Input Name	Range	Type	Description
application		string	Name of the application. Possible values: 'console', 'http', 'ontapi', 'snmp', 'sp', 'ssh'.
authentication-method		string	Authentication method for the application. Possible values: 'community', 'password', 'publickey', 'domain', 'nsswitch' and 'usm'. Not all authentication methods are valid for an application. Valid authentication methods for each application are: 'password' for 'console' application. 'password', 'domain', 'nsswitch' for 'http' application. 'password', 'domain', 'nsswitch' for 'ontapi' application. 'community' for 'snmp' application (when creating SNMPv1 and SNMPv2 users). 'usm' and 'community' for 'snmp' application (when creating SNMPv3 users). 'password' for 'sp' application. 'password', 'publickey', 'domain', 'nsswitch' for 'ssh' application.
password		string optional	Password for the user account. This is ignored for creating snmp users. This is required for creating non-snmp users.
role-name		string	Name of the role.
snmpv3-login-info		snmpv3-login-info optional	SNMPv3 user login information for 'usm' authentication method
user-name		string	Name of the user. When creating a SNMPv1 or SNMPv2 user with 'snmp' application and 'community' authentication-method, the user name is the community string.
vserver		string	Name of the Vserver.

Errno	Description
EOBJECTNOTFOUND
EINTERNALERROR
EVSERVERNOTFOUND
EINVALIDUSERNAME
EINVALIDAPPLICATION
EINVALIDAUTHENTICATIONMETHOD
EROLENOTFOUND

Delete an existing user account object.

Input Name	Range	Type	Description
application		string	Name of the application. Possible values: 'console', 'http', 'ontapi', 'snmp', 'sp', 'ssh'.
authentication-method		string	Authentication method for the application. Possible values: 'community', 'password', 'publickey', 'domain', 'nsswitch' and 'usm'. Not all authentication methods are valid for an application. Valid authentication methods for each application are: 'password' for 'console' application. 'password', 'domain', 'nsswitch' for 'http' application. 'password', 'domain', 'nsswitch' for 'ontapi' application. 'community' for 'snmp' application (when creating SNMPv1 and SNMPv2 users). 'usm' and 'community' for 'snmp' application (when creating SNMPv3 users). 'password' for 'sp' application. 'password', 'publickey', 'domain', 'nsswitch' for 'ssh' application.
user-name		string	Name of the user. When creating a SNMPv1 or SNMPv2 user with 'snmp' application and 'community' authentication-method, the user name is the community string.
vserver		string	Name of the Vserver.

Errno	Description
EOBJECTNOTFOUND
EINTERNALERROR
EVSERVERNOTFOUND
EUSERNOTFOUND
EAPPLICATIONNOTFOUND
EAUTHENTICATIONMETHODNOTFOUND

Delete an existing user account or a group of user account objects.

Input Name	Range	Type	Description
continue-on-failure		boolean optional	This input element is useful when multiple security login account objects match a given query. If set to true, the API will continue deleting the next matching security login account even when the deletion of a previous security login account fails. If set to false, the API will return on the first failure. Default: false
max-failure-count	[1..2^32-1]	integer optional	When allowing failures ('continue-on-failure' is set to true), then this input element may be provided to limit the number of failed deletions before the server gives up and returns. If set, the API will continue deleting the next matching security login account even when the deletion of a previous matching security login account fails, and do so until the total number of objects failed to be deleted reaches the maximum specified. If set to the maximum or not provided, then there will be no limit on the number of failed deletions. Only applicable if 'continue-on-failure' is set to true. Default: 2^32-1
max-records	[1..100]	integer optional	The maximum number of security login account objects to delete in this call. Default: 20
query		security-login-account-info	If deleting a specific security login account, this input element must specify all keys. If deleting multiple security login account objects based on query, this input element must specify a query.
return-failure-list		boolean optional	If set to true, the API will return the list of security login account objects (just keys) that were not deleted due to some error. If set to false, the list of security login account objects not deleted will not be returned. Default: true
return-success-list		boolean optional	If set to true, the API will return the list of security login account objects (just keys) that were successfully deleted. If set to false, the list of security login account objects deleted will not be returned. Default: true
tag		string optional	Specify the tag from the last call. It is usually not specified for the first call. For subsequent calls, copy values from the next-tag obtained from the previous call.
Output Name	Range	Type	Description
failure-list		security-login-delete-iter-info[] optional	Information about security login account objects that were not deleted due to some error. This element will be returned only if input element 'return-failure-list' is true.
next-tag		string optional	Tag for the next call. Not present when there are no more matching security login account objects to be deleted.
num-failed	[0..100]	integer optional	Number of security login account objects that matched the query, but were not deleted due to some error.
num-succeeded	[0..100]	integer optional	The number of security login account objects that matched the query and were successfully deleted.
success-list		security-login-delete-iter-info[] optional	The security login account objects that were successfully deleted. This element will be returned only if input element 'return-success-list' is true

Errno	Description
EINTERNALERROR

Get the attributes of a user account.

