1{ 2 "$id": "http://redfish.dmtf.org/schemas/v1/ManagerAccount.v1_12_1.json", 3 "$ref": "#/definitions/ManagerAccount", 4 "$schema": "http://redfish.dmtf.org/schemas/v1/redfish-schema-v1.json", 5 "copyright": "Copyright 2014-2024 DMTF. For the full DMTF copyright policy, see http://www.dmtf.org/about/policies/copyright", 6 "definitions": { 7 "Actions": { 8 "additionalProperties": false, 9 "description": "The available actions for this resource.", 10 "longDescription": "This type shall contain the available actions for this resource.", 11 "patternProperties": { 12 "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 13 "description": "This property shall specify a valid odata or Redfish property.", 14 "type": [ 15 "array", 16 "boolean", 17 "integer", 18 "number", 19 "null", 20 "object", 21 "string" 22 ] 23 } 24 }, 25 "properties": { 26 "#ManagerAccount.ChangePassword": { 27 "$ref": "#/definitions/ChangePassword" 28 }, 29 "Oem": { 30 "$ref": "#/definitions/OemActions", 31 "description": "The available OEM-specific actions for this resource.", 32 "longDescription": "This property shall contain the available OEM-specific actions for this resource.", 33 "versionAdded": "v1_1_0" 34 } 35 }, 36 "type": "object" 37 }, 38 "ChangePassword": { 39 "additionalProperties": false, 40 "description": "This action changes the account password.", 41 "longDescription": "This action shall change the account password while requiring password for the current session. This action prevents session hijacking.", 42 "parameters": { 43 "NewPassword": { 44 "description": "The new account password.", 45 "longDescription": "This parameter shall contain the new password.", 46 "requiredParameter": true, 47 "type": "string" 48 }, 49 "SessionAccountPassword": { 50 "description": "The password of the account tied to the current session.", 51 "longDescription": "This parameter shall contain the password of the current session's account. A user changing their own password shall provide their current password for this parameter. An administrator changing the password for a different user shall provide their own password for this parameter. If the request is performed with HTTP Basic authentication, this parameter shall contain the same password encoded in the `Authorization` header.", 52 "requiredParameter": true, 53 "type": "string" 54 } 55 }, 56 "patternProperties": { 57 "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 58 "description": "This property shall specify a valid odata or Redfish property.", 59 "type": [ 60 "array", 61 "boolean", 62 "integer", 63 "number", 64 "null", 65 "object", 66 "string" 67 ] 68 } 69 }, 70 "properties": { 71 "target": { 72 "description": "Link to invoke action", 73 "format": "uri-reference", 74 "type": "string" 75 }, 76 "title": { 77 "description": "Friendly action name", 78 "type": "string" 79 } 80 }, 81 "type": "object", 82 "versionAdded": "v1_11_0" 83 }, 84 "Links": { 85 "additionalProperties": false, 86 "description": "The links to other resources that are related to this resource.", 87 "longDescription": "This Redfish Specification-described type shall contain links to resources that are related to but are not contained by, or subordinate to, this resource.", 88 "patternProperties": { 89 "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 90 "description": "This property shall specify a valid odata or Redfish property.", 91 "type": [ 92 "array", 93 "boolean", 94 "integer", 95 "number", 96 "null", 97 "object", 98 "string" 99 ] 100 } 101 }, 102 "properties": { 103 "Oem": { 104 "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", 105 "description": "The OEM extension property.", 106 "longDescription": "This property shall contain the OEM extensions. All values for properties contained in this object shall conform to the Redfish Specification-described requirements." 