Skip to main content

"createAccount" (JSON Action)

Create an account to log into a server

The "createAccount" action creates an account that an application or user can use to log into the server. To designate privileges, you can assign one or more roles to your accounts - see the action "assignRolesToAccounts".

Links: Concepts | Tutorials | FAQs

Request examples

{
  "api": "admin",
  "action": "createAccount",
  "params": {
    "username": "NewAccount1"
  },
  "authToken": "replaceWithAuthTokenFromCreateSession"
}

Maximal

{
  "api": "admin",
  "action": "createAccount",
  "params": {
    "username": "NewAccount2",
    "password": "CorrectHorseBatteryStaple",
    "accountDescription": "NewAccount2 will be used solely to test deletion",
    "enableDatetime": "2024-01-01",
    "disableDatetime": "2024-12-31",
    "lockoutAfterNFailedAttempts": 5,
    "maxDaysBeforePasswordMustChange": 14,
    "maxMinutesBeforeNextLogin": 0,
    "memoryLimit": 1048576,
    "memoryRule": "default"
  },
  "requestId": "1",
  "authToken": "replaceWithAuthTokenFromCreateSession"
}

The "createAccount" action allows the creation of server login accounts with configurable parameters. It details the request examples (minimal and maximal), the structure of "params," and specific properties like "username," "password," "accountDescription," "enableDatetime," "disableDatetime," "lockoutAfterNFailedAttempts," "lockoutWaitMinutes," "maxDaysBeforePasswordMustChange," "maxMinutesBeforeNextLogin," "memoryLimit," and "memoryRule," including their descriptions, defaults, types, and limits. It also includes notes on system limits and property requirements.

createAccountcreateAccountsJSON ActionJSON ADMIN APIadmin accountcreate accountserver loginuser account creationaccount managementaccess controluser authenticationaccount parametersassign roles to accountssystem limitsusername requirementspassword optionsaccount descriptionlockout after failed attemptslockout wait timepassword expirationinactivity timeoutmemory limitmemory rule

"params"

The "params" property is an object that contains an action's request parameters as defined by a set of properties. Each action defines its own required and optional properties. See System limits for a comprehensive overview of property requirements and limitations.

Table 1. createAccount "params" property summaries

Property

Description

Default

Type

Limits (inclusive)

username

specifies the name that uniquely identifies the account.

Required - No default value

string

1 to 64 bytes

password

(optional) specifies the code used to authenticate the account.

""

string

0 to 63 bytes

accountDescription

(optional) describes the account.

""

string

0 to 65,500 bytes

enableDatetime

(optional) specifies the first date and time that the account can log into the server.

""

date

Any date after "0336-10-07"

disableDatetime

(optional) specifies the last date and time that the account can log into the server.

""

date

Any date after "0336-10-07"

lockoutAfterNFailedAttempts

(optional) specifies the maximum number of consecutive times a failed login attempt can occur before the account is temporarily locked out.

Defaults to the session's "LOGON_FAIL_LIMIT" property

integer

0 to 2147483647

lockoutWaitMinutes

(optional) specifies the number of minutes an account remains temporarily lockout out after the number of failed attempts defined by "lockoutAfterNFailedAttempts".

Defaults to the session's "LOGON_FAIL_TIME" property

integer

0 to 2147483647

maxDaysBeforePasswordMustChange

(optional) specifies the maximum number of days a user can wait to change their password before the account is automatically locked out.

""

integer

0 to 2147483647

maxMinutesBeforeNextLogin

(optional) specifies the maximum number of minutes the server will wait for an account to log in again before it locks out the account.

Defaults to the session's "LOGON_MUST_TIME" property

integer

0 to 35791394

memoryLimit

(optional) specifies the maximum number of bytes the server will allocate to the account.

Defaults to the session's "USR_MEMORY" property

integer

0 to 2147483647

memoryRule

(optional) specifies additional rules that can allow the account to exceed the memory limit defined in the "memoryLimit" property.