Input Name	Range	Type	Description
application		string	Name of the application. Possible values: 'console', 'http', 'ontapi', 'snmp', 'sp', 'ssh'.
authentication-method		string	Authentication method for the application. Possible values: 'community', 'password', 'publickey', 'domain', 'nsswitch' and 'usm'. Not all authentication methods are valid for an application. Valid authentication methods for each application are: 'password' for 'console' application. 'password', 'domain', 'nsswitch' for 'http' application. 'password', 'domain', 'nsswitch' for 'ontapi' application. 'community' for 'snmp' application (when creating SNMPv1 and SNMPv2 users). 'usm' and 'community' for 'snmp' application (when creating SNMPv3 users). 'password' for 'sp' application. 'password', 'publickey', 'domain', 'nsswitch' for 'ssh' application.
desired-attributes		security-login-account-info optional	Specify the attributes that should be returned. If not present, all attributes for which information is available will be returned. If present, only the desired attributes for which information is available will be returned.
user-name		string	Name of the user. When creating a SNMPv1 or SNMPv2 user with 'snmp' application and 'community' authentication-method, the user name is the community string.
vserver		string	Name of the Vserver.
Output Name	Range	Type	Description
attributes		security-login-account-info	The attributes of the security login account.

Errno	Description
EOBJECTNOTFOUND
EINTERNALERROR
EVSERVERNOTFOUND
EUSERNOTFOUND
EAPPLICATIONNOTFOUND
EAUTHENTICATIONMETHODNOTFOUND

Iterate over a list of user account objects.

Input Name	Range	Type	Description
desired-attributes		security-login-account-info optional	Specify the attributes that should be returned. If not present, all attributes for which information is available will be returned. If present, only the desired attributes for which information is available will be returned.
max-records	[1..100]	integer optional	The maximum number of records to return in this call. Default: 20
query		security-login-account-info optional	A query that specifies which objects to return. A query could be specified on any number of attributes in the security login account object. All security login account objects matching this query up to 'max-records' will be returned.
tag		string optional	Specify the tag from the last call. It is usually not specified for the first call. For subsequent calls, copy values from the 'next-tag' obtained from the previous call.
Output Name	Range	Type	Description
attributes-list		security-login-account-info[] optional	The list of attributes of security login account objects.
next-tag		string optional	Tag for the next call. Not present when there are no more security login account objects to return.
num-records	[0..100]	integer	The number of records returned in this call.

Errno	Description
EINTERNALERROR

Lock a user account that uses password as the authentication method. Returns an error if the user account does not use password authentication.

Input Name	Range	Type	Description
user-name		string	Name of the user account to be locked.
vserver		string	Name of the Vserver.

Errno	Description
EOBJECTNOTFOUND
EINTERNALERROR
EVSERVERNOTFOUND
EUSERNOTFOUND
EUSERLOCKFAILED

Modify the attributes of a user account object. Omitted (optional) fields will not be changed.

Input Name	Range	Type	Description
application		string	Name of the application. Possible values: 'console', 'http', 'ontapi', 'snmp', 'sp', 'ssh'.
authentication-method		string	Authentication method for the application. Possible values: 'community', 'password', 'publickey', 'domain', 'nsswitch' and 'usm'. Not all authentication methods are valid for an application. Valid authentication methods for each application are: 'password' for 'console' application. 'password', 'domain', 'nsswitch' for 'http' application. 'password', 'domain', 'nsswitch' for 'ontapi' application. 'community' for 'snmp' application (when creating SNMPv1 and SNMPv2 users). 'usm' and 'community' for 'snmp' application (when creating SNMPv3 users). 'password' for 'sp' application. 'password', 'publickey', 'domain', 'nsswitch' for 'ssh' application.
role-name		string	Name of the role.
user-name		string	Name of the user. When creating a SNMPv1 or SNMPv2 user with 'snmp' application and 'community' authentication-method, the user name is the community string.
vserver		string	Name of the Vserver.

Errno	Description
EOBJECTNOTFOUND
EINTERNALERROR
EVSERVERNOTFOUND
EUSERNOTFOUND
EAPPLICATIONNOTFOUND
EAUTHENTICATIONMETHODNOTFOUND
EROLENOTFOUND

Modify the attributes of a user account or a group of user account objects.

