Administer user account policies in IBM Security Verify Access for Web

Administer user account policies

We can manage user access by setting account policies. We can specify policies that apply either only to a single user or for all users.
When a user account policy attribute is set to a value and enforced, the value always takes precedence over a value set for the general policy. This is true even if the value set for the general policy is more restrictive.
If an account policy attribute for a user is not enforced, then the value is set for the general policy. If that value is set and enforced, then the value is applied for the user.
Table 1 describes the administration API methods used to modify or access account policies.

Method Description

PDUser.getUserRgy Determines which type of user registry is configured for the ISAM policy server.

PDPolicy constructor Instantiates a policy object for a user, or for all users in the case of the global policy.

PDPolicy object.acctDisableTimeEnforced Returns an indicator Account disable time interval policy is enforced.

PDPolicy object.acctDisableTimeUnlimited Returns an indicator Account disable time interval policy is unlimited.

PDPolicy object.acctExpDateEnforced Returns an indicator Account expiration date policy is enforced.

PDPolicy object.acctExpDateUnlimited Returns an indicator Account expiration date policy is unlimited.

PDPolicy object.getAcctExpDate Returns the account expiration date for user accounts.

PDPolicy object.getAcctDisableTimeInterval Returns the amount of time to disable a user account when the maximum number of login failures is exceeded.

PDPolicy object.PDPolicy.getMaxConcurrentWebSessions Returns the maximum concurrent web sessions allowed.

PDPolicy object.getMaxFailedLogins Returns the maximum number of failed logins allowed for user accounts.

PDPolicy object.getAccessibleDays
PDPolicy object.getAccessStartTime
PDPolicy object.getAccessEndTime
PDPolicy object.getAccessTimezone Returns the time of day access policy for user accounts.

PDPolicy.maxConcurrentWebSessionsDisplaced Returns an indicator Whether the maximum concurrent web sessions policy is displaced.

PDPolicy.maxConcurrentWebSessionsEnforced Returns an indicator Whether the maximum concurrent web sessions policy is enforced.

PDPolicy.maxConcurrentWebSessionsUnlimited Returns an indicator Whether the maximum concurrent web sessions policy is unlimited.

PDPolicy object.maxFailedLoginsEnforced Returns an indicator Whether the maximum failed login policy is enforced.

PDPolicy.setAcctExpDate
PDPolicy object.setAcctExpDate Sets the account expiration date for user accounts.

PDPolicy.setAcctDisableTime
PDPolicy object.setAcctDisableTime Sets the amount of time to disable a user account when the maximum number of login failure is exceeded.

PDPolicy.setMaxConcurrentWebSessions
PDPolicy object.PDPolicy.setMaxConcurrentWebSessions Set the maximum concurrent Web sessions allowed.

PDPolicy.setMaxFailedLogins
PDPolicy object.setMaxFailedLogins Set the maximum number of failed logins allowed for user accounts.

PDPolicy.setTodAccess
PDPolicy object.setTodAccess Time of day access for the account for user accounts. When setting a password policy, you provide a list of days, start time, and end time. The start time and end time apply to each day on the list. If the specified start time is later than the specified end time, then the access is allowed until the specified end time is reached the next day.

PDPolicy object.todAccessEnforced Returns an indicator Whether the time-of-day access policy is enforced.

For detailed reference information about these methods, see the Javadoc HTML documentation.
Parent topic: Administer users and groups

Method	Description
PDUser.getUserRgy	Determines which type of user registry is configured for the ISAM policy server.
PDPolicy constructor	Instantiates a policy object for a user, or for all users in the case of the global policy.
PDPolicy object.acctDisableTimeEnforced	Returns an indicator Account disable time interval policy is enforced.
PDPolicy object.acctDisableTimeUnlimited	Returns an indicator Account disable time interval policy is unlimited.
PDPolicy object.acctExpDateEnforced	Returns an indicator Account expiration date policy is enforced.
PDPolicy object.acctExpDateUnlimited	Returns an indicator Account expiration date policy is unlimited.
PDPolicy object.getAcctExpDate	Returns the account expiration date for user accounts.
PDPolicy object.getAcctDisableTimeInterval	Returns the amount of time to disable a user account when the maximum number of login failures is exceeded.
PDPolicy object.PDPolicy.getMaxConcurrentWebSessions	Returns the maximum concurrent web sessions allowed.
PDPolicy object.getMaxFailedLogins	Returns the maximum number of failed logins allowed for user accounts.
PDPolicy object.getAccessibleDays PDPolicy object.getAccessStartTime PDPolicy object.getAccessEndTime PDPolicy object.getAccessTimezone	Returns the time of day access policy for user accounts.
PDPolicy.maxConcurrentWebSessionsDisplaced	Returns an indicator Whether the maximum concurrent web sessions policy is displaced.
PDPolicy.maxConcurrentWebSessionsEnforced	Returns an indicator Whether the maximum concurrent web sessions policy is enforced.
PDPolicy.maxConcurrentWebSessionsUnlimited	Returns an indicator Whether the maximum concurrent web sessions policy is unlimited.
PDPolicy object.maxFailedLoginsEnforced	Returns an indicator Whether the maximum failed login policy is enforced.
PDPolicy.setAcctExpDate PDPolicy object.setAcctExpDate	Sets the account expiration date for user accounts.
PDPolicy.setAcctDisableTime PDPolicy object.setAcctDisableTime	Sets the amount of time to disable a user account when the maximum number of login failure is exceeded.
PDPolicy.setMaxConcurrentWebSessions PDPolicy object.PDPolicy.setMaxConcurrentWebSessions	Set the maximum concurrent Web sessions allowed.
PDPolicy.setMaxFailedLogins PDPolicy object.setMaxFailedLogins	Set the maximum number of failed logins allowed for user accounts.
PDPolicy.setTodAccess PDPolicy object.setTodAccess	Time of day access for the account for user accounts. When setting a password policy, you provide a list of days, start time, and end time. The start time and end time apply to each day on the list. If the specified start time is later than the specified end time, then the access is allowed until the specified end time is reached the next day.
PDPolicy object.todAccessEnforced	Returns an indicator Whether the time-of-day access policy is enforced.