apusermgmt command

You can add, delete, modify, and list platform users by running the apusermgmt command.

Optional parameters

-h|--help: Displays help for the command. Can be used with the subcommands as well.

Subcommands

apusermgmt add-user username [-g Admin|User] [-n namespace] [-p password] [-d displayname] [-e email]

Creates a new user.

Parameters specific to the command are as follows:

username: Specifies username. The value must be unique. Do not use upper case letters.
-g|--globalrole Admin|User: Optional. If set to Admin, the user is automatically added to all namespaces. The default is Admin.
-n|--namespace namespace: Optional. A namespace or a list of namespaces. The user can be added to a namespace or list of namespaces upon creation as well. If a list is specified, it should be comma separated with no spaces, and all namespaces should be valid. Otherwise, an error will be returned.
-p|--password password: Optional. If not set, the default password is passw0rd.
Note: Only the following special characters are allowed in passwords: !@#$%^&*(),.<>[]-=+?
-d|--displayname displayname: Specifies the display name of the user.
-e|--email email: Specifies the email of the user.

apusermgmt delete-user username

Deletes a user.

username: Specifies a username of the user to be deleted.

apusermgmt modify-user username [-g Admin|User] [-n namespace] [-r remove_namespace] [-p newpassword] [-d displayname]

Modifies a user.

Parameters specific to the command are as follows:

username: Required username of the user.
-g|--globalrole Admin|User: Optional. Set the role for the user.
-n|--namespace namespace: A namespace or list of namespaces to add. The user can be added to a namespace or list of namespaces upon creation as well. If a list is specified, it should be comma separated with no spaces, and all namespaces should be valid. Otherwise, an error will be returned.
-r|--remove-namespace remove_namespace: Removes a namespace for the user. Only one namespace can be specified.
-p|--newpassword newpassword: Set a new password.
Note: Only the following special characters are allowed in passwords: !@#$%^&*(),.<>[]-=+?
-d|--displayname displayname: Change the display name of the user.

apusermgmt list-user [--attribute-list attribute_list] [-n namespace] [-d]

Lists all platform users.

--attribute-list attribute_list: Optional. Specifies a comma separated list of attributes to display. You can input username, role, email, namespace, displayName, uid.
-n|--namespace namespace: Optional. Namespace name. When used, the command lists only those users that are part of the specified namespace.
-d|--detail: Optional. Get detail information of the user.

apusermgmt info-user username

Displays information for one user.

Parameters specific to the command are as follows:

username: Specifies a username of the user.

apusermgmt add-pwpolicy -g {Admin | User} [--minlife pwd_min_lifetime] [--history pwd_in_history] [--minclasses pwd_min_classes] [--minlength pwd_min_length] [--lockouttime pwd_lock_out_duration] [--maxfail pwd_max_failure] [--maxlife pwd_max_lifetime] [--failinterval pwd_failure_count_interval]

Adds password policies. For more information, see Adding group password policies.

apusermgmt modify-pwpolicy -g {Admin | User} [--minlife pwd_min_lifetime] [--history pwd_in_history] [--minclasses pwd_min_classes] [--minlength pwd_min_length] [--lockouttime pwd_lock_out_duration] [--maxfail pwd_max_failure] [--maxlife pwd_max_lifetime] [--failinterval pwd_failure_count_interval]

Modifies existing password policies. For more information, see Modifying password policies.

Parameters specific to the apusermgmt add-pwpolicy and apusermgmt modify-pwpolicy commands are as follows:

-- minlife pwd_min_lifetime

Minimum password lifetime.

Sets the minimum period of time that a password can be used before it must be changed. The value is provided in hours. The default is 1 hour. This option might prevent a user from changing a password and immediately changing it back to the original value.

--maxlife pwd_max_lifetime

Maximum password lifetime.

Sets the maximum period of time that a password can be used before it must be changed. The number is provided in days. The default value is 90 days.

--minclasses pwd_min_classes

Minimum number of character classes.

Sets the minimum number of different character classes, types that must be included in a password for it to be approved. The default value is 0, which means there are no classes required. For example, setting this value to 3 means that any password must have characters from at least three categories.

Character classes:

upper case characters
lower-case characters
digits
special characters (e.g. punctuation)

Note: Three consecutive repeats of any character decrement the char class count by 1. For example, if --minclasses is 2, aaa12345 is evaluated as a one class password and won't be allowed but aab12345 will be accepted.

--minlength pwd_min_length

Minimum length of a password.

Sets the minimum number of character for a password. The default value is eight characters.

--history pwd_in_history

Password history.

Sets the number of previous passwords that are stored and which a user is prevented from using. The default value is 0, which disables password history. Even with the password history set to 0, users cannot reuse a current password. If the value is set to 10, a user cannot reuse any of their previous ten passwords.

--maxfail pwd_max_failure

Maximum consecutive failures.

Specifies the maximum number of consecutive incorrect password inputs before the account is locked out. The default is 6.

--failinterval pwd_failure_count_interval

Fail interval.

Specifies the period after which the failure count is reset. The value is provided in seconds. The default is 60 seconds.

Example: With a --maxfail of 3, if you make two incorrect attempts, and then wait for --failinterval to elapse, the third attempt is risk-free, because the password-attempt count was set back to 0.

--lockouttime pwd_lock_out_duration

Lockout time.

Determines the period for which a lockout is enforced. The value is provided in seconds. The default is 600 seconds.

apusermgmt list-pwpolicy [-g Admin|User] [-u username]

Lists current password policy settings.

-g|--globalrole Admin|User: Specifies what password policy to list, either the admin or user policy.
-u username: Specifies the password policy for the selected user.; For more information, see Listing password policies.

apusermgmt set-default-pwpolicy -g {Admin|User}

Resets password policy to the system default value.

-g | --globalrole {Admin | User}: Required.
Specifies the global role to reset the group-level password policy. You can choose between Admin and User global roles.; For more information, see Setting default password policies.

apusermgmt reset-pwpolicy -g {Admin|User}

Resets password policy to the system initial value.

-g | --globalrole {Admin | User}: Required.
Specifies the global role to reset the group-level password policy. You can choose between Admin and User global roles.; For more information, see Resetting password policies.