Overview#

XDAS Account Management is an XDASv2 Event is applicable to the management of principal accounts. A principal may be an end-user. By default Organizational Person, Person, and User object classes are mapped to accounts.

NOTE: The Modify Account Security Token event can be defined in terms of MODIFY_ACCOUNT, but modification of account security tokens is considered critical to audit security, and is thus given its own event.

Blame or credit for an action goes to the identity for a set of activities within a system.

Account Management Event Taxonomy

Event NameEvent IdentifierCorresponding eDir EventDescriptionUse
CREATE_ACCOUNT0.0.0.0DSE_CREATE_ENTRY
DSE_LDAP_ADD
DSE_LDAP_ADDRESPONSE
DSE_NAME_COLLISION
Create a new accountConsider this event as appropriate for any situation wherein an account, as defined above, is to be created.
DELETE_ACCOUNT0.0.0.1DSE_DELETE_ENTRY
DSE_LDAP_DELETE
DSE_LDAP_DELETERESPONSE
DSE_MOVE_SOURCE_ENTRY
DSE_REMOVE_ENTRY
Delete an existing accountThis event has the opposite semantic meaning of account creation. Use this event wherever such an account, as described above, is to be deleted.
DISABLE_ACCOUNT0.0.0.2DSE_ADD_VALUEDisable an existing accountConsider this event relevant for any situation where a particular record in an identifier database is disabled by an administrator or an automated security process such that it can no longer be used until it is re-enabled
ENABLE_ACCOUNT0.0.0.3DSE_ADD_VALUEEnable an existing accountThis is the counterpart event to the disable account event defined above.
QUERY_ACCOUNT0.0.0.4DSE_SEARCH
DSE_DSA_READ
DSE_INSPECT_ENTRY
DSE_LDAP_SEARCH
DSE_LDAP_SEARCHENTRYRESPONSE
DSE_LDAP_COMPARE
Query an existing accountConsider the Query account events whenever a request for the attribute information of a particular account is made.
MODIFY_ACCOUNT0.0.0.5DSE_MERGE_ENTRIES
DSE_ADD_VALUE
DSE_DELETE_ATTRIBUTE
DSE_DELETE_VALUE
DSE_LDAP_MODDN
DSE_LDAP_MODDNRESPONSE
DSE_LDAP_MODIFY
DSE_LDAP_MODIFYRESPONSE
DSE_MODIFY_ENTRY
DSE_MODIFY_RDN
DSE_RENAME_ENTRY
Modify an existing accountConsider the Modify account events whenever a request to change attribute information of a particular account is made.
MODIFY_ACCOUNT_SECURITY_TOKEN 0.0.0.6DSE_CHGPASSModify an existing account security tokenAn account security token may be a password, or any other type of Credential materials associated with a user account. Here, a user account means any type of account by which a user, application, or system service may authenticate, and then act with the rights of that account.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-14) was last changed on 24-May-2017 15:27 by jim