User (user)

Description

A system user account in the domain.
Defines authorization parameters and limits of access to the system functionality via HTTP and WebSocket API. The composition of a user’s roles determines the level of access to API.

Limitations

  • The collection is available in any domains. Each domain can contain a special set of roles (opts.roles) for users.

  • The system logic uses domains and objects belonging to them when implementing functionality and defining access for individual users. All data within the domain is closed by default. However, user accounts are available to administrators in the parent domain. Refers to the data layer.

Fields

Entity structure
{
  "id": uuid,
  "name": str,
  "login": str,
  "pwd": str,
  "timezone": float | 'default',
  "opts": {
    "title": str,
    "roles": array<str>,
    "tags": array<str>,
    "copy_to_domains": array<str>,
    "comment": str,
    "sites": array<str>,
    "allow_script_crud": bool
  },
  "security": object,
  "ext": {
    "ct": date,
    "lwt": date,
    ...
  }
}

Description of the specification’s characteristics

Table 1. Fields
Specification Description

Field: id
Mode: inout
Type: uuid
Default: generated

Identifier. Can be specified at creation, otherwise generated by the system.

Field: name
Mode: in
Type: str
Default: required

Username.
May contain the characters A-Za-z0-9_-.~!. The length must not be more than 1000 characters.

Field: login
Mode: in
Type: str
Default: required

User Login.
May contain the characters A-Za-z0-9_-.~!. The length must not be more than 100 characters.

Field: pwd
Mode: in
Type: str
Default: required

User Password.
May contain the characters A-Za-z0-9_-.~!. The length must not be more than 100 characters.

Field: timezone
Mode: in
Type: float | "default"
Default: "default"

User’s time zone. From -12 to 12, such as 3.5, or `"default"'" to apply the server time zone.

Field: opts
Mode: in
Type: object
Composite field

Field: opts.roles
Mode: in
Type: array<str>
Default: empty

List of user roles set to personalized.
Possible values are available via API roles.

The full set of user roles is also determined by the user’s membership in groups.
The entire set of user-defined roles is available via API users_caches.

For master domain accounts that are copied to other domains ('copy_to_domains'), you may need to set the product layer roles installed in the child domain. Such roles are not present in the master domain role list and must be set manually.

Field: opts.tags
Mode: in
Type: array<str>
Default: empty

User Tag List.
Used for mapping to entities of other classes.
These are set as arbitrary string values, separated by commas.

Field: opts.copy_to_domains
Mode: in
Type: array<str>
Default: empty

Domain Masks.
The field exists only in the master domain.
Wildcards may include:

  • * – any number of any characters.

  • $ – an arbitrary number of any characters other than a period.

  • ? – an arbitrary character other than a dot).

Examples:

  • $.domain.ru – any subdomain of the first tier with respect to domain.ru;

  • $.$.domain.ru – any second-level subdomain relative to domain.ru;

  • domain.$ – domain in any zone;

  • *.domain.ru – any subdomain of any level in the child domain tree domain.ru;

  • a?.domain.ru – any first-level subdomain of domain.ru, where the name consists of two characters, the first of which is a.

Field: opts.self_registered
Mode: inout
Type: bool
Default: false

Set to 'true' by the system when created during user self-registration.

Field: opts.info
Mode: inout
Type: object
Default: empty

Filled in by the system during automatic registration or updating data in an external system during OAuth authorization.

Field: opts.title
Mode: in
Type: str
Default: empty

Arbitrary header

Field: opts.comment
Mode: in
Type: str
Default: empty

Arbitrary comment

Field: opts.sites
Mode: in
Type: array<str>
Default: empty

List of sites to restrict data access. The field exists only in the master domain for users with role sitemonitor.

Field: opts.allow_script_crud
Mode: in
Type: bool
Default: false

Characteristic to allow CRUD operations when running scripts as user

Field: opts.web_sess_limit
Mode: in
Type: int
Default: 10

Maximum number of web sessions for the user. The number is defined as 1 cookie session + n token sessions. When attempting authentication, a web session limit exceeded error will be returned if the session limit is exceeded.

Field: opts.phonenumber
Mode: in
Type: string
Default: empty

The user phone number applied to the sipuser account during hotlinking using the subscriber function Hot Desk or from the client application.
May contain the characters 0-9 up to the maximum number of characters 100.

Field: opts.pincode
Mode: in
Type: string
Default: empty

The user pin code used for the purpose of hotlinking the user and sipuser account using the subscriber function HotDesking.
May contain the characters 0-9 up to the maximum number of characters 100.

Field: security
Mode: inout
Type: object
Composite field

Allows to extend the composition with arbitrary keys and values. Not available for viewing and changing by the user.

Field: ext
Mode: inout
Type: object
Composite field

Allows to extend the composition with arbitrary keys and values. Available for viewing and changing by the user.

Field: ext.ct
Mode: out
Type: date
Default: generated

Object creation time

Field: ext.lwt
Mode: out
Type: date
Default: generated

Time of last modification of the object

Field: ext.adminPermissions
Mode: in
Type: array<str>
Default: empty

List of sections of the 'Settings' application available to the administrator account.
Only relevant for users who have roles that grant access to the Settings application and the corresponding endpoints REST API.
For the standard administrator account (login 'admin') the parameter is not applied, all sections are available to the user authorized under it.
The special value '' gives access to all partitions: "adminPermissions": [""]
In the Settings app, you can select specific sections.

See also

API

Logical roles

  • mdc and sdc manage accounts.

  • ws performs authorization when processing API requests.

  • Personalization
  • Increase font size
  • Decrease font size