Update a domain user’s password, group membership, rights or annotation.

The password element is ignored for non-COMPOSITE domains. The oldPassword element is required when callers are changing their own password. Users with the MODIFY_ALL_USERS right do not need to specify the oldPassword element when changing other users’ passwords.

Updating a user’s group membership is a set operation.

Only users with the MODIFY_ALL_USERS right can use the updateUser call.

/services/webservices/system/admin/user/operations/

domainName: The domain name.

userName: The user name.

oldPassword (optional): An old user password. This is silently ignored if the domain is not a COMPOSITE domain.

password (optional): A new user password. This is silently ignored if the domain is not a COMPOSITE domain.

groupNames (optional): Names and optional domains of groups to which the user belongs. If not provided, the group membership is left unaltered.

explicitRights (optional): A bit mask for a user’s rights. For a table of values, see User and Group Rights Mask.

annotation (optional): A description of the user. If not provided, the annotation is left unaltered.

N/A

NotAllowed: If the user cannot be updated as requested. For example, the annotation may not be updatable (such as the composite user admin), the password may not be updatable in an LDAP domain, or the group membership may not be updatable to omit the “all” group.

NotAllowed: If an attempt is made to use this operation with an insufficient license.

NotFound: If the domain does not exist.

NotFound: If the user does not exist.

NotFound: If any of the provided groups do not exist.

Security: If the user does not have the ACCESS_TOOLS right.

Security: If the user does not have the MODIFY_ALL_USERS right and is updating any user other than self or is updating anything other than the password.

Security: If the user is modifying his or her own password and oldPassword is not correct.