SetInternalLoginUserOptions :: SAS(R) 9.3 Open Metadata Interface: Reference and Usage

Short Description

Customizes internal authentication policies for the specified user.

Interface Version

ISecurity 1.1

Syntax

SetInternalLoginUserOptions(personName,isDisabled,bypassStrength,bypassHistory,
useStdPasswordExpirationDate,passwordExpirationDays,bypassLockout, 
bypassInactivitySuspension,expireAccount,accountExpirationDate);

Parameters

Method Parameters

Parameters	Type	Direction	Description
personName	string	in	Specifies the Name attribute value of the Person object whose InternalLogin object will be modified. The Name value is specified as simply Name.
isDisabled	boolean	in	Specifies whether the account is disabled. To disable the account, specify T. The default value is F.
bypassStrength	boolean	in	Specifies whether to exempt the login from the site's policies about minimum password length and complexity. To exempt the login, specify T. The default value is F.
bypassHistory	boolean	in	Specifies whether to exempt the login from the site's password history policy. To exempt the login, specify T. The default value is F.
useStdPasswordExpirationDays	boolean	in	Specifies whether to enforce a password expiration period. The default value is T. Specify F if you do not want the password to expire.
passwordExpirationDays	integer	in	Specifies the password expiration period in days from the day the password was initially set. A number from 0 to 32767 is supported. The default password expiration period is 30 days.
bypassLockout	boolean	in	Specifies whether to exempt the login from the site's account lockout policy. The default value is F.
bypassInactivitySuspension	boolean	in	Specifies whether to exempt the login from the site's inactivity suspension policy. The default value is F.
expireAccount	boolean	in	Specifies whether to enforce an expiration date on the account. To enforce an expiration date, specify T. The default value is F.
accountExpirationDate	int	in	Specifies the number of days from the day the account was created that the account will expire. A number from 0-32767 is supported. The default value is 0.

Details

You must have user administration capabilities on the SAS Metadata Server to modify the properties of an internal user account. For information about user administration capabilities, see “Users, Groups, and Roles: Main Administrative Roles” in the SAS Intelligence Platform: Security Administration Guide.

An internal account has a Person object with a simple name value. For example, Name=“Joe”. It also has an associated InternalLogin object, whose Name attribute is person@saspw. For example, Name=“Joe@saspw.” All SAS internal accounts must use the suffix @saspw.

The Person object is created with the AddMetadata method. Its attributes are modified with the UpdateMetadata method. An InternalLogin object is created with the SetInternalPassword method. Its attributes are modified with the SetInternalLoginUserOptions method.

By default, new InternalLogin objects are created with the active server-level internal account policies. The active server-level account policies are the system defaults as modified by omaconfig.xml options. The SetInternalLoginUserOptions method enables you to customize the server-level policies for a particular internal account.

For information about system defaults, see “How to Change Internal Account Policies” in the SAS Intelligence Platform: Security Administration Guide. To determine what the active policy settings are after the omaconfig.xml options are applied, use the GetInternalLoginSitePolicies method.

New InternalLogin objects are created with a 30–day password expiration period. If you change the USESTDPASSWORDEXPIRATIONDAYS parameter to F, then the password does not expire and the integer value in passwordExpirationDays is ignored.

To view the policy settings on an existing internal account, use the GetInternalLoginUserInfo method. The GetInternalLoginUserInfo method also reports the status of the internal account. For example, returned values indicate whether the account is active, disabled, locked out because of unsuccessful authentication, or suspended because of inactivity.

Exceptions Thrown

The SetInternalLoginUserOptions method does not return any exceptions.

Examples

The following is a Java example of a SetInternalLoginUserOptions method call:

// Assumes a Person object with Name='testId' already exists
// and has an InternalLogin object associated with it
iSecurity.SetInternalLoginUserOptions( testId, // username
                                       false,      // isDisabled
                                       false,    // bypassStrength
                                       true,       // bypassHistory
                                       false,    // useStdPasswordExpirationDays
                                       30,    // passwordExpirationDays
                                       false,      // bypassLockout
                                       true,       // bypassInactivitySuspension
                                       false,    // expireAccount
                                       0           // accountExpirationDate );

SetInternalLoginUserOptions