Class aaa:User (CONCRETE)

Class ID:1496
Class Label: Local User
Encrypted: true - Exportable: true - Persistent: true - Configurable: true - Subject to Quota: Disabled
Write Access: [aaa, admin]
Read Access: [aaa, admin]
Creatable/Deletable: yes (see Container Mos for details)
Semantic Scope: Fabric
Semantic Scope Evaluation Rule: Parent
Monitoring Policy Source: Parent
Monitoring Flags : [ IsObservable: true, HasStats: false, HasFaults: true, HasHealth: true, HasEventRules: true ]

RN FORMAT: user-{name}

    [1] PREFIX=user- PROPERTY = name




DN FORMAT: 

[1] uni/userext/user-{name}

                

Diagram

Super Mo: aaa:SystemUser, Container Mos: aaa:UserEp (deletable:yes), Contained Mos: aaa:SshAuth, aaa:UserCert, aaa:UserData, aaa:UserDomain,

Containers Hierarchies

top:Root  This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.  ├ fabric:Topology The root for IFC topology.    ├ fabric:Pod A pod.      ├ fabric:Node The root node for the APIC.        ├ ctx:Local The local Context.          ├ ctx:Application The context application.            ├ pol:Uni Represents policy definition/resolution universe.              ├ aaa:UserEp A user endpoint is a local user. A user is assigned a role determines the user's privileges, and belongs to a security domain, which determines the user's scope of control                ├ aaa:User A locally-authenticated user account. top:Root  This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.  ├ pol:Uni Represents policy definition/resolution universe.    ├ aaa:UserEp A user endpoint is a local user. A user is assigned a role determines the user's privileges, and belongs to a security domain, which determines the user's scope of control      ├ aaa:User A locally-authenticated user account.

Contained Hierarchy

aaa:User A locally-authenticated user account.  ├ aaa:SshAuth A user's public key in PEM format used for certificate-based login.    ├ fault:Delegate Exposes internal faults to the user. A fault delegate object can be defined on IFC (for example, for an endpoint group) and when the fault is raised (for example, under an endpoint policy on a switch), a fault delegate object is created on IFC under the specified object. A fault delegate object follows the lifecycle of the original fault instance object, being created, modified, or deleted based on the changes of the original fault.  ├ aaa:UserCert An AAA user certificate in X.509 format. This certificate is the RSA public key used for certificate-based REST API calls.    ├ fault:Delegate Exposes internal faults to the user. A fault delegate object can be defined on IFC (for example, for an endpoint group) and when the fault is raised (for example, under an endpoint policy on a switch), a fault delegate object is created on IFC under the specified object. A fault delegate object follows the lifecycle of the original fault instance object, being created, modified, or deleted based on the changes of the original fault.  ├ aaa:UserData This object is managed internally and should not be modified by the user.    ├ fault:Delegate Exposes internal faults to the user. A fault delegate object can be defined on IFC (for example, for an endpoint group) and when the fault is raised (for example, under an endpoint policy on a switch), a fault delegate object is created on IFC under the specified object. A fault delegate object follows the lifecycle of the original fault instance object, being created, modified, or deleted based on the changes of the original fault.  ├ aaa:UserDomain The AAA domain to which the user belongs.    ├ aaa:UserRole The privilege bitmask of a user domain.      ├ fault:Delegate Exposes internal faults to the user. A fault delegate object can be defined on IFC (for example, for an endpoint group) and when the fault is raised (for example, under an endpoint policy on a switch), a fault delegate object is created on IFC under the specified object. A fault delegate object follows the lifecycle of the original fault instance object, being created, modified, or deleted based on the changes of the original fault.    ├ fault:Delegate Exposes internal faults to the user. A fault delegate object can be defined on IFC (for example, for an endpoint group) and when the fault is raised (for example, under an endpoint policy on a switch), a fault delegate object is created on IFC under the specified object. A fault delegate object follows the lifecycle of the original fault instance object, being created, modified, or deleted based on the changes of the original fault.  ├ fault:Counts An immutable object that provides the number of critical, major, minor, and warning faults raised on its parent object and its subtree.  ├ fault:Delegate Exposes internal faults to the user. A fault delegate object can be defined on IFC (for example, for an endpoint group) and when the fault is raised (for example, under an endpoint policy on a switch), a fault delegate object is created on IFC under the specified object. A fault delegate object follows the lifecycle of the original fault instance object, being created, modified, or deleted based on the changes of the original fault.  ├ fault:Inst Contains detailed information of a fault. This object is attached as a child of the object on which the fault condition occurred. One instance object is created for each fault condition of the parent object. A fault instance object is identified by a fault code.  ├ health:Inst A base class for a health score instance.(Switch only)

