Previous Page | Next Page

Authorization (ISecurity Interface)

SetInternalLoginUserOptions

Customizes internal authentication policies for the specified user.

Category: Internal authentication methods

Interface version: ISecurity 1.1

Syntax

SetInternalLoginUserOptions(personName,isDisabled,bypassStrength,bypassHistory,
useStdPasswordExpirationDate,passwordExpirationDays,bypassLockout, 
bypassInactivitySuspension,expireAccount,accountExpirationDate);

Parameters

Parameters Type Direction Description
personName string in Specifies the Name= value of the Person object whose InternalLogin object will be modified. The Name= value is specified as simply Name.
isDisabled boolean in Specifies whether the account is disabled. To disable the account, specify T. The default value is F.
bypassStrength boolean in Specifies whether to exempt the login from the site's policies about minimum password length and complexity. To exempt the login, specify T. The default value is F.
bypassHistory boolean in Specifies whether to exempt the login from the site's password history policy. To exempt the login, specify T. The default value is F.
useStdPasswordExpirationDays boolean in Specifies whether to enforce a password expiration period. The default value is T. Specify F if you do not want the password to expire.
passwordExpirationDays integer in Specifies the password expiration period in days from the day the password was initially set. A number from 0 to 32767 is supported. The default password expiration period is 30 days.
bypassLockout boolean in Specifies whether to exempt the login from the site's account lockout policy. The default value is F.
bypassInactivitySuspension boolean in Specifies whether to exempt the login from the site's inactivity suspension policy. The default value is F.
expireAccount boolean in Specifies whether to enforce an expiration date on the account. To enforce an expiration date, specify T. The default value is F.
accountExpirationDate int in Specifies the number of days from the day the account was created that the account will expire. A number from 0-32767 is supported. The default value is 0.

Details

You must have user administration capabilities on the SAS Metadata Server to modify the properties of an internal user account. For information about user administration capabilities, see "Users, Groups, and Roles: Main Administrative Roles" in the SAS Intelligence Platform: Security Administration Guide.

An internal account has a Person object with a simple name value. For example, Name="Joe". It also has an associated InternalLogin object, whose Name= attribute is person@saspw. For example, Name="Joe@saspw." All SAS internal accounts must use the suffix @saspw.

The Person object is created with the AddMetadata method. Its attributes are modified with the UpdateMetadata method. An InternalLogin object is created with the SetInternalPassword method. Its attributes are modified with the SetInternalLoginUserOptions method.

By default, new InternalLogin objects are created with the active server-level internal account policies. The active server-level account policies are the system defaults as modified by omaconfig.xml options. The SetInternalLoginUserOptions method enables you to customize the server-level policies for a particular internal account.

For information about system defaults, see "How to Change Internal Account Policies" in the SAS Intelligence Platform: Security Administration Guide. To determine what the active policy settings are after the omaconfig.xml options are applied, use the GetInternalLoginSitePolicies method.

New InternalLogin objects are created with a 30-day password expiration period. If you change the USESTDPASSWORDEXPIRATIONDAYS parameter to F, then the password does not expire and the integer value in passwordExpirationDays is ignored.

To view the policy settings on an existing internal account, use the GetInternalLoginUserInfo method. The GetInternalLoginUserInfo method also reports the status of the internal account. For example, returned values indicate whether the account is active, disabled, locked out because of unsuccessful authentication, or suspended because of inactivity.

Exceptions Thrown

The SetInternalLoginUserOptions method does not return any exceptions.

Examples

The following is a Java example of a SetInternalLoginUserOptions method call: 

// Assumes a Person object with Name='testId' already exists
// and has an InternalLogin object associated with it
iSecurity.SetInternalLoginUserOptions( testId, // username
                                       false,      // isDisabled
                                       false,    // bypassStrength
                                       true,       // bypassHistory
                                       false,    // useStdPasswordExpirationDays
                                       30,    // passwordExpirationDays
                                       false,      // bypassLockout
                                       true,       // bypassInactivitySuspension
                                       false,    // expireAccount
                                       0           // accountExpirationDate );

Related Methods

Previous Page | Next Page | Top of Page

Copyright © 2010 by SAS Institute Inc., Cary, NC, USA. All rights reserved.