Input Name	Range	Type	Description
attributes		security-login-account-info	Specify at least one modifiable element. Do not specify any other element.
continue-on-failure		boolean optional	This input element is useful when multiple security login account objects match a given query. If set to true, the API will continue modifying the next matching security login account even when modification of a previous security login account fails. If set to false, the API will return on the first failure. Default: false
max-failure-count	[1..2^32-1]	integer optional	When allowing failures ('continue-on-failure' is set to true), then this input element may be provided to limit the number of failed modify operations before the server gives up and returns. If set, the API will continue modifying the next matching security login account even when the modification of a previous matching security login account fails, and do so until the total number of objects failed to be modified reaches the maximum specified. If set to the maximum or not provided, then there will be no limit on the number of failed modify operations. Only applicable if 'continue-on-failure' is set to true. Default: 2^32-1
max-records	[1..100]	integer optional	The maximum number of objects to be modified in this call. Default: 20
query		security-login-account-info	If modifying a specific security login account, this input element must specify all keys. If modifying security login account objects based on query, this input element must specify a query.
return-failure-list		boolean optional	If set to true, the API will return the list of security login account objects (just keys) that were not modified due to some error. If set to false, the list of security login account objects not modified will not be returned. Default: true
return-success-list		boolean optional	If set to true, the API will return the list of security login account objects (just keys) that were successfully updated. If set to false, the list of security login account objects modified will not be returned. Default: true
tag		string optional	Specify the tag from the last call. It is usually not specified for the first call. For subsequent calls, copy values from the 'next-tag' obtained from the previous call.
Output Name	Range	Type	Description
failure-list		security-login-modify-iter-info[] optional	Information about security login account objects that were not modified due to some error. This element will be returned only if input element 'return-failure-list' is true.
next-tag		string optional	Tag for the next call. Not present when there are no more matching security login account objects to be modified.
num-failed	[0..100]	integer optional	Number of security login account objects that matched the query, but were not modified due to some error.
num-succeeded	[0..100]	integer optional	The number of security login account objects that matched the query and were successfully updated.
success-list		security-login-modify-iter-info[] optional	The security login account objects that were successfully updated. This element will be returned only if input element 'return-success-list' is true

Errno	Description
EINTERNALERROR

Get the attributes of a role configuration.

Input Name	Range	Type	Description
desired-attributes		security-login-role-config-info optional	Specify the attributes that should be returned. If not present, all attributes for which information is available will be returned. If present, only the desired attributes for which information is available will be returned.
role-name		string	Name of the role.
vserver		string	Name of the Vserver.
Output Name	Range	Type	Description
attributes		security-login-role-config-info	The attributes of the security login roleconfig.

Errno	Description
EOBJECTNOTFOUND
EINTERNALERROR
EVSERVERNOTFOUND
EROLENOTFOUND
EROLECONFIGNOTFOUND

Iterate over a list of role objects.

Input Name	Range	Type	Description
desired-attributes		security-login-role-config-info optional	Specify the attributes that should be returned. If not present, all attributes for which information is available will be returned. If present, only the desired attributes for which information is available will be returned.
max-records	[1..100]	integer optional	The maximum number of records to return in this call. Default: 20
query		security-login-role-config-info optional	A query that specifies which objects to return. A query could be specified on any number of attributes in the security login roleconfig object. All security login roleconfig objects matching this query up to 'max-records' will be returned.
tag		string optional	Specify the tag from the last call. It is usually not specified for the first call. For subsequent calls, copy values from the 'next-tag' obtained from the previous call.
Output Name	Range	Type	Description
attributes-list		security-login-role-config-info[] optional	The list of attributes of security login roleconfig objects.
next-tag		string optional	Tag for the next call. Not present when there are no more security login roleconfig objects to return.
num-records	[0..100]	integer	The number of records returned in this call.

Errno	Description
EINTERNALERROR

Modify the specified attributes of role configuration object. Omitted (optional) fields will not be changed.

Input Name	Range	Type	Description
change-password-duration-in-days	[0..1000]	integer optional	This optionally specifies the number of days that must pass between password changes. The default setting is 0 (zero) meaning the user is not allowed to change the password ever.
last-passwords-disallowed-count	[1..25]	integer optional	This optionally specifies the number of previous passwords that are disallowed for reuse. The default setting is 6.
min-password-size	[3..64]	integer optional	This optionally specifies the minimum length of the password. Possible values range from 3 to 64 characters. The default setting is 8 characters.
min-username-size	[3..16]	integer optional	The minimum length of the user name. Possible values range from 3 to 16 characters. The default setting is 3 characters.
require-password-alpha-numeric		boolean optional	Password Alpha-Numeric for Zapi
require-username-alpha-numeric		boolean optional	Username Alpha-Numeric for Zapi
role-name		string	Name of the role.
vserver		string	Name of the Vserver.