107 }, 108 "Role": { 109 "$ref": "http://redfish.dmtf.org/schemas/v1/Role.json#/definitions/Role", 110 "description": "The link to the Redfish role that defines the privileges for this account.", 111 "longDescription": "This property shall contain a link to a resource of type `Role`, and should link to the resource identified by the `RoleId` property.", 112 "readonly": true 113 } 114 }, 115 "type": "object" 116 }, 117 "ManagerAccount": { 118 "additionalProperties": false, 119 "description": "The `ManagerAccount` schema defines the user accounts that are owned by a manager. Changes to a manager account might affect the current Redfish service connection if this manager is responsible for the Redfish service.", 120 "longDescription": "This resource shall represent a user account for the manager in a Redfish implementation. The account shall indicate the allowed access to one of more services in the manager.", 121 "patternProperties": { 122 "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 123 "description": "This property shall specify a valid odata or Redfish property.", 124 "type": [ 125 "array", 126 "boolean", 127 "integer", 128 "number", 129 "null", 130 "object", 131 "string" 132 ] 133 } 134 }, 135 "properties": { 136 "@odata.context": { 137 "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/context" 138 }, 139 "@odata.etag": { 140 "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/etag" 141 }, 142 "@odata.id": { 143 "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/id" 144 }, 145 "@odata.type": { 146 "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/type" 147 }, 148 "AccountExpiration": { 149 "description": "Indicates the date and time when this account expires. If `null`, the account never expires.", 150 "format": "date-time", 151 "longDescription": "This property shall contain the date and time when this account expires. The service shall disable or delete an account that has expired. This property shall not apply to accounts created by the Redfish Host Interface Specification-defined credential bootstrapping. If the value is `null`, or the property is not present, the account never expires.", 152 "readonly": false, 153 "type": [ 154 "string", 155 "null" 156 ], 157 "versionAdded": "v1_8_0" 158 }, 159 "AccountTypes": { 160 "description": "The list of services in the manager that the account is allowed to access.", 161 "items": { 162 "anyOf": [ 163 { 164 "$ref": "http://redfish.dmtf.org/schemas/v1/ManagerAccount.json#/definitions/AccountTypes" 165 }, 166 { 167 "type": "null" 168 } 169 ] 170 }, 171 "longDescription": "This property shall contain an array of the various manager services that the account is allowed to access. This shall not include functionality for receiving events or other notifications. If this property is not provided by the client, the default value shall be an array that contains the value `Redfish`. The service may add additional values when this property is set or updated if allowed by the value of the `StrictAccountTypes` property.", 172 "readonly": false, 173 "type": "array", 174 "versionAdded": "v1_4_0" 175 }, 176 "Actions": { 177 "$ref": "#/definitions/Actions", 178 "description": "The available actions for this resource.", 179 "longDescription": "This property shall contain the available actions for this resource.", 180 "versionAdded": "v1_1_0" 181 }, 182 "Certificates": { 183 "$ref": "http://redfish.dmtf.org/schemas/v1/CertificateCollection.json#/definitions/CertificateCollection", 184 "description": "The link to a collection of user identity certificates for this account.", 185 "longDescription": "This property shall contain a link to a resource collection of type `CertificateCollection` that represents the user identity certificates for this account.", 186 "readonly": true, 187 "versionAdded": "v1_2_0" 188 }, 189 "Description": { 190 "anyOf": [ 191 { 192 "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Description" 193 }, 194 { 195 "type": "null" 196 } 197 ], 198 "readonly": true 199 }, 200 "EmailAddress": { 201 "description": "The email address associated with this account.", 202 "longDescription": "This property shall contain the email address associated with this account.", 203 "readonly": false, 204 "type": [ 205 "string", 206 "null" 207 ], 208 "versionAdded": "v1_11_0" 209 }, 210 "Enabled": { 211 "description": "An indication of whether an account is enabled. An administrator can disable it without deleting