Create User Extended


Create a user. Roughly speaking there are three different types of user creation: self-created, owned and temporary.

This service replaces CreateUser and CreateOwnedUsers, and adds support for temporary users.

The differences between the different types of user creation are:

  • A self-created user provides a user logon reference, password, and name. If all is OK, the user is created, and added to the unowned user group.
  • An owned user is created by another user. The user logon reference, password and name of the new user are provided. The user is created and added to a user group specified on the call, over which the owning user has own-users authority.
  • A temporary user is created either with or without

The service is more flexible and can be used to fine-tune user setup.

If userSetup is set to default, then the user will be assigned all the licenses in the blank-delimited list in the config parameter defaultLicenseTemplateReference. Each license template is of the form tttt.rrrr, where tttt is the type (currently always "asset"), and rrrr is the reference.

  <defaultLicenseTemplateReference>asset.lt1 asset.lt2</defaultLicenseTemplateReference>

This specifies that the user should be given asset licenses for templates lt1 and lt2.

In all cases, set the property createTimestamp to the timestamp when the user was created.



  <!-- User group to own the new user.  Defaults to 0, which means "unowned". -->
  <userGroupIdentifierOwning>user group id</userGroupIdentifierOwning>
  <userGroupReferenceOwning>user group id</userGroupReferenceOwning>

  <!-- If owning user group is specified, credentials of user creator. -->
<!-- Set to true to generate user reference, password and name automatically. --> <generateUserIdentityIndicator>false|true</generateUserIdentityIndicator> <!-- If generateUserIdentityIndicator is false (the default), credentials for new user. --> <!-- userLogonReferenceCreate is mandatory. --> <!-- passwordCreate is optional, if blank or not given then no password is created and the user cannot sign on. --> <userLogonReferenceCreate>new user reference</userLogonReferenceCreate> <passwordCreate>new user password</passwordCreate> <!-- If generateUserIdentityIndicator is false, this is mandatory. --> <!-- If true, this is optional and defaults to "New User". --> <userNameCreate>new user name</userNameCreate> <!-- Optional, in all cases --> <userEmailAddressCreate>new user email</userEmailAddressCreate> <acceptMarketingIndicatorCreate>true|false</acceptMarketingIndicatorCreate> <acceptThirdPartyMarketingIndicatorCreate>true|false</acceptThirdPartyMarketingIndicatorCreate> <!-- Indicates the user must change their password when they first sign in --> <forcePasswordChangeIndicator>true|false</forcePasswordChangeIndicator> <!-- Code to indicate what setup is required for the new user. Valid values are default or none --> <userSetup>default|none</userSetup> <!-- - Account for the user. - This is a reference to a node which can be used to navigate to the user's resources. - If not specified, then the account of the creator is used. - If called anonymously, then no account is used. - Creator must have link authority to the account. - (They do not require any higher authority because this only creates a pointer to an account, - it does not actually confer any authority.) - Id takes precendence over reference, as always. --> <nodeVersionIdentifierAccount/> <nodeVersionReferenceAccount/> <!-- - Theme for the user. If not passed, no theme is created. - Caller must have link authority on theme node. --> <nodeVersionIdentifierTheme/> <nodeVersionReferenceTheme/> <!-- - Home node for the user. If not passed, no home node is set. - Caller must have link authority on home node. --> <nodeVersionIdentifierHome/> <nodeVersionReferenceHome/> </CreateUserExtended>

All the fields that end in Create refer to the new user that is to be created.

If owning user group is specified, the calling user must have own-users authority over the user group identified by userGroupIdentifierOwning. If it is not specified, the caller's credentials are not checked.

The owning user group can be specified by id or reference. If both are passed, id takes precedence.


<errorNumber>0</errorNumber> <userIdentifierCreate/> <!-- Only returned if generateUserIdentityIndicator is true --> <userLogonReferenceCreate/> <passwordCreate/> <userNameCreate/>

userIdentifierCreate contains the id of the newly created user.


101 - Not authorised
102 - Not found (i.e. owning user group identifier not found)
103 - parameter error
105 - user error Error 105 is returned when there is an error in the Create fields that might have been entered by the user.




The force password change indicator can only be set when creating a user.

If there is a support need to force a password change, then admin or another user with submit service authority can achieve this using the following service request:

update user
set force_password_change_indicator = true
where user_logon_reference = 'userid';

Where userid is the user logon reference of the person whose for whom you want to force a password change.