Errno	Description
EOBJECTNOTFOUND
EINTERNALERROR
EVSERVERNOTFOUND
EROLENOTFOUND
EROLECONFIGNOTFOUND

Modify the attributes of role configuration or a group of role configuration objects.

Input Name	Range	Type	Description
attributes		security-login-role-config-info	Specify at least one modifiable element. Do not specify any other element.
continue-on-failure		boolean optional	This input element is useful when multiple security login roleconfig objects match a given query. If set to true, the API will continue modifying the next matching security login roleconfig even when modification of a previous security login roleconfig fails. If set to false, the API will return on the first failure. Default: false
max-failure-count	[1..2^32-1]	integer optional	When allowing failures ('continue-on-failure' is set to true), then this input element may be provided to limit the number of failed modify operations before the server gives up and returns. If set, the API will continue modifying the next matching security login roleconfig even when the modification of a previous matching security login roleconfig fails, and do so until the total number of objects failed to be modified reaches the maximum specified. If set to the maximum or not provided, then there will be no limit on the number of failed modify operations. Only applicable if 'continue-on-failure' is set to true. Default: 2^32-1
max-records	[1..100]	integer optional	The maximum number of objects to be modified in this call. Default: 20
query		security-login-role-config-info	If modifying a specific security login roleconfig, this input element must specify all keys. If modifying security login roleconfig objects based on query, this input element must specify a query.
return-failure-list		boolean optional	If set to true, the API will return the list of security login roleconfig objects (just keys) that were not modified due to some error. If set to false, the list of security login roleconfig objects not modified will not be returned. Default: true
return-success-list		boolean optional	If set to true, the API will return the list of security login roleconfig objects (just keys) that were successfully updated. If set to false, the list of security login roleconfig objects modified will not be returned. Default: true
tag		string optional	Specify the tag from the last call. It is usually not specified for the first call. For subsequent calls, copy values from the 'next-tag' obtained from the previous call.
Output Name	Range	Type	Description
failure-list		security-login-role-config-modify-iter-info[] optional	Information about security login roleconfig objects that were not modified due to some error. This element will be returned only if input element 'return-failure-list' is true.
next-tag		string optional	Tag for the next call. Not present when there are no more matching security login roleconfig objects to be modified.
num-failed	[0..100]	integer optional	Number of security login roleconfig objects that matched the query, but were not modified due to some error.
num-succeeded	[0..100]	integer optional	The number of security login roleconfig objects that matched the query and were successfully updated.
success-list		security-login-role-config-modify-iter-info[] optional	The security login roleconfig objects that were successfully updated. This element will be returned only if input element 'return-success-list' is true

Errno	Description
EINTERNALERROR

Create a new user role.

Input Name	Range	Type	Description
access-level		string optional	Access level for the role. Possible values: 'none', 'readonly', 'all'. The default value is 'all'.
command-directory-name		string	The command or command directory to which the role has an access.
return-record		boolean optional	If set to true, returns the security login role on successful creation. Default: false
role-name		string	Name of the role.
role-query		string optional	A query for the role. The query must apply to the specified command or directory name. Example: The command is 'volume show' and the query is '-volume vol1'. The query is applied to the command resulting in populating only the volumes with name vol1.
vserver		string	Name of the Vserver.
Output Name	Range	Type	Description
result		security-login-role-info optional	The security login role created (keys or the entire object if requested)

Errno	Description
EOBJECTNOTFOUND
EINTERNALERROR
EVSERVERNOTFOUND
EINVALIDROLENAME
EINVALIDCMDDIRNAME
EINVALIDACCESS
EINVALIDQUERY

Delete an existing user role object.

Input Name	Range	Type	Description
command-directory-name		string	The command or command directory to which the role has an access.
role-name		string	Name of the role.
vserver		string	Name of the Vserver.

Errno	Description
EOBJECTNOTFOUND
EINTERNALERROR
EROLENOTFOUND
EVSERVERNOTFOUND
ECMDDIRNOTFOUND

Delete an existing user role or a group of user role objects.

