Table of Contents

Systems.Security.Users Entity

Namespace: Systems.Security

User logins. Entity: Sec_Users

Default Visualization

Default Display Text Format:
{Name} <{Login}> [{UserType:DB}]
Default Search Members:
Login; Name
Code Data Member:
Login
Name Data Member:
Name
Category: Definitions
Show in UI: ShownByDefault
API access: ReadWrite

Track Changes

Min level: 3 - Track object and attribute changes
Max level: 4 - Track object attribute and blob changes

Aggregate

An aggregate is a cluster of domain objects that can be treated as a single unit.

Aggregate Tree

Attributes

Name Type Description
AccessFailedCount int32 Indicates how many times the user has failed to login. May be used for locking out the user. Required Default(0) Filter(eq;ge;le) Introduced in version 18.2
Active boolean True when the login is currently active and the user can log in. Required Default(true) Filter(eq)
BasicAuthenticationAllowed boolean If true, this user is allowed to use basic authentication. Use with caution, because basic authentication is less secure than oauth!. Required Default(false) Filter(eq) Introduced in version 23.1.1.35
CompanyName string (64) nullable Name of the company in which the user claims they are working. Introduced in version 22.1.6.61
CreationTimeUtc datetime The date and time (in UTC), when the user was created. Required Default(Now) Filter(ge;le) ReadOnly Introduced in version 18.2
DefaultLanguage string (15) nullable The preferred default language of the user for UI, notifications, etc. Null means "en=English". Filter(eq) Introduced in version 25.1.0.34
DisplayText string Uses the repository DisplayTextFormat to build the display text from the attributes and references of current object.
Email string (254) nullable Unique email of the user. Can be null because there may be login providers that don't use emails. Filter(multi eq;like) ORD Introduced in version 18.2
EmailConfirmed boolean Indicates whether the email address for the specified user has been verified. Required Default(false) Filter(eq) ReadOnly Introduced in version 18.2
Id guid
IsAdmin boolean True if the user is administrator, otherwise 0. Required Default(false) Filter(eq)
LockoutEndUtc datetime nullable Contains the date and time (in UTC) until the user is locked. null when the user is not locked. Filter(eq;ge;le;like) Introduced in version 18.2
Login string (64) The login name of the user, which is usually the email. Required Filter(multi eq;like) ORD
Name MultilanguageString (254) The full name of the user. Required Filter(like)
Notes string (254) nullable Notes for this User.
ObjectVersion int32 The latest version of the extensible data object for the aggregate root for the time the object is loaded from the database. Can be used for optimistic locking.
Password string (64) nullable The password hash of the user, stored in the format, specified in Password Format. Unit: PasswordFormat ReadOnly
PasswordFormat PasswordFormat The format of the Password. MD5=MD5 format; AN3 = ASP.NET Core Identity v3. Required Default("MD5") Filter(eq) Introduced in version 18.2
PhoneNumber string (64) nullable Used only for two-factor authentication. null when phone-based two-factor is not used. Filter(eq;like) Introduced in version 18.2
PhoneNumberConfirmed boolean Indicates whether the Phone Number has been verified. Required Default(false) Filter(eq) Introduced in version 18.2
RegistrationMessage string (254) nullable Message from the user to the registration operator, regarding the desired permissions and assignment. Introduced in version 22.1.6.61
TwoFactorEnabled boolean Indicates whether two-factor authentication has been enabled. Required Default(false) Filter(eq) Introduced in version 18.2
UserType UserType Specifies the user type. INT=Internal; EXT=External (community); VIR=Virtual (No login); SYS=System; APP=Application (No lofin); INI=Invitation Internal (No login); INE=Invitation External (No login). Required Default("INT") Filter(multi eq;like) Introduced in version 18.2
VoiceExtensionNumbers string (254) nullable Comma separated list of internal extension numbers of the voice telephones of the user. Used for VOIP integration.
WindowsUserName string (128) nullable The Windows (Active Directory) user, to which this login is bound. The user will be allowed to login only when the client machine is logged in Active Directory with the specified user.

