HPlogo MPE/iX Commands Reference Manual: HP 3000 MPE/iX Computer Systems > Chapter 2 Command Definitions A-B

ALTUSER
» 

Technical documentation

Complete book in PDF
» Feedback

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Changes the attributes currently defined for a user.

Syntax

ALTUSER username[ .acctname] 
[ ;PASS=[ password] ] [ ;CAP=[ capabilitylist] ] 
[ ; MAXPRI=[ subsueuename] ] [ ;LOCATTR=[ localattribut] ] 
[ ;HOME=[ homegroupname] ] [ ;UID=[ uid] 
[ ;USERPASS=[ req  opt ] [ Expired] ]

The USERPASS parameter is only available if the HP Security Monitor has been installed.

Parameters

username

The name assigned to the user within a logon account.

acctname

The account in which the user is to reside. System manager (SM) capability is required to use this parameter.

password

The password to be assigned to the user. If password is omitted, any existing password is removed. If PASS= is omitted, any existing password is unchanged.

capabilitylist

Either 1) a list of capabilities, separated by commas, permitted to this user, or 2) a list of additions and/or deletions to be applied to the user's existing set of capabilities. Additions and deletions are specified by a "+" or "-" immediately followed by the capability to add or delete, separated by commas.

If "+"/"-" is to be specified in the list, then the list must begin with "+" or "-". For example, CAP=+MR,-PH is legal, but CAP=MR,-PH is not. It is not necessary to prefix each capability to be added or deleted with "+" / "-", as the occurrence of "+" / "-" indicates an action that remains in effect until the indicator changes. For example, CAP=+MR,PH,-PM,DS is equivalent to CAP=+MR,+PH,-PM,-DS.

The capabilities allowed to users are restricted by the capabilities assigned to the user's account. If a capability is absent at the account level, users within the account are also denied that capability, whether or not it is explicitly assigned to them.

Each capability is denoted by a two-letter mnemonic as follows:

  System Manager    =  SM
  Account Manager    =  AM
  Account Librarian   =  AL
  Group Librarian    =  GL
  Diagnostician     =  DI
  System Supervisor   =  OP
  Network Administrator =  NA
  Node Manager     =  NM
  Save Files      =  SF
  Access to Nonshareable
   I/O Devices     =  ND
  Use Volumes      =  UV
  Create Volumes    =  CV
  Use Communication
   Subsystem        CS
  Programmatic Sessions =  PS
  User Logging     =  LG
  Process Handling   =  PH
  Extra Data Segments  =  DS
  Multiple RINs     =  MR
  Privileged Mode    =  PM
  Interactive Access  =  IA
  Batch Access     =  BA
  Programmatic Sessions =  PS

Default is SF, ND, IA, and BA. Note that CV automatically gives the user UV capability, and removal of UV results in automatic removal of CV.

subqueuename

The name of the highest priority subqueue that may be requested by any process of any job/session initiated by the user. This parameter is specified as AS, BS, CS, DS, or ES, but cannot be greater than that specified with the NEWACCT or ALTACCT commands. The subqueuename defined for the user is checked against the subqueuename defined for the account at logon, and the lower priority of the two is used as the maximum priority restricting all processes of the job/session. Also, the priority requested by the user at logon is checked against the subqueuename defined for the user, and the user is granted the lower of these two values. Default is CS.

CAUTION: Processes capable of executing in the AS or BS subqueues can deadlock the system. By assigning nonpriority processes to these subqueues, you may prevent critical system processes from executing. Exercise extreme care when assigning processes to the AS or BS subqueue.
localattribute

Defined at the installation site, this arbitrary double word bit map is used to further classify users. While it is not part of standard MPE/iX security provisions, programmers may define it (through the WHO intrinsic) to enhance the security of their own programs. The bit map for the user local attributes must be a subset of the bit map for the account local attributes. The ALTUSER command checks the local attributes of the user with those of the account. Default is double word 0 (null).

homegroupname

The name of an existing group assigned as the home group for this user. The first user established when an account is created, by default, has PUB assigned as the home group. Subsequent new users, by default, have no home group assigned. If no home group is assigned, the user must always specify an existing group when logging on.

uid

User ID to be altered for the account manager in the user database. The uid parameter must be a unique positive (non-zero) 32-bit integer.

Req

USERPASS=REQ specifies that all users in the account must have a non-blank password. It is available only if the HP Security Monitor has been installed.

Opt

USERPASS=OPT specifies that users in this account may or may not have passwords. If you do not use the USERPASS parameter, the old value remains. It is available only if the HP Security Monitor has been installed.

Expired

The password expires immediately. The user cannot logon without selecting a new password. It is only available if the HP Security Monitor has been installed.

Operation Notes

The ALTUSER command allows the account manager to change the password, capabilities, processing subqueue, security checking, and home group currently defined for a user. More than one of these attributes may be changed at a time, by entering multiple keyword parameters on a single command line, using the semicolon (;) delimiter.

To change an attribute, enter the keyword and its new value. When an entire keyword parameter group is omitted from the ALTUSER command, the corresponding value for the user remains unchanged. When a keyword is included, but the corresponding parameter is omitted (as in PASS=Return), a default value is assigned as shown in

Table 2-4 “Default Values for the ALTUSER Command” Table 2-4 “Default Values for the ALTUSER Command”.

Table 2-4 Default Values for the ALTUSER Command

ParameterDefault Values
passwordNULL password
capabilitylistSF, ND, IA, and BA (provided these capabilities have been specified for the account)
subqueuenameCS
localattribute0 (null)
homegroupnameThe first user established when the account is created has PUB assigned as home group. Subsequent users have no group assigned as home. If a user has no home group assigned, an existing group must be specified when initiating a job or a session.

 

When a parameter is modified with the ALTUSER command, it is immediately registered in the directory. However, it does not affect users who are currently logged on to the system. They are affected the next time they log on to the same user name and account. For this reason, warn users in advance of any intended changes.

Avoid changing the capabilitylist or homegroupname of the user MANAGER.SYS. SM capability cannot be taken away from MANAGER.SYS.

ALTUSER will not allow a user with AM capability to remove AM from their own capability list. However, a user with AM can remove AM from the capability list of another AM user inside the same account.

Use

This command may be issued from a session, a job, a program, or in break mode. Pressing Break has no effect on this command. Account manager (AM) capability is required to use this command. System manager (SM) capability is required to specify a user in an account other than your own.

Examples

Suppose an account's capabilities are AM, AL, GL, SF, ND, PH, DS, MR, IA, and BA. To change the capabilitylist of the user JONES from IA, BA, SF, PH, DS to include multiple RIN (MR) capability, enter:

  ALTUSER JONES;CAP=IA,BA,SF,PH,DS,MR

To alter two attributes, password and subqueuename, for user JONES enter:

  ALTUSER JONES;PASS=JJ;MAXPRI=DS

Related Information

Commands

ALTACCT, ALTGROUP, LISTUSER, NEWACCT, NEWUSER

Manuals

Performing System Management Tasks



ALTSPOOLFILE
  		 


ASSOCIATE  
Feedback to webmaster