Systems.Security.Users Entity

Namespace: Systems.Security

User logins. Entity: Sec_Users

Default Visualization

Default Display Text Format:
{Login}
Default Search Members:
Login; Name
Code Data Member:
Login
Name Data Member:
Name
Category: Definitions
Show in UI: ShownByDefault

Aggregate

An aggregate is a cluster of domain objects that can be treated as a single unit.

Aggregate Tree

• Systems.Security.Users
  • Systems.Security.UserAccessKeys
  • Systems.Security.UserGroups
  • Systems.Security.UserProviderLogins
  • Systems.Security.UserProviderTokens
  • Systems.Workflow.RoleUsers

Attributes

Name	Type	Description
AccessFailedCount	int32	Indicates how many times the user has failed to login. May be used for locking out the user. Required Default(0) Filter(eq;ge;le) Introduced in version 18.2
Active	boolean	True when the login is currently active and the user can log in. Required Default(true) Filter(eq)
BasicAuthenticationAllowed	boolean	If true, this user is allowed to use basic authentication. Use with caution, because basic authentication is less secure than oauth!. Required Default(false) Filter(eq) Introduced in version 23.1.1.35
CompanyName	string (64) nullable	Name of the company in which the user claims they are working. Introduced in version 22.1.6.61
CreationTimeUtc	datetime	The date and time (in UTC), when the user was created. Required Default(Now) Filter(ge;le) ReadOnly Introduced in version 18.2
DefaultCulture	string (15) nullable	The preferred default culture of the user for UI, notifications, etc. null means "en-US". Introduced in version 20.1
DisplayText	string	Uses the repository DisplayTextFormat to build the display text from the attributes and references of current object.
Email	string (254) nullable	Unique email of the user. Can be null because there may be login providers that don't use emails. Filter(multi eq;like) ORD Introduced in version 18.2
EmailConfirmed	boolean	Indicates whether the email address for the specified user has been verified. Required Default(false) Filter(eq) Introduced in version 18.2
Id	guid
IsAdmin	boolean	True if the user is administrator, otherwise false. Required Default(false) Filter(eq)
LockoutEndUtc	datetime nullable	Contains the date and time (in UTC) until the user is locked. null when the user is not locked. Filter(eq;ge;le;like) Introduced in version 18.2
Login	string (64)	The login name of the user, which is usually the email. Required Filter(multi eq;like) ORD
Name	MultilanguageString (254)	The full name of the user. Required Filter(like)
Notes	string (254) nullable	Notes for this User.
ObjectVersion	int32	The latest version of the extensible data object for the aggregate root for the time the object is loaded from the database. Can be used for optimistic locking.
Password	string (64) nullable	The password hash of the user, stored in the format, specified in Password Format. Unit: PasswordFormat ReadOnly
PasswordFormat	PasswordFormat	The format of the Password. MD5=MD5 format; AN3 = ASP.NET Core Identity v3. Required Default("MD5") Filter(eq) Introduced in version 18.2
PhoneNumber	string (64) nullable	Used only for two-factor authentication. null when phone-based two-factor is not used. Filter(eq;like) Introduced in version 18.2
PhoneNumberConfirmed	boolean	Indicates whether the Phone Number has been verified. Required Default(false) Filter(eq) Introduced in version 18.2
RegistrationMessage	string (254) nullable	Message from the user to the registration operator, regarding the desired permissions and assignment. Introduced in version 22.1.6.61
TwoFactorEnabled	boolean	Indicates whether two-factor authentication has been enabled. Required Default(false) Filter(eq) Introduced in version 18.2
UserType	UserType	Specifies the user type. INT=Internal; EXT=External (community); VIR=Virtual (No login); SYS=System; APP=Application. Required Default("INT") Filter(multi eq) Introduced in version 18.2
VoiceExtensionNumbers	string (254) nullable	Comma separated list of internal extension numbers of the voice telephones of the user. Used for VOIP integration.
WindowsUserName	string (128) nullable	The Windows (Active Directory) user, to which this login is bound. The user will be allowed to login only when the client machine is logged in Active Directory with the specified user.