References

Name Type Description
Domain Domains (nullable) The domain, to which the user belongs. Filter(multi eq) Introduced in version 20.1
Model Models (nullable) The AI model associated with the user for their interactions. null means that this user has no AI model associated. Filter(multi eq) Introduced in version 24.1.5.34
Person Persons (nullable) The person from within the system, which is authenticated with this login. null means that this user is not associated with a person record in the database. Filter(multi eq)

Child Collections

Name Type Description
AccessKeys UserAccessKeys List of UserAccessKey(Systems.Security.UserAccessKeys.md) child objects, based on the Systems.Security.UserAccessKey.User(Systems.Security.UserAccessKeys.md#user) back reference
Devices UserDevices List of UserDevice(Systems.Security.UserDevices.md) child objects, based on the Systems.Security.UserDevice.User(Systems.Security.UserDevices.md#user) back reference
Groups UserGroups List of UserGroup(Systems.Security.UserGroups.md) child objects, based on the Systems.Security.UserGroup.User(Systems.Security.UserGroups.md#user) back reference
ProviderLogins UserProviderLogins List of UserProviderLogin(Systems.Security.UserProviderLogins.md) child objects, based on the Systems.Security.UserProviderLogin.User(Systems.Security.UserProviderLogins.md#user) back reference
ProviderTokens UserProviderTokens List of UserProviderToken(Systems.Security.UserProviderTokens.md) child objects, based on the Systems.Security.UserProviderToken.User(Systems.Security.UserProviderTokens.md#user) back reference
RoleUsers RoleUsers List of RoleUser(Systems.Security.RoleUsers.md) child objects, based on the Systems.Security.RoleUser.User(Systems.Security.RoleUsers.md#user) back reference

Attribute Details

AccessFailedCount

Indicates how many times the user has failed to login. May be used for locking out the user. Required Default(0) Filter(eq;ge;le) Introduced in version 18.2

Type: int32
Category: System
Supported Filters: Equals, GreaterThanOrLessThan
Supports Order By: False
Default Value: 0
Show in UI: ShownByDefault

Active

True when the login is currently active and the user can log in. Required Default(true) Filter(eq)

Type: boolean
Category: System
Supported Filters: Equals
Supports Order By: False
Default Value: True
Show in UI: ShownByDefault

BasicAuthenticationAllowed

If true, this user is allowed to use basic authentication. Use with caution, because basic authentication is less secure than oauth!. Required Default(false) Filter(eq) Introduced in version 23.1.1.35

Type: boolean
Category: System
Supported Filters: Equals
Supports Order By: False
Default Value: False
Show in UI: ShownByDefault

CompanyName

Name of the company in which the user claims they are working. Introduced in version 22.1.6.61

Type: string (64) nullable
Category: System
Supported Filters: NotFilterable
Supports Order By: False
Maximum Length: 64
Show in UI: ShownByDefault

CreationTimeUtc

The date and time (in UTC), when the user was created. Required Default(Now) Filter(ge;le) ReadOnly Introduced in version 18.2

Type: datetime
Category: System
Supported Filters: GreaterThanOrLessThan
Supports Order By: False
Default Value: CurrentDateTime
Show in UI: ShownByDefault

DefaultLanguage

The preferred default language of the user for UI, notifications, etc. Null means "en=English". Filter(eq) Introduced in version 25.1.0.34

Type: string (15) nullable
Category: System
Supported Filters: Equals
Supports Order By: False
Maximum Length: 15
Show in UI: ShownByDefault

DisplayText

Uses the repository DisplayTextFormat to build the display text from the attributes and references of current object.

Type: string
Category: Calculated Attributes
Supported Filters: NotFilterable
Supports Order By: ****
Show in UI: HiddenByDefault

Email

Unique email of the user. Can be null because there may be login providers that don't use emails. Filter(multi eq;like) ORD Introduced in version 18.2

Type: string (254) nullable
Indexed: True
Category: System
Supported Filters: Equals, Like, EqualsIn
Supports Order By: True
Maximum Length: 254
Show in UI: ShownByDefault

EmailConfirmed

Indicates whether the email address for the specified user has been verified. Required Default(false) Filter(eq) ReadOnly Introduced in version 18.2

Type: boolean
Category: System
Supported Filters: Equals
Supports Order By: False
Default Value: False
Show in UI: ShownByDefault

Id

Type: guid
Indexed: True
Category: System
Supported Filters: Equals, EqualsIn
Default Value: NewGuid
Show in UI: CannotBeShown

IsAdmin

True if the user is administrator, otherwise 0. Required Default(false) Filter(eq)

Type: boolean
Category: System
Supported Filters: Equals
Supports Order By: False
Default Value: False
Show in UI: ShownByDefault

LockoutEndUtc

Contains the date and time (in UTC) until the user is locked. null when the user is not locked. Filter(eq;ge;le;like) Introduced in version 18.2

Type: datetime nullable
Category: System
Supported Filters: Equals, GreaterThanOrLessThan, Like
Supports Order By: False
Show in UI: ShownByDefault

Login

The login name of the user, which is usually the email. Required Filter(multi eq;like) ORD

Type: string (64)
Indexed: True
Category: System
Supported Filters: Equals, Like, EqualsIn
Supports Order By: True
Maximum Length: 64
Show in UI: ShownByDefault

Name

The full name of the user. Required Filter(like)

Type: MultilanguageString (254)
Category: System
Supported Filters: Like
Supports Order By: False
Show in UI: ShownByDefault

Notes

Notes for this User.