the user information. If `true`, the account is enabled and the user can log in. If `false`, the account is disabled and, in the future, the user cannot log in.", 212 "longDescription": "This property shall indicate whether an account is enabled. If `true`, the account is enabled and the user can log in. If `false`, the account is disabled and, in the future, the user cannot log in.", 213 "readonly": false, 214 "type": "boolean" 215 }, 216 "HostBootstrapAccount": { 217 "description": "An indication of whether this account is a bootstrap account for the host interface.", 218 "longDescription": "This property shall indicate whether this account is a bootstrap account created by the Redfish Host Interface Specification-defined credential bootstrapping.", 219 "readonly": true, 220 "type": "boolean", 221 "versionAdded": "v1_8_0" 222 }, 223 "Id": { 224 "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Id", 225 "readonly": true 226 }, 227 "Keys": { 228 "$ref": "http://redfish.dmtf.org/schemas/v1/KeyCollection.json#/definitions/KeyCollection", 229 "description": "The link to the collection of keys that can be used to authenticate this account. For example, an SSH public key could be added to this collection to allow for SSH public key authentication.", 230 "longDescription": "This property shall contain a link to a resource collection of type `KeyCollection` that contains the keys that can be used to authenticate this account.", 231 "readonly": true, 232 "versionAdded": "v1_9_0" 233 }, 234 "Links": { 235 "$ref": "#/definitions/Links", 236 "description": "The links to other resources that are related to this resource.", 237 "longDescription": "This property shall contain links to resources that are related to but are not contained by, or subordinate to, this resource." 238 }, 239 "Locked": { 240 "description": "An indication of whether the account service automatically locked the account because the lockout threshold was exceeded. To manually unlock the account before the lockout duration period, an administrator can change the property to `false` to clear the lockout condition.", 241 "longDescription": "This property shall indicate whether the account service automatically locked the account because the `AccountLockoutThreshold` was exceeded. To manually unlock the account before the lockout duration period, an administrator shall be able to change the property to `false` to clear the lockout condition.", 242 "readonly": false, 243 "type": "boolean" 244 }, 245 "MFABypass": { 246 "anyOf": [ 247 { 248 "$ref": "http://redfish.dmtf.org/schemas/v1/AccountService.json#/definitions/MFABypass" 249 }, 250 { 251 "type": "null" 252 } 253 ], 254 "description": "The multi-factor authentication bypass settings for this account.", 255 "longDescription": "This property shall contain the multi-factor authentication bypass settings for this account.", 256 "versionAdded": "v1_10_0" 257 }, 258 "Name": { 259 "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Name", 260 "readonly": true 261 }, 262 "OEMAccountTypes": { 263 "description": "The OEM account types.", 264 "items": { 265 "type": [ 266 "string", 267 "null" 268 ] 269 }, 270 "longDescription": "This property shall contain an array of the OEM account types for this account. This property shall be valid when `AccountTypes` contains `OEM`.", 271 "readonly": false, 272 "type": "array", 273 "versionAdded": "v1_4_0" 274 }, 275 "Oem": { 276 "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", 277 "description": "The OEM extension property.", 278 "longDescription": "This property shall contain the OEM extensions. All values for properties that this object contains shall conform to the Redfish Specification-described requirements." 