Class aaa:User (CONCRETE)

Class ID:1496
Class Label: Local User
Encrypted: true - Exportable: true - Persistent: true - Configurable: true - Subject to Quota: Disabled - Abstraction Layer: Ambiguous Placement in the Model - APIC NX Processing: Disabled
Write Access: [aaa, admin]
Read Access: [aaa, admin]
Creatable/Deletable: yes (see Container Mos for details)
Semantic Scope: Fabric
Semantic Scope Evaluation Rule: Parent
Monitoring Policy Source: Parent
Monitoring Flags : [ IsObservable: true, HasStats: false, HasFaults: true, HasHealth: true, HasEventRules: true ]

A locally-authenticated user account.

Naming Rules
RN FORMAT: user-{name}

    [1] PREFIX=user- PROPERTY = name




DN FORMAT: 

[1] uni/userext/user-{name}

                


Diagram

Super Mo: aaa:SystemUser,
Container Mos: aaa:UserEp (deletable:yes),
Contained Mos: aaa:RbacAnnotation, aaa:SshAuth, aaa:UserCert, aaa:UserData, aaa:UserDomain, tag:Annotation, tag:Tag,


Containers Hierarchies
[V] top:Root  This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.
 ├
[V] fabric:Topology The root for IFC topology.
 
 ├
[V] fabric:Pod A pod.
 
 
 ├
[V] fabric:Node The root node for the APIC.
 
 
 
 ├
[V] ctx:Local The local Context.
 
 
 
 
 ├
[V] ctx:Application The context application.
 
 
 
 
 
 ├
[V] pol:Uni Represents policy definition/resolution universe.
 
 
 
 
 
 
 ├
[V] aaa:UserEp A user endpoint is a local user. A user is assigned a role determines the user's privileges, and belongs to a security domain, which determines the user's scope of control
 
 
 
 
 
 
 
 ├
[V] aaa:User A locally-authenticated user account.
[V] top:Root  This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.
 ├
[V] pol:Uni Represents policy definition/resolution universe.
 
 ├
[V] aaa:UserEp A user endpoint is a local user. A user is assigned a role determines the user's privileges, and belongs to a security domain, which determines the user's scope of control
 
 
 ├
[V] aaa:User A locally-authenticated user account.


Contained Hierarchy
[V] aaa:User A locally-authenticated user account.
 ├
[V] aaa:RbacAnnotation  RbacAnnotation is used for capturing rbac properties of any apic object Objects can append rbacannotations as Object->RbacAnnotation which is then checked for domain eligibility
 ├
[V] aaa:SshAuth A user's public key in PEM format used for certificate-based login.
 
 ├
[V] aaa:RbacAnnotation  RbacAnnotation is used for capturing rbac properties of any apic object Objects can append rbacannotations as Object->RbacAnnotation which is then checked for domain eligibility
 
 ├
[V] fault:Delegate Exposes internal faults to the user. A fault delegate object can be defined on IFC (for example, for an endpoint group) and when the fault is raised (for example, under an endpoint policy on a switch), a fault delegate object is created on IFC under the specified object. A fault delegate object follows the lifecycle of the original fault instance object, being created, modified, or deleted based on the changes of the original fault.
 
 ├
[V] tag:Annotation 
 
 ├
[V] tag:Tag 
 ├
[V] aaa:UserCert An AAA user certificate in X.509 format. This certificate is the RSA public key used for certificate-based REST API calls.
 
 ├
[V] aaa:RbacAnnotation  RbacAnnotation is used for capturing rbac properties of any apic object Objects can append rbacannotations as Object->RbacAnnotation which is then checked for domain eligibility
 
 ├
[V] fault:Counts An immutable object that provides the number of critical, major, minor, and warning faults raised on its parent object and its subtree.
 
 ├
[V] fault:Delegate Exposes internal faults to the user. A fault delegate object can be defined on IFC (for example, for an endpoint group) and when the fault is raised (for example, under an endpoint policy on a switch), a fault delegate object is created on IFC under the specified object. A fault delegate object follows the lifecycle of the original fault instance object, being created, modified, or deleted based on the changes of the original fault.
 
