The User object describes the characteristics of a user/person or a security principal. Defined by D3FEND d3f:UserAccount.
- Extends:
_entity
Attributes
Section titled “Attributes”name
- Type:
username_t - Requirement: recommended
The username. For example, janedoe1.
type_id
- Type:
integer_t - Requirement: recommended
- Values:
0-Unknown: The type is unknown.1-User: Regular user account.2-Admin: Admin/root user account.3-System: System account. For example, Windows computer accounts with a trailing dollar sign ($).99-Other: The type is not mapped. See thetypeattribute, which contains a data source specific value.
The account type identifier.
uid
- Type:
string_t - Requirement: recommended
The unique user identifier. For example, the Windows user SID, ActiveDirectory DN or AWS user ARN.
account
- Type:
account - Requirement: optional
The user’s account or the account associated with the user.
credential_uid
- Type:
string_t - Requirement: optional
The unique identifier of the user’s credential. For example, AWS Access Key ID.
domain
- Type:
string_t - Requirement: optional
The domain where the user is defined. For example: the LDAP or Active Directory domain.
email_addr
- Type:
email_t - Requirement: optional
The user’s primary email address.
full_name
- Type:
string_t - Requirement: optional
The full name of the person, as per the LDAP Common Name attribute (cn).
groups
- Type:
group - Requirement: optional
The administrative groups to which the user belongs.
ldap_person
- Type:
ldap_person - Requirement: optional
The additional LDAP attributes that describe a person.
org
- Type:
organization - Requirement: optional
Organization and org unit related to the user.
type
- Type:
string_t - Requirement: optional
The type of the user. For example, System, AWS IAM User, etc.
uid_alt
- Type:
string_t - Requirement: optional
The alternate user identifier. For example, the Active Directory user GUID or AWS user Principal ID.
Constraints
Section titled “Constraints”At least one of: account, name, uid