279 }, 280 "OneTimePasscodeDeliveryAddress": { 281 "description": "The address used to receive one-time passcode messages for multi-factor authentication.", 282 "longDescription": "This property shall contain the contact address for receiving one-time passcode messages for multi-factor authentication for this account when the `Enabled` property in the `OneTimePasscode` property in `AccountService` resource contains `true`. This is typically the contact email address associated with the account, but may be a separate, relay email address for delivery via SMS or other contact method.", 283 "readonly": false, 284 "type": [ 285 "string", 286 "null" 287 ], 288 "versionAdded": "v1_11_0" 289 }, 290 "Password": { 291 "description": "The password. Use this property with a `PATCH` or `PUT` to write the password for the account. This property is `null` in responses.", 292 "longDescription": "This property shall contain the password for this account. The value shall be `null` in responses.", 293 "readonly": false, 294 "type": [ 295 "string", 296 "null" 297 ], 298 "writeOnly": true 299 }, 300 "PasswordChangeRequired": { 301 "description": "An indication of whether the service requires that the password for this account be changed before further access to the account is allowed.", 302 "longDescription": "This property shall indicate whether the service requires that the password for this account be changed before further access to the account is allowed. The implementation may deny access to the service if the password has not been changed. A manager account created with an initial `PasswordChangeRequired` value of `true` may force a password change before first access of the account. When the `Password` property for this account is updated, the service shall set this property to `false`.", 303 "readonly": false, 304 "type": [ 305 "boolean", 306 "null" 307 ], 308 "versionAdded": "v1_3_0" 309 }, 310 "PasswordExpiration": { 311 "description": "Indicates the date and time when this account password expires. If `null`, the account password never expires.", 312 "format": "date-time", 313 "longDescription": "This property shall contain the date and time when this account password expires. If the value is `null`, the account password never expires. If provided during account creation or password modification, this value shall override the value of the `PasswordExpirationDays` property in the `AccountService` resource.", 314 "readonly": false, 315 "type": [ 316 "string", 317 "null" 318 ], 319 "versionAdded": "v1_6_0" 320 }, 321 "PhoneNumber": { 322 "description": "The contact phone number associated with this account.", 323 "longDescription": "This property shall contain the contact phone number associated with this account.", 324 "readonly": false, 325 "type": [ 326 "string", 327 "null" 328 ], 329 "versionAdded": "v1_11_0" 330 }, 331 "RoleId": { 332 "description": "The role for this account.", 333 "longDescription": "This property shall contain the `RoleId` of the role resource configured for this account. The service shall reject `POST`, `PATCH`, or `PUT` operations that provide a `RoleId` that does not exist by returning the HTTP `400 Bad Request` status code.", 334 "readonly": false, 335 "type": "string" 336 }, 337 "SNMP": { 338 "anyOf": [ 339 { 340 "$ref": "#/definitions/SNMPUserInfo" 341 }, 342 { 343 "type": "null" 344 } 345 ], 346 "description": "The SNMP settings for this account.", 347 "longDescription": "This property shall contain the SNMP settings for this account when `AccountTypes` contains `SNMP`.", 348 "versionAdded": "v1_4_0" 349 }, 350 "StrictAccountTypes": { 351 "description": "Indicates if the service needs to use the account types exactly as specified when the account is created or updated.", 352 "longDescription": "This property shall indicate if the service needs to use the value of `AccountTypes` and `OEMAccountTypes` values exactly as specified. A `true` value shall indicate the service needs to either accept the value without changes or reject the request. A `false` value shall indicate the service may add additional `AccountTypes` and `OEMAccountTypes` values as needed to support limitations it has in separately controlling access to individual services. If this property is not present, the value shall be assumed to be `false`. An update of the service can cause account types to be added to or removed from the `AccountTypes` and `OEMAccountTypes` properties, regardless of the value of this property. After a service update, clients should inspect all accounts where the value