erAccountItem

Edit online

The erAccountItem class is an auxiliary class that defines required attributes for a user account. The parent class is top.

Table 1. `erAccountItem` table
Attribute name	Description	Type
`erUid`	Account login ID.	directory string
`Owner`	DN of the account owner.	distinguished name
`erAccountStatus`	Account status.	integer
`erAccountCategory`	Account category.	directory string
`erAccountCompliance`	Compliancy of the account. Possible values are: `Uncheck account (0)` `Compliant account (1)` `Unauthorized account (2)` `Constraints violated account (3)`	integer
`erPassword`	Account login password.	binary
`erPswdLastChanged`	Date and time that the password was last changed.	generalized time
`erHistoricalPassword`	Previous account login password.	binary
`erService`	DN of the account service.	distinguished name
`erLastAccessDate`	Last login date.	generalized time
`erPasswordLastChangedBy⁴`	The DN of the person which last changed the password.	distinguished name
`erCreateDate`	Timestamp of when the object is created. The timestamp is in Greenwich Mean Time (GMT) format.	directory string
`erLastAction`	The last action performed on the entity.	directory string
`erLastStatusChangeDate`	Timestamp of when the status is updated. The timestamp is in GMT format.	directory string
`erLastOperation`	Available for custom use for lifecycle event.	directory string
`erLastCertifiedDate¹`	Timestamp of when the object was last certified.	directory string
`erLastRecertificationAction²`	The last recertification action applied to the account. Valid values are: `Certified (CERTIFIED)` `Administrator override certified (CERTIFIED_ADMIN)` `Rejected and marked (REJECTED_MARK)` `Rejected and suspended (REJECTED_SUSPEND)`	directory string
`erLastRecertificationActionDate³`	Timestamp of the last recertification action applied to the account.	directory string
`erAccessLastCertifiedDate²`	Timestamp of when the access was last certified. A multivalued attribute that contains “;;” delimited strings. The first part of each string is the DN of the group definition associated with the access. The second part is the timestamp of when the access was last certified.	directory string
`erAccessRecertificationLastAction²`	The last recertification action applied to a group or access. A multivalued attribute that contains “;;” delimited strings. The first part of each string is the DN of the group definition. The second part is the last action taken on the group or access. Valid values are: `Certified (CERTIFIED)` `Administrator override certified (CERTIFIED_ADMIN)` `Rejected and marked (REJECTED_MARK)`	directory string
`erAccessRecertificationLastActionDate³`	Timestamp of the last recertification action applied to a group or access. A multivalued attribute that contains “;;” delimited strings. The first part of each string is the DN of the group definition. The second part is the timestamp of the last action.	directory string
`erObjectType²`	The value represents the type of the account. Predefined values are: `0 – user account` `1 – system account`	integer
`erObjectProfileName`	Name of the ownership type.	directory string
`erAccountOwnershipType⁴`	The account ownership type. If the value is not specified, it is interpreted as Individual account.	directory string
`erURI⁴`	The universal resource identifier.	directory string
`erCVCatalog⁴`	The DN of the credential if the account is added to the credential vault.	distinguished name

¹ Indicates the attribute is added in release 4.6 Express.

² Indicates the class is added in release 5.0.

³ Indicates the class is added in release 5.1.

⁴ Indicates the attribute is added in IBM Verify Identity Governance 6.0.