Input Name	Range	Type	Description
continue-on-failure		boolean optional	This input element is useful when multiple security login role objects match a given query. If set to true, the API will continue deleting the next matching security login role even when the deletion of a previous security login role fails. If set to false, the API will return on the first failure. Default: false
max-failure-count	[1..2^32-1]	integer optional	When allowing failures ('continue-on-failure' is set to true), then this input element may be provided to limit the number of failed deletions before the server gives up and returns. If set, the API will continue deleting the next matching security login role even when the deletion of a previous matching security login role fails, and do so until the total number of objects failed to be deleted reaches the maximum specified. If set to the maximum or not provided, then there will be no limit on the number of failed deletions. Only applicable if 'continue-on-failure' is set to true. Default: 2^32-1
max-records	[1..100]	integer optional	The maximum number of security login role objects to delete in this call. Default: 20
query		security-login-role-info	If deleting a specific security login role, this input element must specify all keys. If deleting multiple security login role objects based on query, this input element must specify a query.
return-failure-list		boolean optional	If set to true, the API will return the list of security login role objects (just keys) that were not deleted due to some error. If set to false, the list of security login role objects not deleted will not be returned. Default: true
return-success-list		boolean optional	If set to true, the API will return the list of security login role objects (just keys) that were successfully deleted. If set to false, the list of security login role objects deleted will not be returned. Default: true
tag		string optional	Specify the tag from the last call. It is usually not specified for the first call. For subsequent calls, copy values from the next-tag obtained from the previous call.
Output Name	Range	Type	Description
failure-list		security-login-role-delete-iter-info[] optional	Information about security login role objects that were not deleted due to some error. This element will be returned only if input element 'return-failure-list' is true.
next-tag		string optional	Tag for the next call. Not present when there are no more matching security login role objects to be deleted.
num-failed	[0..100]	integer optional	Number of security login role objects that matched the query, but were not deleted due to some error.
num-succeeded	[0..100]	integer optional	The number of security login role objects that matched the query and were successfully deleted.
success-list		security-login-role-delete-iter-info[] optional	The security login role objects that were successfully deleted. This element will be returned only if input element 'return-success-list' is true

Errno	Description
EINTERNALERROR

Get the attributes of a user role.

Input Name	Range	Type	Description
command-directory-name		string	The command or command directory to which the role has an access.
desired-attributes		security-login-role-info optional	Specify the attributes that should be returned. If not present, all attributes for which information is available will be returned. If present, only the desired attributes for which information is available will be returned.
role-name		string	Name of the role.
vserver		string	Name of the Vserver.
Output Name	Range	Type	Description
attributes		security-login-role-info	The attributes of the security login role.

Errno	Description
EOBJECTNOTFOUND
EINTERNALERROR
EROLENOTFOUND
EVSERVERNOTFOUND
ECMDDIRNOTFOUND

Iterate over a list of user role objects.

Input Name	Range	Type	Description
desired-attributes		security-login-role-info optional	Specify the attributes that should be returned. If not present, all attributes for which information is available will be returned. If present, only the desired attributes for which information is available will be returned.
max-records	[1..100]	integer optional	The maximum number of records to return in this call. Default: 20
query		security-login-role-info optional	A query that specifies which objects to return. A query could be specified on any number of attributes in the security login role object. All security login role objects matching this query up to 'max-records' will be returned.
tag		string optional	Specify the tag from the last call. It is usually not specified for the first call. For subsequent calls, copy values from the 'next-tag' obtained from the previous call.
Output Name	Range	Type	Description
attributes-list		security-login-role-info[] optional	The list of attributes of security login role objects.
next-tag		string optional	Tag for the next call. Not present when there are no more security login role objects to return.
num-records	[0..100]	integer	The number of records returned in this call.

Errno	Description
EINTERNALERROR

Modify the attributes of user role object. Omitted (optional) fields will not be changed.

Input Name	Range	Type	Description
access-level		string optional	Access level for the role. Possible values: 'none', 'readonly', 'all'. The default value is 'all'.
command-directory-name		string	The command or command directory to which the role has an access.
role-name		string	Name of the role.
role-query		string optional	A query for the role. The query must apply to the specified command or directory name. Example: The command is 'volume show' and the query is '-volume vol1'. The query is applied to the command resulting in populating only the volumes with name vol1.
vserver		string	Name of the Vserver.

Errno	Description
EOBJECTNOTFOUND
EINTERNALERROR
EVSERVERNOTFOUND
EINVALIDROLENAME
EINVALIDCMDDIRNAME
EINVALIDACCESS
EINVALIDQUERY

Modify the attributes of user role or a group of user role objects.

