1. Manage Users

1.1. Add a User

To add a user execute API_SCURTY.CREATE_USER. If password authentication is chosen a default password is assigned. However, this password needs to be changed during the first login. If an e-mail address is specified the user will receive a mail with this password alongside with guideline how to change it.

User types can be HU, GU or TU, which are explained here: Red Authorization Concept.

A private sandbox may be enabled, quotas should be defined as well in this case.

Note

It is strongly recommended to automate user management via some IDM like MS-AD which can be directly coupled with SCURTY. In addition, users still can be added manually if necessary (e.g. for testing purposes).

The following example adds a human user (HU) named ‘testuser’ with local password authentication. The user will receive no mail upon creation since the mail address is missing.

Example

1EXECUTE SCRIPT API_SCURTY.CREATE_USER (
2     'testuser'                         -- p_user_name
3     ,'HU'                              -- p_user_type
4     ,'password'                        -- p_authentication
5     ,false                             -- p_private_sbx
6     ,null                              -- p_quota
7     ,'test user - will be deleted'     -- p_comment
8     ,                                  -- p_email
9);

The newly created user account can be found in the SCURTY view REP_ALL_USERS.

USER_NAME

USER_CONSUMER_GROUP

USER_AUTHENTICATION

USER_AUTH_ID

PASSWORD_STATE

ACCOUNT_LOCKED

IS_HU

IS_GU

IS_TU

IS_VALID

USBX_STATUS

USBX_QUOTA_GB

USER_COMMENT

TESTUSER

(null)

PASSWORD

(null)

EXPIRED(GRACE)

false

true

false

ifalse

true

(null)

(null)

test user - will be deleted

1.2. Manage a User

To change any of the parameters assigned to a user by creation use the script API_SCURTY.MANAGE_USER. Providing NULL leaves the parameters as is, while a blank (’ ‘) restores the default value.

Example: change the description only

1EXECUTE SCRIPT API_SCURTY.MANAGE_USER (
2     'TESTUSER'                                   -- p_user_name
3     ,null                                        -- p_account_lock
4     ,null                                        -- p_authentication
5     ,null                                        -- p_expire
6     ,null                                        -- p_private_sbx
7     ,null                                        -- p_quota
8     ,'test user - will be deleted, got changed'  -- p_comment
9);

Changes to the user account can also be seen in the view REP_ALL_USERS.

USER_NAME

USER_CONSUMER_GROUP

USER_AUTHENTICATION

USER_AUTH_ID

PASSWORD_STATE

ACCOUNT_LOCKED

IS_HU

IS_GU

IS_TU

IS_VALID

USBX_STATUS

USBX_QUOTA_GB

USER_COMMENT

TESTUSER

(null)

PASSWORD

(null)

EXPIRED(GRACE)

false

true

false

ifalse

true

(null)

(null)

test user - will be deleted, got changed

1.3. Drop a User

To drop a user account use API_SCURTY.DROP_USER.

Example

1EXECUTE SCRIPT API_SCURTY.DROP_USER (
2     'testuser'  -- p_user_name
3);

After issuing this command NO user with the user name ‘testuser’ will exist in the view REP_ALL_USERS.