class UserAccount

+-SystemFunctions

+-SecM

+-UserManagement

+-LocalAuthenticationMethod

+-UserAccountM

+-UserAccount

+-SshPublicKey [0..1]

Represents a user account.

The O&M users need to authenticate to a UserAccount MO to access the ME.

References to:: AccountPolicy; PasswordPolicy;

Actions
`void`	`removePassword ( );` Removes the password from the account.
`void`	`resetPassword ( EcimPasswordString password , EcimEmpty noChange );` Resets the password of the account. The reset of the password requires the user authenticating to this account to change the password and the passwordState is set to EXPIRED_MUSTCHANGE. The password is only usable for a grace period. If the noChange parameter was provided, the passwordState is set to VALID and no forced change is required. The action returns an error if the password does not match the configured quality criteria. Check the configured PasswordQuality MO for more details. Parameters Name: password Description: The new password for this user account. Name: noChange Description: Indicates that no forced password change is needed at first login to this account.
`void`	`unlockOperationalLock ( );` Unlocks an account after an operational lock set by the ME. The ME may lock an account automatically based on the associated password policy or the account policy. The action should be called if the administrativeState is UNLOCKED but the accountState is LOCKED. The action returns an error if the account is LOCKED by administrativeState or the passwordState is EXPIRED. If the accountUsageState is DORMANT, the lastLoginTime attribute is cleared and the accountUsageState becomes UNUSED.

Attributes
`AccountPolicy mandatory`	`accountPolicy` The account policy. Refers to the DN of an AccountPolicy MO.
`AccountState readOnly`	`accountState` The state of the account. In LOCKED state, users are not able to authenticate to this account. In UNLOCKED state, users are able to authenticate to this account. Automatic operational locking and unlocking of the user account changes the account state to LOCKED or UNLOCKED, respectively. Automatic lock can be placed due to failed login attempts, expired password, or dormant account. Manual locking and unlocking performed by the attribute administrativeState is also reflected by the account state. A manual lock has precedence over an automatic lock, thus enabling an account must always start with checking the value of the administrativeState attribute and setting it UNLOCKED. If already UNLOCKED and the account state is LOCKED, the ME automatically locked the account, unlockOperationalLock must be invoked for unlock.
`AccountUsageState readOnly`	`accountUsageState` The state of the account based on user activity. The account is DORMANT if the system time passes the value of the lastLogin attribute plus the dormantTimer, thus indicating lock due to account inactivity. When the account is DORMANT the account gets locked by changing accountState to LOCKED. The account is UNUSED when no successful authentication was performed to it. The account is ACTIVE in all other cases.
`BasicAdmState`	`administrativeState = LOCKED` The administrative state of the account. Specifies the state of the account based on administration performed by the MS. If set to UNLOCKED but accountState is LOCKED, unlockOperationalLock must be invoked.
`DateTime[0..1] readOnly`	`lastLoginTime` The date of the last successful login.
`DateTime[0..1] readOnly`	`lockedTime` The time the account was locked. Specifies the time the account was locked regardless if that was due to an administrative lock or an automatic operational lock. The value is cleared when the account is unlocked.
`DateTime[0..1] readOnly`	`passwordChangedTime` The time the password was last changed or reset. Has no value if the password is not set.
`DateTime[0..] nonUnique noNotification readOnly`	`passwordFailureTimes` Dates of failed login attempts. The list of dates when a user tried to authenticate to this account and failed. The attribute can be reset by a successful authentication, by the resetPassword action, or by the removePassword action. The dates outside the time-window set by failureCountInterval of the configured PasswordPolicy MO are removed.
`PasswordPolicy mandatory`	`passwordPolicy` The password policy. Refers to the DN of a PasswordPolicy MO.
`PasswordState[0..1] readOnly`	`passwordState` The state of the password. Has no value if the password is not initialized by resetPassword action after creating the account or the password was removed; thus, no password is set. If the state is EXPIRED_MUSTCHANGE the password must be changed by the user at login. After a grace period the state turns to EXPIRED and the account becomes LOCKED; only the MS can reset the password in that state.
`RoleString[0..]`	`roles` The authorization profile of the user account. List the roles of the account for Role Based Access Control. The user authenticating to this account will receive the permissions defined in an authorization model.
`AccountIdString key mandatory noNotification restricted`	`userAccountId` The user ID to be provided at authentication.
`string[0..1]`	`userLabel` An additional descriptive text.
`string[0..1]`	`userName` The full name of the user assigned to the account.

class UserAccount