class UserAccount

+-SystemFunctions

+-SecM

+-UserManagement

+-LocalAuthenticationMethod

+-UserAccountM

+-UserAccount

+-SshPublicKey [0..1]

Represents a user account.

The O&M users need to authenticate to a UserAccount MO to access the ME.

References to:: AccountPolicy; PasswordPolicy;

Actions
`void`	`removePassword ( );` Removes the password from the account.
`void`	`resetPassword ( EcimPasswordString password , EcimEmpty noChange );` Resets the password of the account. The reset of the password requires the user authenticating to this account to change the password and the passwordState is set to EXPIRED_MUSTCHANGE. The password is only usable for a grace period. If the noChange parameter was provided, the passwordState is set to VALID and no forced change is required. The action returns an error if passwordPolicy attribute is not set or if the password does not match the configured quality criteria. Check the configured PasswordQuality MO for more details. Parameters Name: password Description: The new password for this user account. Name: noChange Description: Indicates that no forced password change is needed at first login to this account.
`void`	`unlockOperationalLock ( );` Unlocks the account. The ME may lock an account automatically based on the associated account policy or if a password is set based on associated password policy. The action should be called if the administrativeState is UNLOCKED but the accountState or passwordState is LOCKED. The action returns an error if the account is LOCKED by administrativeState. If the accountUsageState is DORMANT, the lastLoginTime attribute is cleared and the accountUsageState becomes UNUSED.

Attributes
`AccountPolicy mandatory`	`accountPolicy` The account policy. Refers to the DN of an AccountPolicy MO.
`AccountState readOnly`	`accountState` The state of the account. In LOCKED state, users are not able to authenticate to this account. In UNLOCKED state, users are able to authenticate to this account. Automatic lock can be placed due to dormant account. Manual locking and unlocking performed by the attribute administrativeState is also reflected by the account state. A manual lock has precedence over an automatic lock, thus enabling an account must always start with checking the value of the administrativeState attribute and setting it UNLOCKED. If already UNLOCKED and the account state is LOCKED, the ME automatically locked the account, unlockOperationalLock must be invoked for unlock.
`AccountUsageState readOnly`	`accountUsageState` The state of the account based on user activity. The account is DORMANT if the system time passes the value of the lastLogin attribute plus the dormantTimer, thus indicating lock due to account inactivity. When the account is DORMANT the account gets locked by changing accountState to LOCKED. The account is UNUSED when no successful authentication was performed to it. The account is ACTIVE in all other cases.
`BasicAdmState`	`administrativeState = UNLOCKED` The administrative state of the account. Specifies the state of the account based on administration performed by the MS. If set to UNLOCKED but accountState is LOCKED, unlockOperationalLock must be invoked.
`DateTime[0..1] readOnly`	`lastLoginTime` The date of the last successful login.
`DateTime[0..1] readOnly`	`lockedTime` The time the account was locked. Specifies the time the account was locked regardless if that was due to an administrative lock or an automatic operational lock. The value is cleared when the account is unlocked.
`DateTime[0..1] readOnly`	`passwordChangedTime` The time the password was last changed or reset. Has no value if the password is not set.
`DateTime[0..] nonUnique noNotification readOnly`	`passwordFailureTimes` Dates of failed login attempts. The list of dates when a user tried to authenticate to this account and failed. The attribute can be reset by a successful authentication, by the resetPassword action, or by the removePassword action. The dates outside the time-window set by failureCountInterval of the configured PasswordPolicy MO are removed.
`DateTime[0..1] readOnly`	`passwordLockedTime` The time the password authentication was locked. Specifies the time the password was locked due to excessive failure attempts or expired password. The value is cleared when the password is unlocked or removed.
`PasswordPolicy[0..1]`	`passwordPolicy` The password policy. Refers to the DN of a PasswordPolicy MO.
`PasswordState[0..1] readOnly`	`passwordState` The state of the password. Has no value if the password is not initialized by resetPassword action after creating the account or the password was removed; thus, no password is set. If the state is EXPIRED_MUSTCHANGE the password must be changed by the user at login. After a grace period the state turns to EXPIRED and password authentication is locked; only the MS can reset the password in that state by resetPassword. If the password was successfully changed, or no change was required at setting the password, the state turns to VALID. After expiry the state returns to EXPIRED_MUSTCHANGE. If failure counters reached the limit, the password state turns to LOCKED and password authentication is not possible. The locked state may be resolved by an automatic operational unlock by ME, or a manual unlock by the MS. The automatic unlock is based on the lockoutDuration attribute of the PasswordPolicy MO. The manual unlock is done by invoking the MO action unlockOperationalLock.
`RoleString[0..]`	`roles` The authorization profile of the user account. List the roles of the account for Role Based Access Control. The user authenticating to this account will receive the permissions defined in an authorization model.
`AccountIdString key mandatory noNotification restricted`	`userAccountId` The user ID to be provided at authentication.
`string[0..1]`	`userLabel` An additional descriptive text.
`string[0..1]`	`userName` The full name of the user assigned to the account.

class UserAccount