References

Name	Type	Description
Domain	Domains (nullable)	The domain, to which the user belongs. Filter(multi eq) Introduced in version 20.1
Person	Persons (nullable)	The person from within the system, which is authenticated with this login. null means that this user is not associated with a person record in the database. Filter(multi eq)

Child Collections

Name	Type	Description
AccessKeys	UserAccessKeys	List of UserAccessKey(Systems.Security.UserAccessKeys.md) child objects, based on the Systems.Security.UserAccessKey.User(Systems.Security.UserAccessKeys.md#user) back reference
Groups	UserGroups	List of UserGroup(Systems.Security.UserGroups.md) child objects, based on the Systems.Security.UserGroup.User(Systems.Security.UserGroups.md#user) back reference
ProviderLogins	UserProviderLogins	List of UserProviderLogin(Systems.Security.UserProviderLogins.md) child objects, based on the Systems.Security.UserProviderLogin.User(Systems.Security.UserProviderLogins.md#user) back reference
ProviderTokens	UserProviderTokens	List of UserProviderToken(Systems.Security.UserProviderTokens.md) child objects, based on the Systems.Security.UserProviderToken.User(Systems.Security.UserProviderTokens.md#user) back reference
RoleUsers	RoleUsers	List of RoleUser(Systems.Workflow.RoleUsers.md) child objects, based on the Systems.Workflow.RoleUser.User(Systems.Workflow.RoleUsers.md#user) back reference

Attribute Details

AccessFailedCount

Indicates how many times the user has failed to login. May be used for locking out the user. Required Default(0) Filter(eq;ge;le) Introduced in version 18.2

Type: int32
Category: System
Supported Filters: Equals, GreaterThanOrLessThan
Supports Order By: False
Default Value: 0
Show in UI: ShownByDefault

Active

True when the login is currently active and the user can log in. Required Default(true) Filter(eq)

Type: boolean
Category: System
Supported Filters: Equals
Supports Order By: False
Default Value: True
Show in UI: ShownByDefault

BasicAuthenticationAllowed

If true, this user is allowed to use basic authentication. Use with caution, because basic authentication is less secure than oauth!. Required Default(false) Filter(eq) Introduced in version 23.1.1.35

Type: boolean
Category: System
Supported Filters: Equals
Supports Order By: False
Default Value: False
Show in UI: ShownByDefault

CompanyName

Name of the company in which the user claims they are working. Introduced in version 22.1.6.61

Type: string (64) nullable
Category: System
Supported Filters: NotFilterable
Supports Order By: False
Maximum Length: 64
Show in UI: ShownByDefault

CreationTimeUtc

The date and time (in UTC), when the user was created. Required Default(Now) Filter(ge;le) ReadOnly Introduced in version 18.2

Type: datetime
Category: System
Supported Filters: GreaterThanOrLessThan
Supports Order By: False
Default Value: CurrentDateTime
Show in UI: ShownByDefault

DefaultCulture

The preferred default culture of the user for UI, notifications, etc. null means "en-US". Introduced in version 20.1

Type: string (15) nullable
Category: System
Supported Filters: NotFilterable
Supports Order By: False
Maximum Length: 15
Show in UI: ShownByDefault

DisplayText

Uses the repository DisplayTextFormat to build the display text from the attributes and references of current object.

Type: string
Category: Calculated Attributes
Supported Filters: NotFilterable
Supports Order By: ****
Show in UI: HiddenByDefault

Email

Unique email of the user. Can be null because there may be login providers that don't use emails. Filter(multi eq;like) ORD Introduced in version 18.2

Type: string (254) nullable
Indexed: True
Category: System
Supported Filters: Equals, Like, EqualsIn
Supports Order By: True
Maximum Length: 254
Show in UI: ShownByDefault

EmailConfirmed

Indicates whether the email address for the specified user has been verified. Required Default(false) Filter(eq) Introduced in version 18.2

Type: boolean
Category: System
Supported Filters: Equals
Supports Order By: False
Default Value: False
Show in UI: ShownByDefault

Id

Type: guid
Indexed: True
Category: System
Supported Filters: Equals, EqualsIn
Default Value: NewGuid
Show in UI: CannotBeShown