 ├
[V] fault:Inst Contains detailed information of a fault. This object is attached as a child of the object on which the fault condition occurred. One instance object is created for each fault condition of the parent object. A fault instance object is identified by a fault code.
 
 
 ├
[V] aaa:RbacAnnotation  RbacAnnotation is used for capturing rbac properties of any apic object Objects can append rbacannotations as Object->RbacAnnotation which is then checked for domain eligibility
 
 
 ├
[V] tag:Annotation 
 
 
 ├
[V] tag:Tag 
 
 ├
[V] health:Inst A base class for a health score instance.(Switch only)
 
 ├
[V] tag:Annotation 
 
 ├
[V] tag:Tag 
 ├
[V] aaa:UserData This object is managed internally and should not be modified by the user.
 
 ├
[V] aaa:RbacAnnotation  RbacAnnotation is used for capturing rbac properties of any apic object Objects can append rbacannotations as Object->RbacAnnotation which is then checked for domain eligibility
 
 ├
[V] fault:Delegate Exposes internal faults to the user. A fault delegate object can be defined on IFC (for example, for an endpoint group) and when the fault is raised (for example, under an endpoint policy on a switch), a fault delegate object is created on IFC under the specified object. A fault delegate object follows the lifecycle of the original fault instance object, being created, modified, or deleted based on the changes of the original fault.
 
 ├
[V] tag:Annotation 
 
 ├
[V] tag:Tag 
 ├
[V] aaa:UserDomain The AAA domain to which the user belongs.
 
 ├
[V] aaa:RbacAnnotation  RbacAnnotation is used for capturing rbac properties of any apic object Objects can append rbacannotations as Object->RbacAnnotation which is then checked for domain eligibility
 
 ├
[V] aaa:UserRole The privilege bitmask of a user domain.
 
 
 ├
[V] aaa:RbacAnnotation  RbacAnnotation is used for capturing rbac properties of any apic object Objects can append rbacannotations as Object->RbacAnnotation which is then checked for domain eligibility
 
 
 ├
[V] fault:Delegate Exposes internal faults to the user. A fault delegate object can be defined on IFC (for example, for an endpoint group) and when the fault is raised (for example, under an endpoint policy on a switch), a fault delegate object is created on IFC under the specified object. A fault delegate object follows the lifecycle of the original fault instance object, being created, modified, or deleted based on the changes of the original fault.
 
 
 ├
[V] tag:Annotation 
 
 
 ├
[V] tag:Tag 
 
 ├
[V] fault:Delegate Exposes internal faults to the user. A fault delegate object can be defined on IFC (for example, for an endpoint group) and when the fault is raised (for example, under an endpoint policy on a switch), a fault delegate object is created on IFC under the specified object. A fault delegate object follows the lifecycle of the original fault instance object, being created, modified, or deleted based on the changes of the original fault.
 
 ├
[V] tag:Annotation 
 
 ├
[V] tag:Tag 
 ├
[V] fault:Counts An immutable object that provides the number of critical, major, minor, and warning faults raised on its parent object and its subtree.
 ├
[V] fault:Delegate Exposes internal faults to the user. A fault delegate object can be defined on IFC (for example, for an endpoint group) and when the fault is raised (for example, under an endpoint policy on a switch), a fault delegate object is created on IFC under the specified object. A fault delegate object follows the lifecycle of the original fault instance object, being created, modified, or deleted based on the changes of the original fault.
 ├
[V] fault:Inst Contains detailed information of a fault. This object is attached as a child of the object on which the fault condition occurred. One instance object is created for each fault condition of the parent object. A fault instance object is identified by a fault code.
 
 ├
[V] aaa:RbacAnnotation  RbacAnnotation is used for capturing rbac properties of any apic object Objects can append rbacannotations as Object->RbacAnnotation which is then checked for domain eligibility
 
 ├
[V] tag:Annotation 
 
 ├
[V] tag:Tag 
 ├
[V] health:Inst A base class for a health score instance.(Switch only)
 ├
[V] tag:Annotation 
 ├
[V] tag:Tag 


Inheritance
[V] naming:NamedObject An abstract base class for an object that contains a name.
 ├
[V] pol:Obj Represents a generic policy object.
 
 ├
[V] pol:Def Represents self-contained policy document.
 
