List of filters for query results. See API documentation for "Query Methods" for more guidance.
No Additional Items[
[
"name",
"=",
"bob"
]
]
[
[
"OR",
[
[
[
"name",
"=",
"bob"
]
],
[
[
"name",
"=",
"larry"
]
]
]
]
]
Query options including pagination, ordering, and additional parameters.
No Additional PropertiesExtra options are defined on a per-endpoint basis and are described in the documentation for the associated query method.
An array of field names describing the manner in which query results should be ordered. The field names may also have one of more of the following special prefixes: - (reverse sort direction), nulls_first: (place any null values at the head of the results list), nulls_last: (place any null values at the tail of the results list).
[
"size",
"-devname",
"nulls_first:-expiretime"
]
An array of field names specifying the exact fields to include in the query return. The dot character . may be used to explicitly select only subkeys of the query result.
[
"username",
"Authentication.status"
]
Return a numeric value representing the number of items that match the specified query-filters.
Return the JSON object of the first result matching the specified query-filters. The query fails if there specified query-filters return no results.
This specifies the beginning offset of the results array. When combined with the limit query-option it may be used to implement pagination of large results arrays. WARNING: some query methods provide volatile results and the onus is on the developer to understand whether pagination is appropriate for a particular query API method.
This specifies the maximum number of results matching the specified query-filters to return. When combined wtih the offset query-option it may be used to implement pagination of large results arrays.
WARNING: Some query methods provide volatile results and the onus is on the developer to understand whether pagination is appropriate for a particular query API method.
Force use of SQL for result filtering to reduce response time. May not work for all methods.
This is the API identifier for the user. Use this ID for user.update and user.delete API calls. This ID also appears in the users array for each group entry in group.query results.
NOTE: For users from a directory service, the id is calculated by adding 100000000 to the uid. This ensures consistent API results. You cannot change directory service accounts through TrueNAS.
A non-negative integer used to identify a system user. TrueNAS uses this value for permission checks and many other system purposes.
A string used to identify a user. Local accounts must use characters from the POSIX portable filename character set.
Must be at least 1 characters long
Hashed password for local accounts. This value is null for accounts provided by directory services.
NT hash of the local account password for smb users. This value is null for accounts provided by directory services or non-SMB accounts.
The local file system path for the user account's home directory.
Typically, this is required only if the account has shell access (local or SSH) to TrueNAS.
This is not required for accounts used only for SMB share access.
Must be at least 1 characters long
Available choices can be retrieved with user.shell_choices.
Must be at least 1 characters long
Comment field to provide additional information about the user account. Typically, this is the full name of the user or a short description of a service account. There are no character set restrictions for this field. This field is for information only.
If true, the user account is an internal system account for the TrueNAS server. Typically, one should create dedicated user accounts for access to the TrueNAS server webui and shares.
The user account may be used to access SMB shares. If set to true then TrueNAS stores an NT hash of the user account's password for local accounts. This feature is unavailable for local accounts when General Purpose OS STIG compatibility mode is enabled. If set to true the user is automatically added to the builtin_users group.
Specifies the subuid mapping for this user. If DIRECT then the UID will be directly mapped to all containers. Alternatively, the target UID may be explicitly specified. If null, then the UID will not be mapped.
NOTE: This field will be ignored for users that have been assigned TrueNAS roles.
Value must be greater or equal to 1 and lesser or equal to 4294967294
The primary group of the user account.
Array of additional groups to which the user belongs. NOTE: Groups are identified by their group entry id, not their Unix group ID (gid).
If set to true password authentication for the user account is disabled.
NOTE: Users with password authentication disabled may still authenticate to the TrueNAS server by other methods, such as SSH key-based authentication.
NOTE: Password authentication is required for smb users.
Allow the user to authenticate to the TrueNAS SSH server using a password.
WARNING: The established best practice is to use only key-based authentication for SSH servers.
SSH public keys corresponding to private keys that authenticate this user to the TrueNAS SSH server.
If set to true the account is locked. The account cannot be used to authenticate to the TrueNAS server.
An array of commands the user may execute with elevated privileges. User is prompted for password when executing any command from the array.
No Additional ItemsMust be at least 1 characters long
An array of commands the user may execute with elevated privileges. User is not prompted for password when executing any command from the array.
No Additional ItemsMust be at least 1 characters long
Email address of the user. If the user has the FULL_ADMIN role, they will receive email alerts and notifications.
Must be at least 1 characters long
If true, the account is local to the TrueNAS server. If false, the account is provided by a directory service.
