Skip to content

5. Account Service

You can perform the following operations under /redfish/v1/AccountService.

Available Methods: Get, Post, Patch and Delete

5.1 Get AccountService

You can use the API and payload to get account service.

URI: /redfish/v1/AccountService

Method: GET

Response:

{
    "@odata.id": "/redfish/v1/AccountService",
    "@odata.type": "#AccountService.v1_15_0.AccountService",
    "AccountLockoutCounterResetAfter": 30,
    "AccountLockoutCounterResetEnabled": true,
    "AccountLockoutDuration": 30,
    "AccountLockoutThreshold": 5,
    "Accounts": {
        "@odata.id": "/redfish/v1/AccountService/Accounts"
    },
    "AuthFailureLoggingThreshold": 3,
    "Description": "Account Service",
    "Id": "AccountService",
    "LocalAccountAuth": "Enabled",
    "MaxPasswordLength": 50,
    "MinPasswordLength": 8,
    "Name": "Account Service",
    "RequireChangePasswordAction": false,
    "Roles": {
        "@odata.id": "/redfish/v1/AccountService/Roles"
    },
    "ServiceEnabled": true,
    "Status": {
        "Health": "OK",
        "State": "Enabled"
    }
}

5.2 Get Accounts Info

You can use the API and payload to get accounts list.

URI: /redfish/v1/AccountService/Accounts

Method: GET

Response:

{
    "@odata.id": "/redfish/v1/AccountService/Accounts",
    "@odata.type": "#ManagerAccountCollection.ManagerAccountCollection",
    "Members": [
        {
            "@odata.id": "/redfish/v1/AccountService/Accounts/1"
        }
    ],
    "Members@odata.count": 1,
    "Name": "Accounts Collection"
}

5.3 Get Accounts Roles

The Redfish Role Service provides a list of predefined or OEM-defined roles that define the privileges associated with each user account. Each account references a role through its RoleId, and the Redfish service uses the role to determine access rights when handling requests.

5.3.1 API Endpoints

Method Endpoints Description
GET /redfish/v1/AccountService/Roles Retrieve all supported roles
GET /redfish/v1/AccountService/Roles/{Role} Retrieve a specific role by ID

URI: /redfish/v1/AccountService/Roles

Method: GET

Response:

{
    "@odata.id": "/redfish/v1/AccountService/Roles",
    "@odata.type": "#RoleCollection.RoleCollection",
    "Members": [
        {
            "@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
        }, {
            "@odata.id": "/redfish/v1/AccountService/Roles/Operator"
        }
    ], "Members@odata.count":2,
    "Name": "Roles Collection"
}

URI: /redfish/v1/AccountService/Roles/Administrator

Method: GET

Response:

{
    "@odata.type":"#Role.v1_2_1.Role",
    "@odata.id":"/redfish/v1/AccountService/Roles/Administrator",
    "Id":"Administrator",
    "Name":"Administrator Role",
    "RoleId":"Administrator",
    "IsPredefined":true,
    "AssignedPrivileges":[
        "Login",
        "ConfigureSelf",
        "ConfigureManager",
        "ConfigureUsers",
        "ConfigureComponents",
        "UpdateFirmware"
    ],
    "OemPrivileges":[
        "SOL_Access",
        "VirtualMedia_Control"
    ]
}

URI: /redfish/v1/AccountService/Roles/Operator

Method: GET

Response:

{
    "@odata.type":"#Role.v1_2_1.Role",
    "@odata.id":"/redfish/v1/AccountService/Roles/Operator",
    "Id":"Operator",
    "Name":"Operator Role",
    "RoleId":"Operator",
    "IsPredefined":true,
    "AssignedPrivileges":[
        "Login",
        "ConfigureSelf",
        "ConfigureComponents"
    ],
    "OemPrivileges":[
        "SOL_Access",
        "VirtualMedia_Control"
    ]
}

5.3.2 Property Description

Property Type Description
RoleId String The unique name of the role, used by accounts
AssignedPrivileges Array of Strings Standard Redfish privileges associated with the role
OemPrivileges Array of Strings OEM-defined privileges (e.g., access to SOL or Virtual Media)
IsPredefined Boolean true if this role is predefined and immutable
Name String Human-readable name for the role (recommended, not required)

5.3.3 Privilege Mapping

The Redfish service enforces access control based on the privileges defined in the role assigned to a session's user account.