 
 ├
[V] aaa:Definition The AAA policy definition. This is an abstract class and cannot be instantiated.
 
 
 
 ├
[V] aaa:SystemUser The base class for a system user. This is an abstract class and cannot be instantiated.
 
 
 
 
 ├
[V] aaa:User A locally-authenticated user account.


Events
                aaa:User:aaa_User_AdminPasswdReset
aaa:User:creation__aaa_User
aaa:User:modification__aaa_User
aaa:User:deletion__aaa_User


Faults
                


Fsms
                


Properties Summary
Defined in: aaa:User
aaa:AccountStatus
          scalar:Enum8
accountStatus  (aaa:User:accountStatus)
           The status of the locally-authenticated user account.
mo:Annotation
          string:Basic
annotation  (aaa:User:annotation)
           NO COMMENTS
aaa:CertAttr
          string:Basic
certAttribute  (aaa:User:certAttribute)
           NO COMMENTS
aaa:Clear
          scalar:Enum8
clearPwdHistory  (aaa:User:clearPwdHistory)
           Allows the administrator to clear the password history of a locally-authenticated user.
aaa:Email
          string:Basic
email  (aaa:User:email)
           The email address of the locally-authenticated user.
aaa:Date
          scalar:Date
expiration  (aaa:User:expiration)
           The expiration date of the locally-authenticated user account. The expires property must be enabled to activate an expiration date.
aaa:Boolean
          scalar:Enum8
expires  (aaa:User:expires)
           A property to enable an expiration date for the locally-authenticated user account.
mo:ExtMngdByType
          scalar:Bitmask32
extMngdBy  (aaa:User:extMngdBy)
           NO COMMENTS
naming:Name
          string:Basic
firstName  (aaa:User:firstName)
           The first name of the locally-authenticated user.
naming:Name
          string:Basic
lastName  (aaa:User:lastName)
           The last name of the locally-authenticated user.
reference:BinRef monPolDn  (aaa:User:monPolDn)
           The monitoring policy attached to this observable object.
naming:Name
          string:Basic
name  (aaa:User:name)
           Overrides:aaa:Definition:name | pol:Obj:name | naming:NamedObject:name
           The name of the locally-authenticated user.
aaa:OtpBoolean
          scalar:Enum8
otpenable  (aaa:User:otpenable)
           NO COMMENTS
aaa:OtpEnfBoolean
          scalar:Enum8
otpenf  (aaa:User:otpenf)
           NO COMMENTS
aaa:OtpKey
          string:Basic
otpkey  (aaa:User:otpkey)
           NO COMMENTS
aaa:Phone
          string:Basic
phone  (aaa:User:phone)
           The phone number of the locally-authenticated user.
aaa:Passwd
          string:Password
pwd  (aaa:User:pwd)
           The system user password.
aaa:PwdLifeTime
          scalar:Uint16
pwdLifeTime  (aaa:User:pwdLifeTime)
           The lifetime of the locally-authenticated user password.
aaa:Boolean
          scalar:Enum8
pwdUpdateRequired  (aaa:User:pwdUpdateRequired)
           A boolean value indicating whether this account needs password update
aaa:RbacString
          string:Basic
rbacString  (aaa:User:rbacString)
           NO COMMENTS
aaa:UnixUID
          scalar:Uint16
unixUserId  (aaa:User:unixUserId)
           The UNIX identifier of the locally-authenticated user.
Defined in: pol:Def
naming:Descr
          string:Basic
descr  (pol:Def:descr)
           Specifies a description of the policy definition.
naming:Descr
          string:Basic
ownerKey  (pol:Def:ownerKey)
           The key for enabling clients to own their data for entity correlation.
naming:Descr
          string:Basic
ownerTag  (pol:Def:ownerTag)
           A tag for enabling clients to add their own data. For example, to indicate who created this object.
Defined in: naming:NamedObject
naming:NameAlias
          string:Basic
nameAlias  (naming:NamedObject:nameAlias)
           NO COMMENTS
Defined in: mo:Ownable
scalar:Uint16 uid  (mo:Ownable:uid)
           A unique identifier for this object.
Defined in: mo:Resolvable
mo:Owner
          scalar:Enum8
lcOwn  (mo:Resolvable:lcOwn)
           A value that indicates how this object was created. For internal use only.
Defined in: mo:Modifiable
mo:TStamp
          scalar:Date
modTs  (mo:Modifiable:modTs)
           The time when this object was last modified.
Defined in: mo:TopProps
mo:ModificationChildAction
          scalar:Bitmask32
childAction  (mo:TopProps:childAction)
           Delete or ignore. For internal use only.
reference:BinRef dn  (mo:TopProps:dn)
           A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.
reference:BinRN rn  (mo:TopProps:rn)
           Identifies an object from its siblings within the context of its parent object. The distinguished name contains a sequence of relative names.
mo:ModificationStatus
          scalar:Bitmask32
status  (mo:TopProps:status)
           The upgrade status. This property is for internal use only.
Properties Detail

