Configuring user authorizations

This page provides information for creating user data files, that is, payload JSON files that you can submit when you configure user authorizations.

The following code samples show the available objects and properties that you can include within such a file.

The following example shows the definitions of a Control-M user:

{
  "Name": "jdoe_1",
  "Description": "John Doe's user specifications",
  "FullName": "John Doe",
  "Authentication": {
     "ControlM": {
        "Password": "string",
        "PasswordExpirationDays": 0,
        "ChangePasswordAtNextLogin": true,
        "LockAccount": true,
        "AccountLockedOnDate": "04/19/2023 11:42:35 AM"
     }
  },
  "Roles": [
     "Admin",
     "TeamLeader"
   ]
}

The following example shows the definitions of an external user:

{
   "Name": "jdoe_2",
   "Description": "John Doe's user specifications",
   "FullName": "John Doe",
   "Authentication": {
      "ExternalProvider": {
         "LdapUserAndDomain": "CN[OU]@DC"
      }
   },
   "Roles": [
      "Admin",
      "TeamLeader"
  ]
}

Object or Property

Description

Name

Defines the username of the authorized user.

Description

Provides a description of the authorized user.

FullName

Defines the full name of the authorized user.

Authentication

Defines one of the following authentication methods for the authorized user:

  • ControlM: A Control-M user authenticated using a password
  • ExternalProvider: A user authenticated through an external LDAP provider

Control-M

Defines the authentication settings for a Control-M user authenticated via a password.

  Password

Defines the password of the Control-M user.

  PasswordExpirationDays

Determines the number of days that the password is valid until it expires.

For a password that never expires, use a value of 0.

Default: 0 (never expires)

  ChangePasswordAtNextLogin

(Optional) Determines whether the user must change the password at the next login.

Values: true | false

Default: false

  LockAccount

(Optional) Determines whether to prevent this user from logging into Control-M from a certain date and time.

Values: true | false

Default: false

  AccountLockedOnDate

Defines the date and time to lock the account and prevent this user from logging into Control-M.

Format: MM/dd/yyyy h:mm:ss aa

ExternalProvider

Defines a user authenticated through an external LDAP provider.

  LdapUserAndDomain

Defines the LDAP user and domain for the LDAP server that authenticates the Control-M user.

Format: CN[OU]@DC, where CN=user, OU=org_unit, DC=domain

Roles

Lists the roles associated with the authorized user.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*