter(UserType usertype, string searchstring) Sets the filter options. Sets the filter options which are used for all the subsequent operations. The options are user or role and search string. The default search string is empty string (""). Arguments: usertype -- Specifies if users or roles will be managed. searchstring -- Specifies the string to match against user or role names to be managed. boolean isSystemLabeled() Checks if System is Labeled. Checks if the Trusted Extensions feature is enabled on the system. Returns true if successful and sets Sets READERROR error on failure. Result: boolean Error: UserMgrError o READERROR - when checking if Trusted Extensions is enabled fails. UserType getUserType(string username) Gets the user type. Checks if the user is role or normal user. Returns UserType set to role or normal user. Sets READERROR error on failure. Arguments: username -- Specifies user name to check for user or role. Result: UserType Error: UserMgrError o READERROR - when checking if Trusted Extensions is enabled fails. ENUMERATED TYPES enum UserMgrErrorType -- User Manager api error types INVALIDDATA (0) USEREXISTS (1) PERMDENIED (2) READERROR (3) LASTADMIN (4) ROOTADMIN (5) PASSERROR (6) enum ScopeType -- Name service scope types FILES (0) LDAP (1) enum UserType NORMAL (0) ROLE (1) STRUCTURE TYPES struct Group -- describes a Solaris group Fully describes a Solaris group, contains group name, group id, group members. Fields: string groupName -- Specifies the group name. uinteger groupID -- Specifies the Gid of the group. string[] groupMembers -- Specifies the members of the group. struct User -- describes a Solaris user Fully describes a Solaris user, contains account, home directory and security attributes associated with a user. See man passwd(4), shadow(4), userattr(4) for more info on fields. Fields: string username -- username for the account. uinteger userID -- UID for the account. uinteger groupID -- GID for the account. string description (nullable) -- gecos info for the account. string homeDirectory (nullable) -- homedirectory location for the account. string defaultShell (nullable) -- default shell for the account. integer inactive -- Number of inactivity days allowed for the account. integer min -- Minimum number of days between password changes for the account. integer max -- Maximum cemunber of days the password is valid for the account. integer warn -- Number of days before password expires the user is warned. string expire (nullable) -- The date after which login will not be allowed for the account. The date format is %y-%m-%d %H:%M:%S. string lockAfterRetries (nullable) -- Specifies whether the account is locked after failed logins execeeds the allowable limit. string alwaysAuditFlags (nullable) -- Specifies per-user always audit pre-selection flags. string neverAuditFlags (nullable) -- Specifies per-user never-audit pre-selection flags. string type (nullable) -- specifies whether account is role or user. string defaultProj (nullable) -- specifies the default project for the account. string clearance (nullable) -- Specifies the max label at which the user can operate. string minLabel (nullable) -- Specifies the min labelthat the user can login . string roleAuth (nullable) -- Specifies whether the account user role or user password for role authentication. string idleCmd (nullable) -- Specifies when the desktop session for the user gets locked. string idleTime (nullable) -- Specifies the idle time before the idlecmd is executed. string accountStatus (nullable) -- Specifies the status of the account. string[] roles (nullable) -- Specifies the roles that have been assigned to the account. string[] profiles (nullable) -- Specifies the profiles that have been assigned to the account. string[] authProfiles (nullable) -- Specifies the authenticated profiles that have been assigned to the account. string[] auths (nullable) -- Specifies the authorizations that have been assigned to the account. string[] defaultPriv (nullable) -- Specifies the default set of privileges assigned to user at login. string[] limitPriv (nullable) -- Specifies the maximum set of privileges the user or process started by the user can obtain. string[] groups (nullable) -- Specifies the supplemental groups that have been assigned to the account. struct UserChangeFields -- Keeps track of all the fields that have been changed in the user object. Keeps track of all the fields that have been changed in the user object. For every field that has been changed in the User object the respective changeField will be set to true. Fields: boolean gidChanged boolean descChanged boolean homedirChanged boolean defShellChanged boolean profilesChanged boolean authProfilesChanged boolean rolesChanged boolean authsChanged boolean limitPrivChanged boolean groupsChanged boolean lockAfterRetriesChanged boolean alwaysAuditChanged boolean neverAuditChanged boolean typeChanged boolean defaultProjChanged boolean minLabelChanged boolean roleAuthChanged boolean idleCmdChanged boolean idleTimeChanged boolean expireChanged boolean minChanged boolean maxChanged boolean warnChanged boolean uidChanged struct UserMgrError Fields: UserMgrErrorType errorCode Version: (1.0) ATTRIBUTES See attributes(5) for descriptions of the following attributes: +--------------------+-------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +--------------------+-------------------------+ |Availability | system/management/rad/* | +--------------------+-------------------------+ |Interface Stability | Private | +--------------------+-------------------------+ SEE ALSO rad(1M) SunOS 5.11 2017-02-06 USERMGR(3rad)