If true, the account is system-provided and most fields related to it may not be changed.
If true, the account has been configured for two-factor authentication. Users are prompted for a second factor when authenticating to the TrueNAS web UI and API. They may also be prompted when signing in to the TrueNAS SSH server using a password (depending on global two-factor authentication settings).
The Security Identifier (SID) of the user if the account an smb account. The SMB server uses this value to check share access and for other purposes.
The date of the last password change for local user accounts.
The age in days of the password for local user accounts.
This contains hashes of the ten most recent passwords used by local user accounts, and is for enforcing password history requirements as defined in system.security.
Password change for local user account is required on next login.
Array of roles assigned to this user's groups. Roles control administrative access to TrueNAS through the web UI and API.
No Additional ItemsArray of API key IDs associated with this user account for programmatic access.
No Additional ItemsThis is the API identifier for the user. Use this ID for user.update and user.delete API calls. This ID also appears in the users array for each group entry in group.query results.
NOTE: For users from a directory service, the id is calculated by adding 100000000 to the uid. This ensures consistent API results. You cannot change directory service accounts through TrueNAS.
A non-negative integer used to identify a system user. TrueNAS uses this value for permission checks and many other system purposes.
A string used to identify a user. Local accounts must use characters from the POSIX portable filename character set.
Must be at least 1 characters long
Hashed password for local accounts. This value is null for accounts provided by directory services.
NT hash of the local account password for smb users. This value is null for accounts provided by directory services or non-SMB accounts.
The local file system path for the user account's home directory.
Typically, this is required only if the account has shell access (local or SSH) to TrueNAS.
This is not required for accounts used only for SMB share access.
Must be at least 1 characters long
Available choices can be retrieved with user.shell_choices.
Must be at least 1 characters long
Comment field to provide additional information about the user account. Typically, this is the full name of the user or a short description of a service account. There are no character set restrictions for this field. This field is for information only.
If true, the user account is an internal system account for the TrueNAS server. Typically, one should create dedicated user accounts for access to the TrueNAS server webui and shares.
The user account may be used to access SMB shares. If set to true then TrueNAS stores an NT hash of the user account's password for local accounts. This feature is unavailable for local accounts when General Purpose OS STIG compatibility mode is enabled. If set to true the user is automatically added to the builtin_users group.
Specifies the subuid mapping for this user. If DIRECT then the UID will be directly mapped to all containers. Alternatively, the target UID may be explicitly specified. If null, then the UID will not be mapped.
NOTE: This field will be ignored for users that have been assigned TrueNAS roles.
Value must be greater or equal to 1 and lesser or equal to 4294967294
The primary group of the user account.
Array of additional groups to which the user belongs. NOTE: Groups are identified by their group entry id, not their Unix group ID (gid).
If set to true password authentication for the user account is disabled.
NOTE: Users with password authentication disabled may still authenticate to the TrueNAS server by other methods, such as SSH key-based authentication.
NOTE: Password authentication is required for smb users.
Allow the user to authenticate to the TrueNAS SSH server using a password.
WARNING: The established best practice is to use only key-based authentication for SSH servers.
SSH public keys corresponding to private keys that authenticate this user to the TrueNAS SSH server.
If set to true the account is locked. The account cannot be used to authenticate to the TrueNAS server.
An array of commands the user may execute with elevated privileges. User is prompted for password when executing any command from the array.
No Additional ItemsMust be at least 1 characters long
An array of commands the user may execute with elevated privileges. User is not prompted for password when executing any command from the array.
No Additional ItemsMust be at least 1 characters long
Email address of the user. If the user has the FULL_ADMIN role, they will receive email alerts and notifications.
Must be at least 1 characters long
If true, the account is local to the TrueNAS server. If false, the account is provided by a directory service.
If true, the account is system-provided and most fields related to it may not be changed.
If true, the account has been configured for two-factor authentication. Users are prompted for a second factor when authenticating to the TrueNAS web UI and API. They may also be prompted when signing in to the TrueNAS SSH server using a password (depending on global two-factor authentication settings).
The Security Identifier (SID) of the user if the account an smb account. The SMB server uses this value to check share access and for other purposes.
The date of the last password change for local user accounts.
The age in days of the password for local user accounts.
This contains hashes of the ten most recent passwords used by local user accounts, and is for enforcing password history requirements as defined in system.security.
Password change for local user account is required on next login.
Array of roles assigned to this user's groups. Roles control administrative access to TrueNAS through the web UI and API.
No Additional ItemsArray of API key IDs associated with this user account for programmatic access.
No Additional Items