IsAdmin

True if the user is administrator, otherwise false. Required Default(false) Filter(eq)

Type: boolean
Category: System
Supported Filters: Equals
Supports Order By: False
Default Value: False
Show in UI: ShownByDefault

LockoutEndUtc

Contains the date and time (in UTC) until the user is locked. null when the user is not locked. Filter(eq;ge;le;like) Introduced in version 18.2

Type: datetime nullable
Category: System
Supported Filters: Equals, GreaterThanOrLessThan, Like
Supports Order By: False
Show in UI: ShownByDefault

Login

The login name of the user, which is usually the email. Required Filter(multi eq;like) ORD

Type: string (64)
Indexed: True
Category: System
Supported Filters: Equals, Like, EqualsIn
Supports Order By: True
Maximum Length: 64
Show in UI: ShownByDefault

Name

The full name of the user. Required Filter(like)

Type: MultilanguageString (254)
Category: System
Supported Filters: Like
Supports Order By: False
Show in UI: ShownByDefault

Notes

Notes for this User.

Type: string (254) nullable
Category: System
Supported Filters: NotFilterable
Supports Order By: False
Maximum Length: 254
Show in UI: ShownByDefault

ObjectVersion

The latest version of the extensible data object for the aggregate root for the time the object is loaded from the database. Can be used for optimistic locking.

Type: int32
Category: Extensible Data Object
Supported Filters: NotFilterable
Supports Order By: ****
Show in UI: HiddenByDefault

Password

The password hash of the user, stored in the format, specified in Password Format. Unit: PasswordFormat ReadOnly

Type: string (64) nullable
Category: System
Supported Filters: NotFilterable
Supports Order By: False
Maximum Length: 64
Show in UI: ShownByDefault

PasswordFormat

The format of the Password. MD5=MD5 format; AN3 = ASP.NET Core Identity v3. Required Default("MD5") Filter(eq) Introduced in version 18.2

Type: PasswordFormat
Category: System
Allowed values for the PasswordFormat(Systems.Security.Users.md#passwordformat) data attribute
Allowed Values (Systems.Security.UsersRepository.PasswordFormat Enum Members)

Value	Description
MD5	Store password in the old format, used by the Windows App. Stored as 'MD5'. Database Value: 'MD5' Model Value: 0 Domain API Value: 'MD5'
AspNetCoreV3	Store passwords in v3 format used by ASP.NET Core. Stored as 'AN3'. Database Value: 'AN3' Model Value: 1 Domain API Value: 'AspNetCoreV3'

Supported Filters: Equals
Supports Order By: False
Default Value: MD5
Show in UI: ShownByDefault

PhoneNumber

Used only for two-factor authentication. null when phone-based two-factor is not used. Filter(eq;like) Introduced in version 18.2

Type: string (64) nullable
Category: System
Supported Filters: Equals, Like
Supports Order By: False
Maximum Length: 64
Show in UI: ShownByDefault

PhoneNumberConfirmed

Indicates whether the Phone Number has been verified. Required Default(false) Filter(eq) Introduced in version 18.2

Type: boolean
Category: System
Supported Filters: Equals
Supports Order By: False
Default Value: False
Show in UI: ShownByDefault

RegistrationMessage

Message from the user to the registration operator, regarding the desired permissions and assignment. Introduced in version 22.1.6.61

Type: string (254) nullable
Category: System
Supported Filters: NotFilterable
Supports Order By: False
Maximum Length: 254
Show in UI: ShownByDefault

TwoFactorEnabled

Indicates whether two-factor authentication has been enabled. Required Default(false) Filter(eq) Introduced in version 18.2

Type: boolean
Category: System
Supported Filters: Equals
Supports Order By: False
Default Value: False
Show in UI: ShownByDefault

UserType

Specifies the user type. INT=Internal; EXT=External (community); VIR=Virtual (No login); SYS=System; APP=Application. Required Default("INT") Filter(multi eq) Introduced in version 18.2

Type: UserType
Category: System
Allowed values for the UserType(Systems.Security.Users.md#usertype) data attribute
Allowed Values (Systems.Security.UsersRepository.UserType Enum Members)