of this property is `true` and perform maintenance as needed.", 353 "readonly": false, 354 "type": [ 355 "boolean", 356 "null" 357 ], 358 "versionAdded": "v1_7_0" 359 }, 360 "UserName": { 361 "description": "The username for the account.", 362 "longDescription": "This property shall contain the username for this account.", 363 "readonly": false, 364 "type": "string" 365 } 366 }, 367 "required": [ 368 "@odata.id", 369 "@odata.type", 370 "Id", 371 "Name", 372 "AccountTypes" 373 ], 374 "requiredOnCreate": [ 375 "Password", 376 "UserName", 377 "RoleId" 378 ], 379 "type": "object" 380 }, 381 "OemActions": { 382 "additionalProperties": true, 383 "description": "The available OEM-specific actions for this resource.", 384 "longDescription": "This type shall contain the available OEM-specific actions for this resource.", 385 "patternProperties": { 386 "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 387 "description": "This property shall specify a valid odata or Redfish property.", 388 "type": [ 389 "array", 390 "boolean", 391 "integer", 392 "number", 393 "null", 394 "object", 395 "string" 396 ] 397 } 398 }, 399 "properties": {}, 400 "type": "object" 401 }, 402 "SNMPAuthenticationProtocols": { 403 "enum": [ 404 "None", 405 "HMAC_MD5", 406 "HMAC_SHA96", 407 "HMAC128_SHA224", 408 "HMAC192_SHA256", 409 "HMAC256_SHA384", 410 "HMAC384_SHA512" 411 ], 412 "enumDescriptions": { 413 "HMAC128_SHA224": "HMAC-128-SHA-224 authentication.", 414 "HMAC192_SHA256": "HMAC-192-SHA-256 authentication.", 415 "HMAC256_SHA384": "HMAC-256-SHA-384 authentication.", 416 "HMAC384_SHA512": "HMAC-384-SHA-512 authentication.", 417 "HMAC_MD5": "HMAC-MD5-96 authentication.", 418 "HMAC_SHA96": "HMAC-SHA-96 authentication.", 419 "None": "No authentication." 420 }, 421 "enumLongDescriptions": { 422 "HMAC128_SHA224": "This value shall indicate authentication for SNMPv3 access conforms to the RFC7860-defined usmHMAC128SHA224AuthProtocol.", 423 "HMAC192_SHA256": "This value shall indicate authentication for SNMPv3 access conforms to the RFC7860-defined usmHMAC192SHA256AuthProtocol.", 424 "HMAC256_SHA384": "This value shall indicate authentication for SNMPv3 access conforms to the RFC7860-defined usmHMAC256SHA384AuthProtocol.", 425 "HMAC384_SHA512": "This value shall indicate authentication for SNMPv3 access conforms to the RFC7860-defined usmHMAC384SHA512AuthProtocol.", 426 "HMAC_MD5": "This value shall indicate authentication conforms to the RFC3414-defined HMAC-MD5-96 authentication protocol.", 427 "HMAC_SHA96": "This value shall indicate authentication conforms to the RFC3414-defined HMAC-SHA-96 authentication protocol.", 428 "None": "This value shall indicate authentication is not required." 429 }, 430 "enumVersionAdded": { 431 "HMAC128_SHA224": "v1_7_0", 432 "HMAC192_SHA256": "v1_7_0", 433 "HMAC256_SHA384": "v1_7_0", 434 "HMAC384_SHA512": "v1_7_0" 435 }, 436 "type": "string" 437 }, 438 "SNMPEncryptionProtocols": { 439 "enum": [ 440 "None", 441 "CBC_DES", 442 "CFB128_AES128", 443 "CFB128_AES192", 444 "CFB128_AES256" 445 ], 446 "enumDescriptions": { 447 "CBC_DES": "CBC-DES encryption.", 448 "CFB128_AES128": "CFB128-AES-128 encryption.", 449 "CFB128_AES192": "CFB128-AES-192 encryption.", 450 "CFB128_AES256": "CFB128-AES-256 encryption.", 451 "None": "No encryption." 452 }, 453 "enumLongDescriptions": { 454 "CBC_DES": "This value shall indicate encryption conforms to the RFC3414-defined CBC-DES encryption protocol.", 455 "CFB128_AES128": "This value shall indicate encryption conforms to the RFC3826-defined CFB128-AES-128 encryption protocol.", 456 "CFB128_AES192": "This value shall indicate encryption conforms to the CFB128-AES-192 encryption protocol, extended from RFC3826.", 457 "CFB128_AES256": "This value shall indicate encryption conforms to the CFB128-AES-256 encryption protocol, extended from RFC3826.", 458 "None": "This value shall indicate there is no encryption." 