Type: string (254) nullable
Category: System
Supported Filters: NotFilterable
Supports Order By: False
Maximum Length: 254
Show in UI: ShownByDefault

ObjectVersion

The latest version of the extensible data object for the aggregate root for the time the object is loaded from the database. Can be used for optimistic locking.

Type: int32
Category: Extensible Data Object
Supported Filters: NotFilterable
Supports Order By: ****
Show in UI: HiddenByDefault

Password

The password hash of the user, stored in the format, specified in Password Format. Unit: PasswordFormat ReadOnly

Type: string (64) nullable
Category: System
Supported Filters: NotFilterable
Supports Order By: False
Maximum Length: 64
Show in UI: ShownByDefault

PasswordFormat

The format of the Password. MD5=MD5 format; AN3 = ASP.NET Core Identity v3. Required Default("MD5") Filter(eq) Introduced in version 18.2

Type: PasswordFormat
Category: System
Allowed values for the PasswordFormat(Systems.Security.Users.md#passwordformat) data attribute
Allowed Values (Systems.Security.UsersRepository.PasswordFormat Enum Members)

Value Description
MD5 Store password in the old format, used by the Windows App. Stored as 'MD5'.
Database Value: 'MD5'
Model Value: 0
Domain API Value: 'MD5'
AspNetCoreV3 Store passwords in v3 format used by ASP.NET Core. Stored as 'AN3'.
Database Value: 'AN3'
Model Value: 1
Domain API Value: 'AspNetCoreV3'

Supported Filters: Equals
Supports Order By: False
Default Value: MD5
Show in UI: ShownByDefault

PhoneNumber

Used only for two-factor authentication. null when phone-based two-factor is not used. Filter(eq;like) Introduced in version 18.2

Type: string (64) nullable
Category: System
Supported Filters: Equals, Like
Supports Order By: False
Maximum Length: 64
Show in UI: ShownByDefault

PhoneNumberConfirmed

Indicates whether the Phone Number has been verified. Required Default(false) Filter(eq) Introduced in version 18.2

Type: boolean
Category: System
Supported Filters: Equals
Supports Order By: False
Default Value: False
Show in UI: ShownByDefault

RegistrationMessage

Message from the user to the registration operator, regarding the desired permissions and assignment. Introduced in version 22.1.6.61

Type: string (254) nullable
Category: System
Supported Filters: NotFilterable
Supports Order By: False
Maximum Length: 254
Show in UI: ShownByDefault

TwoFactorEnabled

Indicates whether two-factor authentication has been enabled. Required Default(false) Filter(eq) Introduced in version 18.2

Type: boolean
Category: System
Supported Filters: Equals
Supports Order By: False
Default Value: False
Show in UI: ShownByDefault

UserType

Specifies the user type. INT=Internal; EXT=External (community); VIR=Virtual (No login); SYS=System; APP=Application (No lofin); INI=Invitation Internal (No login); INE=Invitation External (No login). Required Default("INT") Filter(multi eq;like) Introduced in version 18.2

Type: UserType
Category: System
Allowed values for the UserType(Systems.Security.Users.md#usertype) data attribute
Allowed Values (Systems.Security.UsersRepository.UserType Enum Members)

Value Description
InternalUser Internal users are the usual ERP users. They have access to internal and external content.. Stored as 'INT'.
Database Value: 'INT'
Model Value: 0
Domain API Value: 'InternalUser'
ExternalCommunityUser External users can access only external (community) content. They are usually created withing community sites.. Stored as 'EXT'.
Database Value: 'EXT'
Model Value: 1
Domain API Value: 'ExternalCommunityUser'
VirtualUserNoLogin Virtual users cannot login, but can be used for task assignments, etc.. Stored as 'VIR'.
Database Value: 'VIR'
Model Value: 2
Domain API Value: 'VirtualUserNoLogin'
SystemUserNoLogin System users are used only by local system applications.. Stored as 'SYS'.
Database Value: 'SYS'
Model Value: 3
Domain API Value: 'SystemUserNoLogin'
ApplicationUserNoLogin Application users are used by applications. They do not have a password, but login by providing application credentials.. Stored as 'APP'.
Database Value: 'APP'
Model Value: 4
Domain API Value: 'ApplicationUserNoLogin'
InvitationInternalNoLogin InvitationInternalNoLogin value. Stored as 'INI'.
Database Value: 'INI'
Model Value: 5
Domain API Value: 'InvitationInternalNoLogin'
InvitationExternalNoLogin InvitationExternalNoLogin value. Stored as 'INE'.
Database Value: 'INE'
Model Value: 6
Domain API Value: 'InvitationExternalNoLogin'