Input Name	Range	Type	Description
attributes		security-login-role-info	Specify at least one modifiable element. Do not specify any other element.
continue-on-failure		boolean optional	This input element is useful when multiple security login role objects match a given query. If set to true, the API will continue modifying the next matching security login role even when modification of a previous security login role fails. If set to false, the API will return on the first failure. Default: false
max-failure-count	[1..2^32-1]	integer optional	When allowing failures ('continue-on-failure' is set to true), then this input element may be provided to limit the number of failed modify operations before the server gives up and returns. If set, the API will continue modifying the next matching security login role even when the modification of a previous matching security login role fails, and do so until the total number of objects failed to be modified reaches the maximum specified. If set to the maximum or not provided, then there will be no limit on the number of failed modify operations. Only applicable if 'continue-on-failure' is set to true. Default: 2^32-1
max-records	[1..100]	integer optional	The maximum number of objects to be modified in this call. Default: 20
query		security-login-role-info	If modifying a specific security login role, this input element must specify all keys. If modifying security login role objects based on query, this input element must specify a query.
return-failure-list		boolean optional	If set to true, the API will return the list of security login role objects (just keys) that were not modified due to some error. If set to false, the list of security login role objects not modified will not be returned. Default: true
return-success-list		boolean optional	If set to true, the API will return the list of security login role objects (just keys) that were successfully updated. If set to false, the list of security login role objects modified will not be returned. Default: true
tag		string optional	Specify the tag from the last call. It is usually not specified for the first call. For subsequent calls, copy values from the 'next-tag' obtained from the previous call.
Output Name	Range	Type	Description
failure-list		security-login-role-modify-iter-info[] optional	Information about security login role objects that were not modified due to some error. This element will be returned only if input element 'return-failure-list' is true.
next-tag		string optional	Tag for the next call. Not present when there are no more matching security login role objects to be modified.
num-failed	[0..100]	integer optional	Number of security login role objects that matched the query, but were not modified due to some error.
num-succeeded	[0..100]	integer optional	The number of security login role objects that matched the query and were successfully updated.
success-list		security-login-role-modify-iter-info[] optional	The security login role objects that were successfully updated. This element will be returned only if input element 'return-success-list' is true

Errno	Description
EINTERNALERROR

Unlock a user account that uses password as the authentication method. Returns an error if the user account does not use password authentication.

Input Name	Range	Type	Description
user-name		string	Name of the user account to be unlocked.
vserver		string	Name of the Vserver.

Errno	Description
EOBJECTNOTFOUND
EINTERNALERROR
EVSERVERNOTFOUND
EUSERNOTFOUND
EUSERUNLOCKFAILED

User account information When returned as part of the output, all elements of this typedef are reported, unless limited by a set of desired attributes specified by the caller. When used as input to specify desired attributes to return, omitting a given element indicates that it shall not be returned in the output. In contrast, by providing an element (even with no value) the caller ensures that a value for that element will be returned, given that the value can be retrieved. When used as input to specify queries, any element can be omitted in which case the resulting set of objects is not constrained by any specific value of that attribute.

Name	Range	Type	Description
application		string optional	Name of the application. Possible values: 'console', 'http', 'ontapi', 'snmp', 'sp', 'ssh'. Attributes: key, required-for-create, non-modifiable
authentication-method		string optional	Authentication method for the application. Possible values: 'community', 'password', 'publickey', 'domain', 'nsswitch' and 'usm'. Not all authentication methods are valid for an application. Valid authentication methods for each application are: 'password' for 'console' application. 'password', 'domain', 'nsswitch' for 'http' application. 'password', 'domain', 'nsswitch' for 'ontapi' application. 'community' for 'snmp' application (when creating SNMPv1 and SNMPv2 users). 'usm' and 'community' for 'snmp' application (when creating SNMPv3 users). 'password' for 'sp' application. 'password', 'publickey', 'domain', 'nsswitch' for 'ssh' application. Attributes: key, required-for-create, non-modifiable
is-locked		boolean optional	Account Locked Attributes: non-creatable, non-modifiable
role-name		string optional	Name of the role. Attributes: required-for-create, modifiable
user-name		string optional	Name of the user. When creating a SNMPv1 or SNMPv2 user with 'snmp' application and 'community' authentication-method, the user name is the community string. Attributes: key, required-for-create, non-modifiable
vserver		string optional	Name of the Vserver. Attributes: key, non-creatable, non-modifiable

Information about the deletion operation that was attempted/performed against security login account object.

Name	Range	Type	Description
error-code	[0..2^32-1]	integer optional	Error code, if the deletion operation caused an error.
error-message		string optional	Error description, if the operation caused an error.
security-key		security-login-account-info	The keys for the security login account object to which the deletion applies.

Information about the modify operation that was attempted/performed against security login account object.

Name	Range	Type	Description
error-code	[0..2^32-1]	integer optional	Error code, if the modify operation caused an error.
error-message		string optional	Error description, if the modify operation caused an error.
security-key		security-login-account-info	The keys for the security login account object to which the modify operation applies.

User role configuration information. When returned as part of the output, all elements of this typedef are reported, unless limited by a set of desired attributes specified by the caller. When used as input to specify desired attributes to return, omitting a given element indicates that it shall not be returned in the output. In contrast, by providing an element (even with no value) the caller ensures that a value for that element will be returned, given that the value can be retrieved. When used as input to specify queries, any element can be omitted in which case the resulting set of objects is not constrained by any specific value of that attribute.

