Input Name	Range	Type	Description
user-identifier		string	Name of the user in domain\username format. This can also be a SID (Windows security identifier) describing a user. A SID has the format S-1-5-21-int-int-int-rid.
useradmin-groups		useradmin-group-info[]	List of local groups to contain the domain user.

Errno	Description
EINTERNALERROR
EONTAPI_EPERM
ECIFSNOTCONFIGURED

Removes a nonlocal user from a group or groups. The user can be removed as a SID or as domain\username. This API is only used in a windows environment.

Input Name	Range	Type	Description
user-identifier		string	Name of the user in domain\username format. This can also be a SID (Windows security identifier) describing a user. A SID has the format S-1-5-21-int-int-int-rid.
useradmin-groups		useradmin-group-info[]	Remove the SID from this list of local groups.

Errno	Description
EINTERNALERROR
EONTAPI_EPERM
ECIFSNOTCONFIGURED

List all of the SIDs in a given group. This API is only used in a windows environment.

Input Name	Range	Type	Description
group-name		string	List only the SIDs in this group.
Output Name	Range	Type	Description
user-identifiers		sid[]	List of SID's inside of the group.

Errno	Description
EINTERNALERROR
EONTAPI_EPERM
ECIFSNOTCONFIGURED

Adds a group given the information provided.

Input Name	Range	Type	Description
useradmin-group		useradmin-group-info	New group information. A group must have a name and at least one role. A comment is also allowed. All other fields are ignored.

Errno	Description
EINTERNALERROR

Deletes a group.

Input Name	Range	Type	Description
group-name		string	The name of the group to be deleted.

Errno	Description
EINTERNALERROR

Lists full information for all groups on the system.

Input Name	Range	Type	Description
group-name		string optional	List only the information associated with this group.
verbose		boolean optional	Default is false. If set to true, then the allowed capabilities are placed into the group-info structure. Depending on number of groups and roles, this operation may take a long time.
Output Name	Range	Type	Description
useradmin-groups		useradmin-group-info[]	List of groups and information associated with them.

Errno	Description
EINTERNALERROR

Modifies a group given the information provided.

Input Name	Range	Type	Description
new-group-name		string optional	New group name for this group. This is used to rename the group specified in useradmin-group. If this value is invalid, useradmin-group-modify fails without changing anything. The value is optional, and if not provided, the group name will be unchanged.
useradmin-group		useradmin-group-info	A group must have a name. If one or more roless and/or a comment is provided, the group is modified accordingly. All other fields are ignored.

Errno	Description
EINTERNALERROR

Adds a role given the information provided.

Input Name	Range	Type	Description
useradmin-role		useradmin-role-info	New role information. A role must have a name and at least one allowed capability. A role-info comment is also allowed. All other fields are ignored.

Errno	Description
EINTERNALERROR

Deletes a role.

Input Name	Range	Type	Description
role-name		string	The name of the role to be deleted.

Errno	Description
EINTERNALERROR

Lists full information for all roles on the system.

Input Name	Range	Type	Description
role-name		string optional	List only the information associated with this role.
Output Name	Range	Type	Description
useradmin-roles		useradmin-role-info[]	List of roles and information associated with them.

Errno	Description
EINTERNALERROR

Modifies a role given the information provided.

Input Name	Range	Type	Description
useradmin-role		useradmin-role-info	A role must have a name. If one or more capabilities and/or a comment is provided, the role is modified accordingly.

Errno	Description
EINTERNALERROR

Adds a user given the information provided.

Input Name	Range	Type	Description
password		string	Password for the user. Please see documentation for constraints on the password.
useradmin-user		useradmin-user-info	New user information. A user must have a name and at least one group. A comment and full-name are also allowed. All other fields are ignored.

Errno	Description
EINTERNALERROR
EINVALIDPASSWORD

Deletes a user.

Input Name	Range	Type	Description
user-name		string	The name of the user to be deleted.

Errno	Description
EINTERNALERROR

Lists information for all administrative users on the system with the exception of root and snmp.