Supported Filters: Equals, Like, EqualsIn
Supports Order By: False
Default Value: InternalUser
Show in UI: ShownByDefault

VoiceExtensionNumbers

Comma separated list of internal extension numbers of the voice telephones of the user. Used for VOIP integration.

Type: string (254) nullable
Category: System
Supported Filters: NotFilterable
Supports Order By: False
Maximum Length: 254
Show in UI: ShownByDefault

WindowsUserName

The Windows (Active Directory) user, to which this login is bound. The user will be allowed to login only when the client machine is logged in Active Directory with the specified user.

Type: string (128) nullable
Category: System
Supported Filters: NotFilterable
Supports Order By: False
Maximum Length: 128
Show in UI: ShownByDefault

Reference Details

Domain

The domain, to which the user belongs. Filter(multi eq) Introduced in version 20.1

Type: Domains (nullable)
Category: System
Supported Filters: Equals, EqualsIn
Show in UI: ShownByDefault

Model

The AI model associated with the user for their interactions. null means that this user has no AI model associated. Filter(multi eq) Introduced in version 24.1.5.34

Type: Models (nullable)
Category: System
Supported Filters: Equals, EqualsIn
Show in UI: ShownByDefault

Person

The person from within the system, which is authenticated with this login. null means that this user is not associated with a person record in the database. Filter(multi eq)

Type: Persons (nullable)
Category: System
Supported Filters: Equals, EqualsIn
Show in UI: ShownByDefault

API Methods

Methods that can be invoked in public APIs.

GetAllowedCustomPropertyValues

Gets the allowed values for the specified custom property for this entity object. If supported the result is ordered by property value. Some property value sources do not support ordering - in that case the result is not ordered.
Return Type: Collection Of CustomPropertyValue
Declaring Type: EntityObject
Domain API Request: GET

Parameters

  • customPropertyCode
    The code of the custom property
    Type: string

  • search
    The search text - searches by value or description. Can contain wildcard character %.
    Type: string
    Optional: True
    Default Value: null

  • exactMatch
    If true the search text should be equal to the property value
    Type: boolean
    Optional: True
    Default Value: False

  • orderByDescription
    If true the result is ordered by Description instead of Value. Note that ordering is not always possible.
    Type: boolean
    Optional: True
    Default Value: False

  • top
    The top clause - default is 10
    Type: int32
    Optional: True
    Default Value: 10

  • skip
    The skip clause - default is 0
    Type: int32
    Optional: True
    Default Value: 0

CreateNotification

Create a notification immediately in a separate transaction, and send a real-time event to the user.
Return Type: void
Declaring Type: EntityObject
Domain API Request: POST

Parameters

  • user
    The user.
    Type: Users

  • notificationClass
    The notification class.
    Type: string

  • subject
    The notification subject.
    Type: string

  • priority
    The notification priority.
    Type: Systems.Core.NotificationsRepository.Priority
    Allowed values for the Priority(Systems.Core.Notifications.md#priority) data attribute
    Allowed Values (Systems.Core.NotificationsRepository.Priority Enum Members)

    Value Description
    Background Background value. Stored as 1.
    Model Value: 1
    Domain API Value: 'Background'
    Low Low value. Stored as 2.
    Model Value: 2
    Domain API Value: 'Low'
    Normal Normal value. Stored as 3.
    Model Value: 3
    Domain API Value: 'Normal'
    High High value. Stored as 4.
    Model Value: 4
    Domain API Value: 'High'
    Urgent Urgent value. Stored as 5.
    Model Value: 5
    Domain API Value: 'Urgent'

    Optional: True
    Default Value: Normal

CreateCopy

Duplicates the object and its child objects belonging to the same aggregate. The duplicated objects are not saved to the data source but remain in the same transaction as the original object.
Return Type: EntityObject
Declaring Type: EntityObject
Domain API Request: POST

Business Rules

Front-End Business Rules

None

API

Domain API Query: https://demodb.my.erp.net/api/domain/odata/Systems_Security_Users?$top=10

Domain API Query Builder: https://demodb.my.erp.net/api/domain/querybuilder#Systems_Security_Users?$top=10

Suggest improvement to this page