AccountData Structure
Information about each account (both user accounts and roles) is stored in the following structure:
AccountData Struct [
AccountID { Unique ID of this account };
AccountName { Unique name of this account };
Password { Password - only used for user accounts };
AltID { Alternate ID - user accounts only };
AutoLogoff { Automatic log-off timeout - user a/c only };
PWDate { Password creation date - user a/c only };
Rules { Array of SecurityRule structures };
IsRole { TRUE if account is a role, else user };
Disable { TRUE to disable this account };
Description { Textual description of this account };
CustomData { Uncommitted field for application data }; PWCreationTS { Timestamp of password creation }; Language { User preferred language };
];
API module calls that require an AccountData structure for an existing account must provide a valid AccountID. An AccountID is a text value whose length is specified in the imported API constant AccountIDLength.
| AccountName | Holds the unique name of the account, including any namespace (group) prefix, separated by your application’s configured NameSpaceDelimiter character. You may change an account name, which is why the API requires the immutable AccountID for all operations on an existing account. |
| Password |
Accounts only, not roles. Any supplied passwords are given as plain text but must conform to the application-configured password strength requirements. You are strongly advised to clear any variable holding a plain text password immediately after adding a new account. The GetAccount function will never return a password as part of the AccountData structure. |
| AltID | User accounts only. This is the alternate account identification used by such subsystems as the Alarm Notification System. |
| AutoLogoff | User accounts only. It specifies the time, in minutes, after which a user session using this account will be signed out if there is no UI activity. This overrides the application configured global AutoLogoff value. |
| PWDate | User accounts only. This is the date on which the current password was created. It is used to enforce password change after a period of time. When creating an account, an Invalid value automatically sets the PWDate to today. If set to zero, it forces the user to change their password when they next sign in. |
| Rules | An array of SecurityRule structures, one per rule. If Invalid, the user or role has no privileges whatsoever. |
| Disable | A Boolean value, defaulting to FALSE. If set to TRUE, the account is disabled. If this is a user account, the user cannot sign in and, if already signed in, is immediately signed out. If this is a role, its security rules are disabled. |
| Description | Role accounts only. The purpose is to provide a meaningful description of the purpose of a role. Defaults to Invalid. |
| CustomData | Not used by SecurityManager. It is provided for application use to store any account-specific data it chooses. The data must either be text or numeric. If you need to store more complex data, serialize it into text before storing. |
