Password Rule object
A Password Rule object is an element of the console object and represents a rule which a console user(s) must follow when creating a console logon password. Each console user using local authentication is assigned a password rule. There are certain system-defined password rules available for use.
Through user-related-access permission described in User-related-access permission, API users are permitted to see certain Password Rule objects in a List Password Rules response and issue Get Password Rule Properties for those Password Rule objects. An API user with action/task permission to the Manage Password Rules task is permitted to view any Password Rule object and change any user-defined Password Rule object.
System-defined password rules
Unlike user-defined password rules, the system-defined password rules may not be modified. While system-defined password rules can be deleted and their name reused for a user-defined password rule, that practice is discouraged due to the likely confusion such a situation would cause. The names of the typical system-defined password rules include:
- Basic
- Standard
- Strict
Password rule parts
Password rule parts are optional requirements to be applied to individual parts of a password. These requirements are applied, in order, to the password, from left to right. Each of these requirements must be met by some part of the password in order for the password to meet all of the requirements of the Password Rule.
For example, to require a password to
consist of 1-3 letters followed by a 4 or 5 digit number, two rule
parts are defined. The first rule part requires from 1 to 3 characters,
each of which must be alphabetic; the second rule part requires from
4 to 5 characters, each of which must be numeric. Passwords such as pa1600
and Hey90210
meet
the requirements of both of those rule parts.