Name	Range	Type	Description
change-password-duration-in-days	[0..1000]	integer optional	This optionally specifies the number of days that must pass between password changes. The default setting is 0 (zero) meaning the user is not allowed to change the password ever. Attributes: non-creatable, modifiable
last-passwords-disallowed-count	[1..25]	integer optional	This optionally specifies the number of previous passwords that are disallowed for reuse. The default setting is 6. Attributes: non-creatable, modifiable
min-password-size	[3..64]	integer optional	This optionally specifies the minimum length of the password. Possible values range from 3 to 64 characters. The default setting is 8 characters. Attributes: non-creatable, modifiable
min-username-size	[3..16]	integer optional	The minimum length of the user name. Possible values range from 3 to 16 characters. The default setting is 3 characters. Attributes: non-creatable, modifiable
require-password-alpha-numeric		boolean optional	Password Alpha-Numeric for Zapi Attributes: non-creatable, modifiable
require-username-alpha-numeric		boolean optional	Username Alpha-Numeric for Zapi Attributes: non-creatable, modifiable
role-name		string optional	Name of the role. Attributes: key, non-creatable, non-modifiable
vserver		string optional	Name of the Vserver. Attributes: key, non-creatable, non-modifiable

Information about the modify operation that was attempted/performed against security login roleconfig object.

Name	Range	Type	Description
error-code	[0..2^32-1]	integer optional	Error code, if the modify operation caused an error.
error-message		string optional	Error description, if the modify operation caused an error.
security-key		security-login-role-config-info	The keys for the security login roleconfig object to which the modify operation applies.

Information about the deletion operation that was attempted/performed against security login role object.

Name	Range	Type	Description
error-code	[0..2^32-1]	integer optional	Error code, if the deletion operation caused an error.
error-message		string optional	Error description, if the operation caused an error.
security-key		security-login-role-info	The keys for the security login role object to which the deletion applies.

User role information. When returned as part of the output, all elements of this typedef are reported, unless limited by a set of desired attributes specified by the caller. When used as input to specify desired attributes to return, omitting a given element indicates that it shall not be returned in the output. In contrast, by providing an element (even with no value) the caller ensures that a value for that element will be returned, given that the value can be retrieved. When used as input to specify queries, any element can be omitted in which case the resulting set of objects is not constrained by any specific value of that attribute.

Name	Range	Type	Description
access-level		string optional	Access level for the role. Possible values: 'none', 'readonly', 'all'. The default value is 'all'. Attributes: optional-for-create, modifiable
command-directory-name		string optional	The command or command directory to which the role has an access. Attributes: key, required-for-create, non-modifiable
role-name		string optional	Name of the role. Attributes: key, required-for-create, non-modifiable
role-query		string optional	A query for the role. The query must apply to the specified command or directory name. Example: The command is 'volume show' and the query is '-volume vol1'. The query is applied to the command resulting in populating only the volumes with name vol1. Attributes: optional-for-create, modifiable
vserver		string optional	Name of the Vserver. Attributes: key, non-creatable, non-modifiable

Information about the modify operation that was attempted/performed against security login role object.

Name	Range	Type	Description
error-code	[0..2^32-1]	integer optional	Error code, if the modify operation caused an error.
error-message		string optional	Error description, if the modify operation caused an error.
security-key		security-login-role-info	The keys for the security login role object to which the modify operation applies.

SNMPv3 user login information for 'usm' authentication method

Name	Range	Type	Description
authentication-password		string optional	Password for the authentication protocol. This should be minimum 8 characters long. This is required for 'md5' and 'sha' authentication protocols and not required for 'none'. Attributes: optional-for-create, non-modifiable
authentication-protocol		string optional	Authentication protocol for the snmp user. Possible values: 'none', 'md5', 'sha'. The default value is 'none' Attributes: optional-for-create, non-modifiable
engine-id		hex-string optional	Authoritative entity's EngineID for the SNMPv3 user. This is required for creating SNMPv3 users (users for SNMPv3 INFORMs) with 'usm' authentication method only. This should be specified as a hexadecimal string. Engine ID with first bit set to 1 in first octet should have a minimum of 5 or maximum of 32 octets. Engine Id with first bit set to 0 in the first octet should be 12 octets in length. Engine Id cannot have all zeros in its address For e.g. 8000014603000000000000. Attributes: optional-for-create, non-modifiable
privacy-password		string optional	Password for the privacy protocol. This should be minimum 8 characters long. This is required for 'des' privacy protocol and not required for 'none'. Attributes: optional-for-create, non-modifiable
privacy-protocol		string optional	Privacy protocol for the snmp user. Possible values: 'none', 'des'. The default value is 'none'. Attributes: optional-for-create, non-modifiable

The displays the hexadecimal value in string. Integer value 161 will be displayed as a1

[none]

User account information When returned as part of the output, all elements of this typedef are reported, unless limited by a set of desired attributes specified by the caller. When used as input to specify desired attributes to return, omitting a given element indicates that it shall not be returned in the output. In contrast, by providing an element (even with no value) the caller ensures that a value for that element will be returned, given that the value can be retrieved. When used as input to specify queries, any element can be omitted in which case the resulting set of objects is not constrained by any specific value of that attribute.