Privilege Description
Login Allows login to the service and session creation.
ConfigureSelf Allows modification of the authenticated user's own account.
ConfigureUsers Allows creation, modification, and deletion of any user accounts.
ConfigureManager Allows configuration of management settings (e.g., network).
ConfigureComponents Allows control of physical components (e.g., power command).
UpdateFirmware Allows uploading and applying firmware updates to components.
SOL_Access OEM-defined: allows Serial-over-LAN access.
VirtualMedia_Control OEM-defined: allows control of Virtual Media (insert/eject ISO, etc.).

5.4 Get a User

You can use the API and payload to get an account information.

URI: /redfish/v1/AccountService/Accounts/1

Method: GET

Response:

{
    "@odata.id": "/redfish/v1/AccountService/Accounts/1",
    "@odata.type": "#ManagerAccount.v1_12_0.ManagerAccount",
    "AccountTypes": [
        "Redfish"
    ],
    "Description": "User Account",
    "EmailAddress": "admin@avermedia.com",
    "Enabled": true,
    "Id": "1",
    "Links": {
        "Role": {
            "@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
        }
    },
    "Locked": false,
    "Name": "User Account",
    "Password": "Admin",
    "PasswordChangeRequired": false,
    "PhoneNumber": "2-2226-3630",
    "RoleId": "Administrator",
    "UserName": "Admin"
}

5.5 Add a User

You can use the API and payload to create a new account.

URI: /redfish/v1/AccountService/Accounts

Method: POST

Payload:

{
    "UserName": "User_Name",
    "Password": "User_Password",
    "RoleId": "Operator",
    "Enabled": true
}

Response:

HTTP Status Code: 204 No Content

If the operation is successful, a status code 204 No Content will be returned.

HTTP Status Code: 400 Bad Request

If a client attempts to create a new account using a UserName that already exists, the service shall reject the request with a 400 Bad Request response.

HTTP Status Code: 403 Forbidden

If a user attempts to create a new account but lacks the required privileges (e.g., does not have ConfigureUsers privilege), the service shall reject the request with a 403 Forbidden status code.

Note

Note that the allowed values for RoleId are Administrator and Operator. You can also verify the assigned privileges for different roles (Administrator and Operator) under /redfish/v1/AccountService/Roles.

5.6 Delete a User

You can use the API to delete the respective account.

URI: /redfish/v1/AccountService/Accounts/1

Method: DELETE

Response:

HTTP Status Code: 204 No Content

If the operation is successful, a status code 204 No Content will be returned.

HTTP Status Code: 403 Forbidden

An account assigned the Operator role is not permitted to delete any user accounts, including its own.

If an Operator attempts to delete another user account or their own account, the service shall respond with an HTTP 403 Forbidden status code.

5.7 Update a User

You can use the API and payload to update an account.

URI: /redfish/v1/AccountService/Accounts/1

Method: PATCH

Payload:

{
    "UserName": "User0_Name",
    "Password": "User0_Password",
    "RoleId": "Operator",
    "Enabled": true
}

Response:

HTTP Status Code: 204 No Content

If the operation is successful, a status code 204 No Content will be returned.

HTTP Status Code: 403 Forbidden

When issuing a PATCH request to /redfish/v1/AccountService/Accounts/{id}, users with the Operator role must ensure that the {id} matches their own account.

If the request targets a different account, the service shall deny the request and return with an HTTP 403 Forbidden status code.

Next section