459 }, 460 "enumVersionAdded": { 461 "CFB128_AES192": "v1_12_0", 462 "CFB128_AES256": "v1_12_0" 463 }, 464 "type": "string" 465 }, 466 "SNMPUserInfo": { 467 "additionalProperties": false, 468 "description": "The SNMP settings for an account.", 469 "longDescription": "This object shall contain the SNMP settings for an account.", 470 "patternProperties": { 471 "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 472 "description": "This property shall specify a valid odata or Redfish property.", 473 "type": [ 474 "array", 475 "boolean", 476 "integer", 477 "number", 478 "null", 479 "object", 480 "string" 481 ] 482 } 483 }, 484 "properties": { 485 "AuthenticationKey": { 486 "description": "The secret authentication key for SNMPv3.", 487 "longDescription": "This property shall contain the key for SNMPv3 authentication. The value shall be `null` in responses. This property accepts a passphrase or a hex-encoded key. If the string starts with `Passphrase:`, the remainder of the string shall be the passphrase and shall be converted to the key as described in the 'Password to Key Algorithm' section of RFC3414. If the string starts with `Hex:`, then the remainder of the string shall be the key encoded in hexadecimal notation. If the string starts with neither, the full string shall be a passphrase and shall be converted to the key as described in the 'Password to Key Algorithm' section of RFC3414. The passphrase can contain any printable characters except for the double quotation mark.", 488 "pattern": "(^[ !#-~]+$)|(^Passphrase:[ ^[ !#-~]+$)|(^Hex:[0-9A-Fa-f]{24,96})|(^\\*+$)", 489 "readonly": false, 490 "type": [ 491 "string", 492 "null" 493 ], 494 "versionAdded": "v1_4_0", 495 "writeOnly": true 496 }, 497 "AuthenticationKeySet": { 498 "description": "Indicates if the `AuthenticationKey` property is set.", 499 "longDescription": "This property shall contain `true` if a valid value was provided for the `AuthenticationKey` property. Otherwise, the property shall contain `false`.", 500 "readonly": true, 501 "type": "boolean", 502 "versionAdded": "v1_5_0" 503 }, 504 "AuthenticationProtocol": { 505 "anyOf": [ 506 { 507 "$ref": "#/definitions/SNMPAuthenticationProtocols" 508 }, 509 { 510 "type": "null" 511 } 512 ], 513 "description": "The authentication protocol for SNMPv3.", 514 "longDescription": "This property shall contain the SNMPv3 authentication protocol.", 515 "readonly": false, 516 "versionAdded": "v1_4_0" 517 }, 518 "EncryptionKey": { 519 "description": "The secret encryption key used in SNMPv3.", 520 "longDescription": "This property shall contain the key for SNMPv3 encryption. The value shall be `null` in responses. This property accepts a passphrase or a hex-encoded key. If the string starts with `Passphrase:`, the remainder of the string shall be the passphrase and shall be converted to the key as described in the 'Password to Key Algorithm' section of RFC3414. If the string starts with `Hex:`, then the remainder of the string shall be the key encoded in hexadecimal notation. If the string starts with neither, the full string shall be a passphrase and shall be converted to the key as described in the 'Password to Key Algorithm' section of RFC3414. The passphrase can contain any printable characters except for the double quotation mark.", 521 "pattern": "(^[ !#-~]+$)|(^Passphrase:[ ^[ !#-~]+$)|(^Hex:[0-9A-Fa-f]{32})|(^\\*+$)", 522 "readonly": false, 523 "type": [ 524 "string", 525 "null" 526 ], 527 "versionAdded": "v1_4_0", 528 "writeOnly": true 529 }, 530 "EncryptionKeySet": { 531 "description": "Indicates if the `EncryptionKey` property is set.", 532 "longDescription": "This property shall contain `true` if a valid value was provided for the `EncryptionKey` property. Otherwise, the property shall contain `false`.", 533 "readonly": true, 534 "type": "boolean", 535 "versionAdded": "v1_5_0" 536 }, 537 "EncryptionProtocol": { 538 "anyOf": [ 539 { 540 "$ref": "#/definitions/SNMPEncryptionProtocols" 541 }, 542 { 543 "type": "null" 544 } 545 ], 546 "description": "The encryption protocol for SNMPv3.", 547 "longDescription": "This property shall contain the SNMPv3 encryption protocol.", 548 "readonly": false, 549 "versionAdded": "v1_4_0" 550 } 551 }, 552 "type": "object" 553 } 554 }, 555 "language": "en", 556 "owningEntity": "DMTF", 557 "release": "2023.3", 558 "title": "#ManagerAccount.v1_12_1.ManagerAccount" 559}