Value	Description
InternalUser	Internal users are the usual ERP users. They have access to internal and external content.. Stored as 'INT'. Database Value: 'INT' Model Value: 0 Domain API Value: 'InternalUser'
ExternalCommunityUser	External users can access only external (community) content. They are usually created withing community sites.. Stored as 'EXT'. Database Value: 'EXT' Model Value: 1 Domain API Value: 'ExternalCommunityUser'
VirtualUserNoLogin	Virtual users cannot login, but can be used for task assignments, etc.. Stored as 'VIR'. Database Value: 'VIR' Model Value: 2 Domain API Value: 'VirtualUserNoLogin'
SystemUserNoLogin	System users are used only by local system applications.. Stored as 'SYS'. Database Value: 'SYS' Model Value: 3 Domain API Value: 'SystemUserNoLogin'
ApplicationUserNoLogin	Application users are used by applications. They do not have a password, but login by providing application credentials.. Stored as 'APP'. Database Value: 'APP' Model Value: 4 Domain API Value: 'ApplicationUserNoLogin'

Supported Filters: Equals, EqualsIn
Supports Order By: False
Default Value: InternalUser
Show in UI: ShownByDefault

VoiceExtensionNumbers

Comma separated list of internal extension numbers of the voice telephones of the user. Used for VOIP integration.

Type: string (254) nullable
Category: System
Supported Filters: NotFilterable
Supports Order By: False
Maximum Length: 254
Show in UI: ShownByDefault

WindowsUserName

The Windows (Active Directory) user, to which this login is bound. The user will be allowed to login only when the client machine is logged in Active Directory with the specified user.

Type: string (128) nullable
Category: System
Supported Filters: NotFilterable
Supports Order By: False
Maximum Length: 128
Show in UI: ShownByDefault

Reference Details

Domain

The domain, to which the user belongs. Filter(multi eq) Introduced in version 20.1

Type: Domains (nullable)
Category: System
Supported Filters: Equals, EqualsIn
Show in UI: ShownByDefault

Person

The person from within the system, which is authenticated with this login. null means that this user is not associated with a person record in the database. Filter(multi eq)

Type: Persons (nullable)
Category: System
Supported Filters: Equals, EqualsIn
Show in UI: ShownByDefault

API Methods

Methods that can be invoked in public APIs.

GetAllowedCustomPropertyValues

Gets the allowed values for the specified custom property for this entity object. If supported the result is ordered by property value. Some property value sources do not support ordering - in that case the result is not ordered.
Return Type: Collection Of CustomPropertyValue
Declaring Type: EntityObject
Domain API Request: GET

Parameters

• customPropertyCode
  The code of the custom property
  Type: string

• search
  The search text - searches by value or description. Can contain wildcard character %.
  Type: string
  Optional: True
  Default Value: null

• exactMatch
  If true the search text should be equal to the property value
  Type: boolean
  Optional: True
  Default Value: False

• orderByDescription
  If true the result is ordered by Description instead of Value. Note that ordering is not always possible.
  Type: boolean
  Optional: True
  Default Value: False

• top
  The top clause - default is 10
  Type: int32
  Optional: True
  Default Value: 10

• skip
  The skip clause - default is 0
  Type: int32
  Optional: True
  Default Value: 0

CreateNotification

Creates a notification and sends a real time event to the user.
Return Type: void
Declaring Type: EntityObject
Domain API Request: POST

Parameters

• user
  The user.
  Type: Users

• notificationClass
  The notification class.
  Type: string

• subject
  The subject.
  Type: string

CreateCopy

Duplicates the object and its child objects belonging to the same aggregate. The duplicated objects are not saved to the data source but remain in the same transaction as the original object.
Return Type: EntityObject
Declaring Type: EntityObject
Domain API Request: POST

Business Rules

• R33153 User - Notify Admins On Community User Creation
• R34956 User - External And Virtual Users Cannot Be Admin
• R35716 User - Password Required Except Virtual And Application Users

Front-End Business Rules

None

API

Domain API Query: https://demodb.my.erp.net/api/domain/odata/Systems_Security_Users?$top=10

Domain API Query Builder: https://demodb.my.erp.net/api/domain/querybuilder#Systems_Security_Users?$top=10