Name	Range	Type	Description
application		string optional	Name of the application. Possible values: 'console', 'http', 'ontapi', 'snmp', 'sp', 'ssh'. Attributes: key, required-for-create, non-modifiable
authentication-method		string optional	Authentication method for the application. Possible values: 'community', 'password', 'publickey', 'domain', 'nsswitch' and 'usm'. Not all authentication methods are valid for an application. Valid authentication methods for each application are: 'password' for 'console' application. 'password', 'domain', 'nsswitch' for 'http' application. 'password', 'domain', 'nsswitch' for 'ontapi' application. 'community' for 'snmp' application (when creating SNMPv1 and SNMPv2 users). 'usm' and 'community' for 'snmp' application (when creating SNMPv3 users). 'password' for 'sp' application. 'password', 'publickey', 'domain', 'nsswitch' for 'ssh' application. Attributes: key, required-for-create, non-modifiable
is-locked		boolean optional	Account Locked Attributes: non-creatable, non-modifiable
role-name		string optional	Name of the role. Attributes: required-for-create, modifiable
user-name		string optional	Name of the user. When creating a SNMPv1 or SNMPv2 user with 'snmp' application and 'community' authentication-method, the user name is the community string. Attributes: key, required-for-create, non-modifiable
vserver		string optional	Name of the Vserver. Attributes: key, non-creatable, non-modifiable

User role configuration information. When returned as part of the output, all elements of this typedef are reported, unless limited by a set of desired attributes specified by the caller. When used as input to specify desired attributes to return, omitting a given element indicates that it shall not be returned in the output. In contrast, by providing an element (even with no value) the caller ensures that a value for that element will be returned, given that the value can be retrieved. When used as input to specify queries, any element can be omitted in which case the resulting set of objects is not constrained by any specific value of that attribute.

Name	Range	Type	Description
change-password-duration-in-days	[0..1000]	integer optional	This optionally specifies the number of days that must pass between password changes. The default setting is 0 (zero) meaning the user is not allowed to change the password ever. Attributes: non-creatable, modifiable
last-passwords-disallowed-count	[1..25]	integer optional	This optionally specifies the number of previous passwords that are disallowed for reuse. The default setting is 6. Attributes: non-creatable, modifiable
min-password-size	[3..64]	integer optional	This optionally specifies the minimum length of the password. Possible values range from 3 to 64 characters. The default setting is 8 characters. Attributes: non-creatable, modifiable
min-username-size	[3..16]	integer optional	The minimum length of the user name. Possible values range from 3 to 16 characters. The default setting is 3 characters. Attributes: non-creatable, modifiable
require-password-alpha-numeric		boolean optional	Password Alpha-Numeric for Zapi Attributes: non-creatable, modifiable
require-username-alpha-numeric		boolean optional	Username Alpha-Numeric for Zapi Attributes: non-creatable, modifiable
role-name		string optional	Name of the role. Attributes: key, non-creatable, non-modifiable
vserver		string optional	Name of the Vserver. Attributes: key, non-creatable, non-modifiable

User role information. When returned as part of the output, all elements of this typedef are reported, unless limited by a set of desired attributes specified by the caller. When used as input to specify desired attributes to return, omitting a given element indicates that it shall not be returned in the output. In contrast, by providing an element (even with no value) the caller ensures that a value for that element will be returned, given that the value can be retrieved. When used as input to specify queries, any element can be omitted in which case the resulting set of objects is not constrained by any specific value of that attribute.

Name	Range	Type	Description
access-level		string optional	Access level for the role. Possible values: 'none', 'readonly', 'all'. The default value is 'all'. Attributes: optional-for-create, modifiable
command-directory-name		string optional	The command or command directory to which the role has an access. Attributes: key, required-for-create, non-modifiable
role-name		string optional	Name of the role. Attributes: key, required-for-create, non-modifiable
role-query		string optional	A query for the role. The query must apply to the specified command or directory name. Example: The command is 'volume show' and the query is '-volume vol1'. The query is applied to the command resulting in populating only the volumes with name vol1. Attributes: optional-for-create, modifiable
vserver		string optional	Name of the Vserver. Attributes: key, non-creatable, non-modifiable