list -user (list users)
Purpose
Use this command to list users with additional data depending on the specified parameters and options. The output is displayed as a series of response messages. In an output message, a hyphen (-) that is displayed in place of a value indicates that there is no data of that type for that user.
You can list all users that have at least one role or role group assigned to them in the specified OU. If you have a role with the CT DniSecAdm.xou and the access rights to list users assigned to you for SYSOU, you can list all users in SYSOU and all DniUAs in other OUs.
| Required access rights: | CT: DniSecAdm.list
CO: DniSecAdm.list attr: user |
| Predefined roles that provide required access rights: | DniUA |
| Issue for OU: | any OU |
| Issue to service: | DNI_SECADM |
Format
Parameters
- -user userID
- User IDs. This parameter can contain wildcard characters (% or _).
- -mu ID
- User IDs of the modifying or committing users. This parameter can contain wildcard characters (% or _).
- -au ID
- User IDs of the approving users. This parameter can contain wildcard characters (% or _).
- -ru ID
- User IDs of the rejecting users. This parameter can contain wildcard characters (% or _).
- -rvu ID
- User IDs of the revoking users. This parameter can contain wildcard characters (% or _).
- -rcu ID
- User IDs of the reactivating users. This parameter can contain wildcard characters (% or _).
- -rau ID
- User IDs of the users who rejected authorizations. This parameter can contain wildcard characters (% or _).
- -atu ID
- User IDs of the users who did reauthorizations. This parameter can contain wildcard characters (% or _).
- -qo
- Additional query options. You can specify any combination of the
following values in any order:
- A
- All approved users. This is the default.
- M
- All modified users.
- O
- All committed users.
- R
- All rejected users.
- H
- All revoked users.
- J
- All reactivated users.
- T
- All users rejected for authorization.
- K
- All authorized users.
- -lo
- List options. These options specify which information is displayed
in the response message, and the order in which it is displayed. You
can specify a string of the following characters in any order:
- N
- User IDs. This is the default.
- B
- Role and OU that are assigned directly, that is, not by means of a role group. This option and option C are mutually exclusive.
- C
- Role group and OU. This option and option B are mutually exclusive.
- M
- User IDs of modifying or committing users.
- A
- User IDs of approving users.
- R
- User IDs of rejecting users.
- F
- Comments, if rejected.
- H
- User IDs of revoking users.
- I
- Comments, if revoked.
- J
- User IDs of reactivating users.
- T
- User IDs of the users who rejected authorisations.
- Q
- Comments, if rejected for authorization.
- K
- User IDs of authorizing users.
- Y
- Configuration life-cycle state of the user:
- IP
- In process.
- CO
- Committed.
- AP
- Approved.
- DP
- Deployed.
- U
- Authorization life-cycle state of the user:
- AU
- Authorized.
- RV
- Revoked.
- RA
- Reactivated.
- W
- State of a role or role group for a particular OU:
- C
- Added.
- D
- Removed.
Note: Some of the parameters are mutually exclusive.
For a list of valid combinations, see List command filter criteria.
Examples
The following command lists all
approved users (sorted by user ID) and the roles that are assigned
to them:
INST1.BANKA.DNI_SECADM>list -user % -lo NBDNIU7051I SA1 (DniSA - BANKA)
DNIU7051I SA2 (DniSA - BANKA)
DNIU7051I JSMITH (DniSA - BANKA)
DNIU7051I JSMITH (DniUA - BANKA)
DNIU7051I UA2 (DniUA - BANKA)