Overview#
XDAS Account Management is an XDASv2 Event is applicable to the management of principal accounts. A principal may be an end-user. By default Organizational Person, Person, and User object classes are mapped to accounts.NOTE: The Modify Account Security Token event can be defined in terms of MODIFY_ACCOUNT, but modification of account security tokens is considered critical to audit security, and is thus given its own event.
Blame or credit for an action goes to the identity for a set of activities within a system.
Account Management Event Taxonomy
Event Name | Event Identifier | Corresponding eDir Event | Description | Use |
---|---|---|---|---|
CREATE_ACCOUNT | 0.0.0.0 | DSE_CREATE_ENTRY DSE_LDAP_ADD DSE_LDAP_ADDRESPONSE DSE_NAME_COLLISION | Create a new account | Consider this event as appropriate for any situation wherein an account, as defined above, is to be created. |
DELETE_ACCOUNT | 0.0.0.1 | DSE_DELETE_ENTRY DSE_LDAP_DELETE DSE_LDAP_DELETERESPONSE DSE_MOVE_SOURCE_ENTRY DSE_REMOVE_ENTRY | Delete an existing account | This event has the opposite semantic meaning of account creation. Use this event wherever such an account, as described above, is to be deleted. |
DISABLE_ACCOUNT | 0.0.0.2 | DSE_ADD_VALUE | Disable an existing account | Consider this event relevant for any situation where a particular record in an identifier database is disabled by an administrator or an automated security process such that it can no longer be used until it is re-enabled |
ENABLE_ACCOUNT | 0.0.0.3 | DSE_ADD_VALUE | Enable an existing account | This is the counterpart event to the disable account event defined above. |
QUERY_ACCOUNT | 0.0.0.4 | DSE_SEARCH DSE_DSA_READ DSE_INSPECT_ENTRY DSE_LDAP_SEARCH DSE_LDAP_SEARCHENTRYRESPONSE DSE_LDAP_COMPARE | Query an existing account | Consider the Query account events whenever a request for the attribute information of a particular account is made. |
MODIFY_ACCOUNT | 0.0.0.5 | DSE_MERGE_ENTRIES DSE_ADD_VALUE DSE_DELETE_ATTRIBUTE DSE_DELETE_VALUE DSE_LDAP_MODDN DSE_LDAP_MODDNRESPONSE DSE_LDAP_MODIFY DSE_LDAP_MODIFYRESPONSE DSE_MODIFY_ENTRY DSE_MODIFY_RDN DSE_RENAME_ENTRY | Modify an existing account | Consider the Modify account events whenever a request to change attribute information of a particular account is made. |
MODIFY_ACCOUNT_SECURITY_TOKEN | 0.0.0.6 | DSE_CHGPASS | Modify an existing account security token | An account security token may be a password, or any other type of Credential materials associated with a user account. Here, a user account means any type of account by which a user, application, or system service may authenticate, and then act with the rights of that account. |