HPlogo HP Security Monitor/iX Manager's Guide: HP 3000 MPE/iX Computer Systems > Chapter 6 Controlling User's Special Abilities with Capabilities.

Listing Capabilities
» 

Technical documentation

Complete book in PDF
» Feedback

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Three commands allow the system manager to list capabilities of accounts, groups, and users: LISTACCT, LISTGROUP, and LISTUSER.

Listing Capabilities Assigned to an Account

Use the LISTACCT command to check the capabilities of an account. To check the capabilities for the SMITH account, including the password, enter

   LISTACCT SMITH;PASS

The following account information appears on the screen:

***************

ACCOUNT: SMITH



DISC SPACE:   754115 (SECTORS)   PASSWORD: ACCTPASS

CPU TIME:     33330 (SECONDS)    LOC ATTR: $00000000

CONNECT TIME:    102 (MINUTES)   SECURITY-- READ    :ANY

DISC LIMIT:   UNLIMITED                     WRITE  : AC

CPU LIMIT:   UNLIMITED                      APPEND   :AC

CONNECT TIME:    UNLIMITED                  LOCK     :ANY

MAX PRI: 150                                EXECUTE  :ANY

GROUP UFID: $0000001 $800001050 $00138A20 $00000008 $000001FA

USER UFID : $0004001 $800001050 $00138C20 $00000008 $000001FB

CAP: AM,AL,GL,DI,CV,UV,LG,CS,ND,SF,IA,BA,PH,DS,MR,PM

Refer to appendix A for definitions of the capabilities.

Users with system manager (SM) capability can list any account on the system; all other users can list only their own accounts.

Refer to the MPE/iX Commands Reference Manual Volumes 1 and 2 (32650-90003 and 32650-90364) for more information on the LISTACCT command.

Listing Capabilities Assigned to a Group

Use the LISTGROUP command to display capabilities for one or more groups. For account managers (AM) and system managers (SM), the default is all (@) groups within the user's logon account; for general users, the default is the logon group. Use wildcard characters to specify more than one group.

To check group capabilities and the password of the group ENGR in the account to which you are logged on, enter:

   LISTGROUP ENGR;PASS

The screen displays:

THE "PASS" OPTION REQUIRES AM OR SM CAPABILITIES (CIWARN 720)



******************

GROUP: ENGR.SMITH



DISC SPACE:   5752 (SECTORS)       PASSWORD:   * *

CPU TIME:   102(SECONDS)           SECURITY-- READ     : GU

CONNECT TIME: 0(MINUTES)                      WRITE    : GU

DISC LIMIT:   UNLIMITED                       APPEND   : GU

CPU LIMIT:   UNLIMITED                        LOCK     : GU

CONNECT TIME:    UNLIMITED                    EXECUTE  : GU

PRIV VOL : n/a                                SAVE     : GU

FILE UFID: $OOOD401 $80001050 $OOOFF620 $00000008 $OOOOOOOA

MOUNT REF CNT: n/a

HOME VOL SET : MPE_SYS_VOL_SET

CAP: IA,BA

Refer to appendix A for definitions of the capabilities.

NOTE: If the password is encrypted, the commands LISTUSER, LISTGROUP, and LISTACCT will only display the password as "*ENCRIPTED*", making a password truley private to its owner.

In this example, the user does not have AM or SM capability, so the password does not appear on the screen.

Refer to the MPE/iX Commands Reference Manual Volumes 1 and 2 (32650-90003 and 32650-90364) for more information on the LISTGROUP command.

Listing Capabilities Assigned to Users

Use the LISTUSER command to check the capabilities of a user. The default is all (@) users and accounts within the user's capabilities (AM or SM). For example, to review the capabilities of the user BORIS in the JONES account, enter:

   LISTUSER BORIS;PASS

The screen displays:

********************

USER: BORIS.JONES

HOME GROUP:   DEVELOP             PASSWORD:    MYPASS

MAX PRI   :   150                 LOC ATTR:    $00000000

CONNECT TIME:   0(MINUTES)        WRITE   : GU

LOGON CNT : 1

CAP: AM,AL,GL,DI,DV,UV,LG,CS,ND,SF,IA,BA,PH,DS,MR,PM

Refer to appendix A for definitions of the capabilities.

Users with system manager (SM) capability can list any user in the system. Users with account manager (AM) capability can list any user in their account. Other users can list only their logon user.

For more information on the LISTUSER command, refer to the MPE/iX Commands Reference Manual Volumes 1 and 2 (32650-90003 and 32650-90364).

Table 6-1 Capabilities

CapabilityAbbreviationAccountGroupUser
System managerSMX X
System supervisorOPX X
Account managerAMX X
Account librarianALX X
Batch accessBAXXX
Use communications softwareCSX X
Diagnostician attributeDIX X
Extra data segmentsDSXXX
Group librarianGLX X
Interactive accessIAXXX
Multiple RINMRXXX
Network administratorNAX X
Node managerNMX X
Use nonshareable devicesNDX X
Use private disk volumesUVX X
Privileged modePMXXX
Process handlingPHXXX
Programmatic sessionsPSX X
Save user files permanentlySFX X
Use user logging facilityLGX X
Create volume setsCVX X

 

When the system manager assigns and creates accounts, groups, and users, they each receive certain default capabilities. These capabilties are listed in the following table.

Table 6-2 Default Capabilities

EntityDefault Capabilities
AccountAL, AM, BA, GL, IA, ND, SF
GroupBA, IA
UserBA, IA, ND, SF
ProgramBA, IA

 

Accounts and users may have all 21 of the capabilities, but groups and programs may only have BA, DS, IA, MR, PH, and PM.



Capabilities
  		 


Assigning Capabilities  
Feedback to webmaster