Input Name	Range	Type	Description
group-name		string optional	List only the users which are a part of this group. This option must be left empty if the option "user-name" contains a value.
user-name		string optional	List only the information associated with this user. This option must be left empty if the option "group-name" contains a value.
verbose		boolean optional	Default is false. If set to true, then the allowed capabilities are placed into the user-info structure. Depending on number of users, groups, and roles; this operation may take a long time.
Output Name	Range	Type	Description
useradmin-users		useradmin-user-info[]	List of users and information associated with them.

Errno	Description
EINTERNALERROR

Modifies a user given the information provided.

Input Name	Range	Type	Description
useradmin-user		useradmin-user-info	A user must have a name. If one or more groups a comment and/or a full-name is provided, the user is modified accordingly. All other fields are ignored.

Errno	Description
EINTERNALERROR

Changes the password of a specified user.

Input Name	Range	Type	Description
new-password		string	New password for the user. Please see documentation for constraints on the password.
old-password		string optional	Current password for the user. A user with the capability 'security-passwd-change-others' and at least the same capabilities as the user being changed, does not need to enter the current password in order to change it to a new one.
user-name		string	The user who's password should be changed.

Errno	Description
EINTERNALERROR
EINVALIDPASSWORD
EONTAPI_EPERM

Windows security identifier describing a user. A SID has the format S-1-5-21-int-int-int-rid.

[none]

Structure containing information pertaining to a group.

Name	Range	Type	Description
allowed-capabilities		useradmin-capability-info[] optional	List of capabilities the group is allowed.
comment		string optional	Comment for the group.
name		string	Name of the group.
rid		string optional	Unique relative identifier (per domain) for this group. (Used only for Windows.)
useradmin-roles		useradmin-role-info[] optional	List of roles this group contains. The only included entry in this structure is the name field. For full role information user useradmin-role-list.

Structure containing information pertaining to a role.

Name	Range	Type	Description
allowed-capabilities		useradmin-capability-info[] optional	List of capabilities the role is allowed.
comment		string optional	Comment for the role.
name		string	Name of the role.

Structure containing information pertaining to a user.

Name	Range	Type	Description
allowed-capabilities		useradmin-capability-info[] optional	List of capabilities the user is allowed.
comment		string optional	Comment for the user. This is only set if the user has a comment.
full-name		string optional	Full name of the user. (Used only for Windows.) This is only set if the user has a full-name.
name		string	Name of the user.
password-maximum-age		integer optional	Number of days that this user's password can be active before the user must change it. Default value is 2^31-1 days.
password-minimum-age		integer optional	Number of days that this user's password must be active before the user can change it. Default value is 0.
rid		string optional	Unique relative identifier (per domain) for this user. (Used only for Windows.)
status		string optional	Current status of the user account. This element cannot be used as an input. It is used as an output for useradmin-user-list. Possible values: "enabled", "disabled", or "expired".
useradmin-groups		useradmin-group-info[]	List of groups this user is part of. The only included entry in this structure is the name field. For full group information user useradmin-group-list.

Capability to run a command or commands on the filer.

Name	Range	Type	Description
name		string	Name of the capability Possible values include: "*", "login-*", "cli-*", "api-*", "security-*"... Instead of "*", commands and subcommands can be specified directly. Please see man page or other documentation for more details.

Structure containing information pertaining to a group.

Name	Range	Type	Description
allowed-capabilities		useradmin-capability-info[] optional	List of capabilities the group is allowed.
comment		string optional	Comment for the group.
name		string	Name of the group.
rid		string optional	Unique relative identifier (per domain) for this group. (Used only for Windows.)
useradmin-roles		useradmin-role-info[] optional	List of roles this group contains. The only included entry in this structure is the name field. For full role information user useradmin-role-list.

Structure containing information pertaining to a role.

Name	Range	Type	Description
allowed-capabilities		useradmin-capability-info[] optional	List of capabilities the role is allowed.
comment		string optional	Comment for the role.
name		string	Name of the role.

Capability to run a command or commands on the filer.

Name	Range	Type	Description
name		string	Name of the capability Possible values include: "*", "login-*", "cli-*", "api-*", "security-*"... Instead of "*", commands and subcommands can be specified directly. Please see man page or other documentation for more details.