Inheritance

naming:NamedObject An abstract base class for an object that contains a name.  ├ pol:Obj Represents a generic policy object.    ├ pol:Def Represents self-contained policy document.      ├ aaa:Definition The AAA policy definition. This is an abstract class and cannot be instantiated.        ├ aaa:SystemUser The base class for a system user. This is an abstract class and cannot be instantiated.          ├ aaa:User A locally-authenticated user account.

                aaa:User:aaa_User_AdminPasswdReset

                aaa:User:creation__aaa_User

                aaa:User:modification__aaa_User

                aaa:User:deletion__aaa_User

                

accountStatus

Type: aaa:AccountStatus
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:

The status of the locally-authenticated user account.

childAction

Type: mo:ModificationChildAction
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelChildAction

Delete or ignore. For internal use only.

clearPwdHistory

Type: aaa:Clear
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:

Allows the administrator to clear the password history of a locally-authenticated user.

descr

Type: naming:Descr
Primitive Type: string:Basic

Like: naming:Described:descr
Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "128"
        Allowed Chars:
            Regex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]+

Specifies a description of the policy definition.

dn

Type: reference:BinRef

Units: null
Encrypted: false
Access: implicit
Category: TopLevelDn

A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.

email

Type: aaa:Email
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Regex: ˆ$|ˆ(?!.{64,})[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+$

The email address of the locally-authenticated user.

expiration

Type: aaa:Date
Primitive Type: scalar:Date

Units: UTC Time
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:

The expiration date of the locally-authenticated user account. The expires property must be enabled to activate an expiration date.

expires

Type: aaa:Boolean
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:

A property to enable an expiration date for the locally-authenticated user account.

firstName

Type: naming:Name
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "32"

The first name of the locally-authenticated user.

lastName

Type: naming:Name
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "32"

The last name of the locally-authenticated user.

lcOwn

Type: mo:Owner
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular

A value that indicates how this object was created. For internal use only.

modTs

Type: mo:TStamp
Primitive Type: scalar:Date

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular

The time when this object was last modified.

monPolDn

Type: reference:BinRef

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular

The monitoring policy attached to this observable object.

name

Type: naming:Name
Primitive Type: string:Basic

Overrides:aaa:Definition:name  |  pol:Obj:name  |  naming:NamedObject:name

Units: null
Encrypted: false
Naming Property -- [NAMING RULES]
Access: naming
Category: TopLevelRegular
Property Validators:
    Regex: [a-zA-Z][a-zA-Z0-9_.-]{0,31}

The name of the locally-authenticated user.

nameAlias

Type: naming:NameAlias
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "63"
        Allowed Chars:
            Regex: [a-zA-Z0-9_.-]+

NO COMMENTS

ownerKey

Type: naming:Descr
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "128"
        Allowed Chars:
            Regex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]+

The key for enabling clients to own their data for entity correlation.

ownerTag

Type: naming:Descr
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "64"
        Allowed Chars:
            Regex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]+

A tag for enabling clients to add their own data. For example, to indicate who created this object.

phone

Type: aaa:Phone
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "16"

The phone number of the locally-authenticated user.

pwd

Type: aaa:Passwd
Primitive Type: string:Password

Units: null
Encrypted: true
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "256"
        Allowed Chars:
            Regex: .*

The system user password.

pwdLifeTime

Type: aaa:PwdLifeTime
Primitive Type: scalar:Uint16

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: 0  max: 3650

The lifetime of the locally-authenticated user password.

rn

Type: reference:BinRN

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRn

Identifies an object from its siblings within the context of its parent object. The distinguished name contains a sequence of relative names.

status

Type: mo:ModificationStatus
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelStatus

The upgrade status. This property is for internal use only.

uid

Type: scalar:Uint16

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular

A unique identifier for this object.

unixUserId

Type: aaa:UnixUID
Primitive Type: scalar:Uint16

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: 99  max: 15999

The UNIX identifier of the locally-authenticated user.