Manager Account
This resource represents the user accounts for the manager.
The maximum limit for accounts is 14.
As per HI specification, default accounts are HostAutoFW, HostAutoOS. HostAutoFW is used by BIOS to communicate and HostAutoOS is used by OS to communicate with redfish. BIOS will call BMC to create HostAutoOS at end of boot process and save it in EFI Variable. This user will be deleted in next boot by Redfish and a new password will be generated for HostAutoOS.
HostAutoFW and HostAutoOS can't be deleted or modified. The ID number for the newly created redfish user will start from 5 if there is only one fixed IPMI user. If there are many IPMI fixed users, then the ID number generated varies accordingly. ID numbers 1 to 3 are reserved.
ID number 1 is for default "Administrator" account.
ID number 2 is for HostAutoFW.
ID number 3 is for HostAutoOS.
ID number 4 is for default admin IPMI fixed user.
Once maximum account, 20, reached on deleting and creating a new redfish account, ID number will start from 25.
Name | Type | Read only | Description | |||
(OData Attributes) | Refer to OData Support. | |||||
Id(M) | String | True | Refer to Resource Type Definitions | |||
Name(M) | String | True | ||||
Description | String | True | ||||
Password(C ) | String | False | The value of this property shall be the password for this account. Note Should not be displayed in the response. | |||
UserName(C) | String | False | The value of this property shall be the user name for this account. | |||
RoleId | String | False | The value of this property shall be the ID of the Role resource configured for this account. | |||
Locked | Boolean | False | This property (when set to true) shall indicate that the account service has automatically locked the account due to the property accountLockoutThreshold having been exceeded. If Locked is set to true by account service, the account is locked and the user shall not be able to login to redfish unless the property is unlocked by the administrator. If set to false, the account will not be locked. A user admin shall be able to write a false to the property to clear the lockout condition, prior to the lockout duration period. Note By default, the account service will set the value of Locked to false. (The account shall not be locked and the failed attempt should not exceed the accountLockedThreshold). Only the Administrator will be able to unlock the locked account in case it is set to true automatically in case of failed login attempts but setting the account as a locked account (i.e value to true) by an Administrator is an invalid operation. | |||
Enabled | Boolean | False | This property shall enable (if set to true) or disable (if set to false) the account for future logins. The value of Enable overrides the locked property. | |||
Actions | Object | True | This object will contain the actions for this resource under Oem property if any. | |||
PasswordChangeRequired | Boolean | True | Indicates that the password for this account must be changed. The service requires the password to be changed before access is allowed. The value of this property shall be true if the password for this account must be changed before further access is allowed. Access to the service may be denied by the implementation if the password has not been changed. A ManagerAccount created with an initial PasswordChangeRequired value of true may be used to force a password change before first access using the account. When the 'Password' property for this account is updated, the service shall set the value to false. PasswordChangeRequired attribute value for the default administrator account will be based on the PRJ option to disable the requirement of changing a password in the first-time login. Note PasswordChangeRequired cannot be modified by PATCH because of the security concern of California Law. | |||
Certificates | Object | True | The link to a collection of certificates used for this account. | |||
Links | Object | The links object contains links to other resources that are related to this resource. | ||||
Name | Type | Read only | Description | |||
Role | Object | True | A reference to the Role object defining Privileges for this account--returned when the resource is read. The ID of the role is the same as property RoleId. |