accountStatus

Type: aaa:AccountStatus
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Comments:
The status of the locally-authenticated user account.
Constants
active 0 Active NO COMMENTS
inactive 1 Inactive NO COMMENTS
DEFAULT active(0) Active NO COMMENTS





annotation

Type: mo:Annotation
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "128"
        Allowed Chars:
            Regex: [a-zA-Z0-9_.:-]+
    Comments:
NO COMMENTS



certAttribute

Type: aaa:CertAttr
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "128"
    Comments:
NO COMMENTS



childAction

Type: mo:ModificationChildAction
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelChildAction
    Comments:
Delete or ignore. For internal use only.
Constants
deleteAll 16384u deleteAll NO COMMENTS
ignore 4096u ignore NO COMMENTS
deleteNonPresent 8192u deleteNonPresent NO COMMENTS
DEFAULT 0 --- This type is used to





clearPwdHistory

Type: aaa:Clear
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Comments:
Allows the administrator to clear the password history of a locally-authenticated user.
Constants
no 0 No NO COMMENTS
yes 1 Yes NO COMMENTS
DEFAULT no(0) No NO COMMENTS





descr

Type: naming:Descr
Primitive Type: string:Basic

Like: naming:Described:descr
Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "128"
        Allowed Chars:
            Regex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]+
    Comments:
Specifies a description of the policy definition.



dn

Type: reference:BinRef

Units: null
Encrypted: false
Access: implicit
Category: TopLevelDn
    Comments:
A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.



email

Type: aaa:Email
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Regex: ˆ$|ˆ(?!.{64,})[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+$
    Comments:
The email address of the locally-authenticated user.



expiration

Type: aaa:Date
Primitive Type: scalar:Date

Units: UTC Time
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Comments:
The expiration date of the locally-authenticated user account. The expires property must be enabled to activate an expiration date.
Constants
never 0ull never NO COMMENTS
DEFAULT never(0ull) never NO COMMENTS





expires

Type: aaa:Boolean
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Comments:
A property to enable an expiration date for the locally-authenticated user account.
Constants
no 0 No NO COMMENTS
yes 1 Yes NO COMMENTS
DEFAULT no(0) No NO COMMENTS





extMngdBy

Type: mo:ExtMngdByType
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
NO COMMENTS
Constants
undefined 0u undefined NO COMMENTS
msc 1u msc NO COMMENTS
DEFAULT undefined(0u) undefined NO COMMENTS





firstName

Type: naming:Name
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "32"
    Comments:
The first name of the locally-authenticated user.



lastName

Type: naming:Name
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "32"
    Comments:
The last name of the locally-authenticated user.



lcOwn

Type: mo:Owner
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
A value that indicates how this object was created. For internal use only.
Constants
local 0 Local NO COMMENTS
policy 1 Policy NO COMMENTS
replica 2 Replica NO COMMENTS
resolveOnBehalf 3 ResolvedOnBehalf NO COMMENTS
implicit 4 Implicit NO COMMENTS
DEFAULT local(0) Local NO COMMENTS





modTs

Type: mo:TStamp
Primitive Type: scalar:Date

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The time when this object was last modified.
Constants
never 0ull never NO COMMENTS
DEFAULT never(0ull) never NO COMMENTS





monPolDn

Type: reference:BinRef

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
The monitoring policy attached to this observable object.