Defaults to the session's "USR_MEM_RULE" property

string

"default"
"absolute"
"guideline"


"username"

The "username" property is a required string up to 64 bytes long. It is the name that uniquely identifies the account.

Note

See System limits for user name and other system properties requirements.

"password"

The "password" property is an optional string up to 63 bytes long. The server uses the password to authenticate the account.

  • If omitted, a password is not set.

  • If present, the password is changed to the specified password. If it is set to an empty string, the server authenticates the account without a password. This is not recommended because it allows anyone to log into the account without supplying a password.

"accountDescription"

The "accountDescription" property is an optional string up to 65,500 bytes long that defines the account.

  • If omitted or set to null, an account description is not set.

  • If present and set to a non-empty string, it is set to the new description.

  • If preset and set to an empty string, it is set to the empty string.

"enableDatetime"

The "enableDatetime" property is an optional datetime. It specifies the first date and time that the account can log into the server. It is useful when you want to set a future date for automatically activating a new account.

  • If omitted or set to null, the earliest date and time a user can log in is not specified, and the account can be used immediately.

  • If present and set to a valid date, it is updated with that date.

  • If present and set to an empty string, it disables this feature, which means there is no earliest date when the account can log in.

"disableDatetime"

The "disableDatetime" property is an optional datetime. It is the last date and time that the account can log into the server. It is useful when you want to set a future date for automatically deactivating an account.

  • If omitted or set to null, it is not changed.

  • If present and set to a valid date, it is updated.

  • If present and set to an empty string, it disables this feature, which means there is no final date when the account can login.

"lockoutAfterNFailedAttempts"

The "lockoutAfterNFailedAttempts" property is an optional integer. It is the maximum number of consecutive times a failed login attempt can occur before the account is temporarily locked out for "lockoutWaitMinutes".

  • This value overrides the server's default value for this account, which is set by the configuration keyword LOGON_FAIL_LIMIT.

  • If omitted or set to null, it is not changed.

  • If present and set to a valid number, it is set to the new value.

"lockoutWaitMinutes"

The "lockoutWaitMinutes" property is an optional integer. It is the number of minutes an account remains temporarily locked out after the number of failed attempts defined by "lockoutAfterNFailedAttempts".

  • This value overrides the server's default value for this account, which is set by the configuration keyword LOGON_FAIL_TIME.

  • If omitted or set to null, it is not changed.

  • If present and set to a valid number, it is set to the new value.

"maxDaysBeforePasswordMustChange"

The "maxDaysBeforePasswordMustChange" property is an optional integer that specifies the maximum number of days a user can wait to change their password before the account is automatically locked out. A value of zero disables this feature.

  • If omitted or set to null, it is not changed.

  • If present and set to a valid number, it is set to the new value.

"maxMinutesBeforeNextLogin"

The "maxMinutesBeforeNextLogin" property is an optional integer >= 0 and <= 35791394 that specifies the maximum number of minutes the server will wait for an account to log in again before it locks the account out. The default value is zero, which disables this feature. It is useful for automatically disabling an account due to inactivity. For example, a value of 10080 minutes requires a user to log in at least once a week.

  • This value overrides the server's default value for this account, which is set by the configuration keyword LOGON_MUST_TIME.

  • If omitted or set to null, it is not changed.

  • If present and set to a valid number, it is set to the new value.

"memoryLimit"

The "memoryLimit" property is an optional integer that specifies the maximum number of bytes the server will allocate to the account. Depending on the memory rule, it may override the default memory allocations set for each user by the server for all accounts or by a group for all its accounts.

  • If omitted or set to null, it is not changed.

  • If present and set to a valid number, it is set to the new value.

"memoryRule"

The "memoryRule" property is an optional enumerated string that uses one of the following values to specify additional rules that allow the account to exceed the memory limit defined by the "memoryLimit" property:

  1. "default"

  2. "absolute" sets the memory limit to no more than the value defined in "memoryLimit".

  3. "guideline" allows the server to allocate additional memory while attempting to keep memory below "memoryLimit".

  • If omitted or set to null, it is not changed.

  • If present and set to a valid string, it is updated.