account

This command allows you to create and manage users and groups.

Any changes you make to users and groups will be applied immediately, although users who are currently logged in will not see the effect of your changes until the log out and log back in again.

The account command is for managing local user accounts. As an alternative to managing a set of local user accounts in SuperADMIN, you can connect SuperSTAR to an external authentication service such as Active Directory or LDAP. See these instructions to learn more.

Usage Description

account <id>

Displays information about the specified user account or group.

account users

Displays a list of all the configured user accounts.

account groups

Displays a list of all the configured groups.

account creategroup <group_id> [ <display_name> ]

Creates a new group.

<group_id>	The group ID. This must be unique across all users and groups defined on this server.
<display_name>	(Optional): a display name for the group. If not specified this will be the same as the group ID. Display names do not need to be unique.

account createuser <user_id> [ <display_name> ] [ <password> ]

Creates a new user.

<user_id>	The user ID. This is the username that the user will use to login to the client. This must be unique across all users and groups defined on this server.
<display_name>	(Optional): a display name for the user. If not specified this will be the same as the user ID. Display names do not need to be unique.
<password>	(Optional): the user's password. If you do not specify this on the command line you will be prompted to enter and confirm the password.

When you create a new user, that user will not have access to any datasets by default. You must either add the user to a group that has access to the appropriate datasets, or use the cat command to give the user access to datasets: cat <dataset_id> access {<user>|<group>} read {true|false}

account <group_id> users

Displays a list of users who are members of the specified group.

account <user_id> memberships

Displays a list of groups that the specified user belongs to.

account <user_id> addmembership <group_id>

Adds the specified user to the specified group.

account <group_id> adduser <user_id>

Adds the specified user to the specified group.

account <group_id> removeuser <user_id>

Removes the specified user from the specified group.

account <id> remove

Deletes the specified user or group.

account <id> displayname <new_display_name>

Changes the display name for the specified user or group.

account <user_id> invalidate token

Revokes the current API access key for this user.

account maxattempts <value>

Sets the default number of failed login attempts before an account will be locked. This will be the default setting and will apply to all users unless a different setting has been specifically applied to an individual user account.

If you do not want accounts to lock at all, no matter how many times users provide the wrong details, set this to -1 .

account <id> maxattempts <value>

Sets the maximum number of failed login attempts before an account will be locked. This is the same as the previous command, except that it applies to a specific user account only.

account locktime <seconds>

Sets the number of seconds to lock an account once the user has exceeded the maximum failed login attempts. During this time the user will not be able to login even if they specify the correct credentials.

For example, if maxattempts is set to 3 and locktime is set to 600 then a user who enters their password incorrectly 3 times will be locked out for 10 minutes before they can log in again.

If you set locktime to 0 then an account that becomes locked will never be unlocked automatically. An administrator user will need to unlock the user account manually in SuperADMIN using the unlock command.

account <id> locktime <seconds>

Sets the number of seconds to lock an account. This is the same as the previous command, except that it applies to a specific user account only.

account <user_id> locked

Check whether the specified user account is currently locked.

account <id> {lock|unlock}

Locks or unlocks the specified user account.

account <id> nolock {true|false}

Controls whether accounts can be locked. This setting can be applied to both individual users and groups; if it is applied to a group then it will apply to all members of that group.

If this is set to true for an individual user, that account can never be locked, either through incorrect login attempts or through the SuperADMIN console.
If a user belongs to a group that has nolock set to true (but the setting is not applied to the individual user account) then that account cannot be locked through incorrect login attempts, but can still be locked by an administrator through the SuperADMIN console.

account updateloginentry {true|false}

Enables or disables the logging of a user's last successful login time. You are recommended to set this to false (the last successful login timestamp will not be stored) as this will improve the overall performance of the system.

account <user_id> setpassword

Changes the password of the specified user.

Use this command to reset a user's password (for example if the user has forgotten their password).

You will be prompted to enter and confirm a new password for the user.

If a display name or ID includes non alphanumeric characters (e.g. a space) then you must enclose it in quote marks. You must also enclose a display name or ID in quotes if it starts with a numeric character.

Note about Deleting Users and Groups and Reuse of User and Group IDs

If you delete a user account or group, you are recommended not to reuse the ID when creating subsequent users or groups. Due to a known issue, in some cases a new user or group may inherit the permission of the previous user or group, if they share the same user ID.

For this reason, you are recommended not to reuse IDs from previously deleted users and groups when creating new users and groups. The problem only occurs when IDs are reused; you can use the same display name as a previously deleted user or group and the issue will not occur (as long as the ID is different).