name

Type: naming:Name
Primitive Type: string:Basic

Overrides:aaa:Definition:name  |  pol:Obj:name  |  naming:NamedObject:name
Units: null Encrypted: false Naming Property -- [NAMING RULES] Access: naming Category: TopLevelRegular Property Validators: Regex: [a-zA-Z][a-zA-Z0-9_.-]{0,31}
    Comments:
The name of the locally-authenticated user.



nameAlias

Type: naming:NameAlias
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "63"
        Allowed Chars:
            Regex: [a-zA-Z0-9_.-]+
    Comments:
NO COMMENTS



otpenable

Type: aaa:OtpBoolean
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Comments:
NO COMMENTS
Constants
no 0 No NO COMMENTS
yes 1 Yes NO COMMENTS
DEFAULT no(0) No NO COMMENTS





otpenf

Type: aaa:OtpEnfBoolean
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
NO COMMENTS
Constants
no 0 No NO COMMENTS
yes 1 Yes NO COMMENTS
DEFAULT yes(1) Yes NO COMMENTS





otpkey

Type: aaa:OtpKey
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Regex: [A-Z2-7]{16}
    Comments:
NO COMMENTS
Constants
defaultValue "DISABLEDDISABLED" --- NO COMMENTS





ownerKey

Type: naming:Descr
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "128"
        Allowed Chars:
            Regex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]+
    Comments:
The key for enabling clients to own their data for entity correlation.



ownerTag

Type: naming:Descr
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "64"
        Allowed Chars:
            Regex: [a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]+
    Comments:
A tag for enabling clients to add their own data. For example, to indicate who created this object.



phone

Type: aaa:Phone
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "16"
    Comments:
The phone number of the locally-authenticated user.



pwd

Type: aaa:Passwd
Primitive Type: string:Password

Units: null
Encrypted: true
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "256"
        Allowed Chars:
            Regex: .*
    Comments:
The system user password.



pwdLifeTime

Type: aaa:PwdLifeTime
Primitive Type: scalar:Uint16

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: 0  max: 3650
    Comments:
The lifetime of the locally-authenticated user password.
Constants
no-password-expire 0 No Password Expiration NO COMMENTS
DEFAULT 0 --- NO COMMENTS





pwdUpdateRequired

Type: aaa:Boolean
Primitive Type: scalar:Enum8

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Comments:
A boolean value indicating whether this account needs password update
Constants
no 0 No NO COMMENTS
yes 1 Yes NO COMMENTS
DEFAULT no(0) No NO COMMENTS





rbacString

Type: aaa:RbacString
Primitive Type: string:Basic

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "1024"
        Allowed Chars:
            Regex: .*
    Comments:
NO COMMENTS



rn

Type: reference:BinRN

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRn
    Comments:
Identifies an object from its siblings within the context of its parent object. The distinguished name contains a sequence of relative names.



status

Type: mo:ModificationStatus
Primitive Type: scalar:Bitmask32

Units: null
Encrypted: false
Access: implicit
Category: TopLevelStatus
    Comments:
The upgrade status. This property is for internal use only.
Constants
created 2u created In a setter method: specifies that an object should be created. An error is returned if the object already exists.
In the return value of a setter method: indicates that an object has been created.
modified 4u modified In a setter method: specifies that an object should be modified
In the return value of a setter method: indicates that an object has been modified.
deleted 8u deleted In a setter method: specifies that an object should be deleted.
In the return value of a setter method: indicates that an object has been deleted.
DEFAULT 0 --- This type controls the life cycle of objects passed in the XML API.

When used in a setter method (such as configConfMo), the ModificationStatus specifies whether an object should be created, modified, deleted or removed.
In the return value of a setter method, the ModificationStatus indicates the actual operation that was performed. For example, the ModificationStatus is set to "created" if the object was created. The ModificationStatus is not set if the object was neither created, modified, deleted or removed.

When invoking a setter method, the ModificationStatus is optional:
If a setter method such as configConfMo is invoked and the ModificationStatus is not set, the system automatically determines if the object should be created or modified.






uid

Type: scalar:Uint16

Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
    Comments:
A unique identifier for this object.



unixUserId

Type: aaa:UnixUID
Primitive Type: scalar:Uint16

Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: 99  max: 15999
    Comments:
The UNIX identifier of the locally-authenticated user.