HPlogo Task Reference: HP 3000 Series 9X8LX Computer Systems > Chapter 2 Performing Tasks Using MPE/iX Commands

Managing Accounts, Groups, and Users
» 

Technical documentation

Complete book in PDF
» Feedback

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Files on the system are organized by group and account with a variety of users accessing them. Groups, accounts, and users must be created before files can be created. Once created, they can also be modified or deleted. The Getting Started (B3813-90003) book for the HP 3000 Series 9X8LX provides instructions for creating the initial accounts and groups from the MANAGER.SYS account. The tasks described below are the general instructions and may be performed from any account with the appropriate capabilities.

To set up and verify an account

  • To create a new account, use the NEWACCT command and its options. You must have system manager capabilities to set up a new account. You must specify the account name and identify an account manager.

    For example, to create an account called PAYROLL for your payroll department, you would enter the NEWACCT command, an account name, and the name of the manager for the account. For protection, specify a password to be entered by all account users.

       :NEWACCT PAYROLL,MANAGER;PASS=PAYPASS Return

    The new account, PAYROLL, contains one user (MANAGER), who is the account manager. Also, the account automatically contains one group, PUB. If you want other groups, you must create them.

    The manager for the account can create groups and users within this account, but not for other accounts.

  • To verify the existence of the account, use the LISTACCT command. For example, enter LISTACCT PAYROLL to display account characteristics. You can also use the MKACCT Command File to create accounts. For more information, refer to the section Creating a Practice Account, later in this chapter.

       :LISTACCT PAYROLL Return

  • To show the password, use the PASS option:

       :LISTACCT PAYROLL;PASS Return

The LISTACCT command also lists the capabilities that have been assigned to the account.

To set up and verify a group

  • To create a new group, log on as account manager to the account that you want the group to be in. Then use the NEWGROUP command and its options. Only the system manager or the account manager for the account can create new groups. You must specify the group name. If no account name is specified, the account is assumed to be the account that you are currently in. For example, four groups can be created in the PAYROLL account, one for each quarter's payroll. The passwords entered with the following NEWGROUP commands create group passwords. For security, each of these passwords should be different. You can also use the MKACCT Command File to set up groups. For more information, refer to the section Creating a Practice Account later in this chapter.

    In these examples, the groups QTR1, QTR2, QTR3, and QTR4 will be created in your logon account:

       :NEWGROUP QTR1;PASS=PAY1Q Return

   :NEWGROUP QTR2;PASS=PAY2Q Return

   :NEWGROUP QTR3;PASS=PAY3Q Return

   :NEWGROUP QTR4;PASS=PAY4Q Return

  • To create the group from another account, include the account name:

       :NEWGROUP QTR1.PAYROLL;PASS=PAY1Q Return

  • To verify the existence of the new groups, use the LISTGROUP command. This listing also identifies the capabilities identified for each group. For example, to show that the four new groups exist and that the default characteristics were assigned for each group, enter the following command:

       :LISTGROUP QTR@.PAYROLL;PASS Return

To set up and verify a user

  • To set up a new user, use the NEWUSER command and its options. As with the NEWGROUP command, the system manager or the account manager for the appropriate account can execute the NEWUSER command. You must provide the user name. If no account name is specified, the account is assumed to be the account that you are currently in. The following example sets up a new user for the PAYROLL account. An optional user password is included in this example and a home group, SALES is assigned. The home group is where a user is automatically logged on to, unless another group is included in the logon. You can also use the MKACCT Command File to set up users. For more information, refer to the section Creating a Practice Account, later in this chapter.

       :NEWUSER ROSEN.PAYROLL;PASS=NESOR;HOME=SALES Return

  • To verify a new user, use the LISTUSER command. You must be the system manager or account manager to list the users for the specified group and account. Other users can list only their own logon user name.

       :LISTUSER ROSEN.PAYROLL;PASS Return

    In this example, the account name is included. The account name is not necessary if this command is entered from the PAYROLL account.

To modify an account

Use the ALTACCT command to modify an account's capabilities, passwords, or other account attributes. Only the system manager can modify an account. The following example modifies the password for the PAYROLL account.

   :ALTACCT PAYROLL;PASS=AUGUST Return

To modify a group

Use the ALTGROUP command to modify a group within an account. The account manager can modify any group within his or her own account. The following example modifies the password for the group:

   :ALTGROUP QTR4;PASS=AUGUST Return

Only a user with SM capability can modify any group on the system.

To modify a user

Use the ALTUSER command to modify a user's password, capabilities, or other attributes. Only the system manager or the account manager for the account can modify any user's attributes. The following example changes the user's home group, the group to which the user is automatically logged:

   :ALTUSER ROSEN.PAYROLL;HOME=QTR3 Return

To modify capabilities

Use the ;CAP= parameter of the ALTACCT, ALTGROUP, and ALTUSER commands to change the capabilities of existing accounts, groups, and users. Capabilities can also be assigned with the ;CAP= parameter of the NEWACCT, NEWGROUP, and NEWUSER commands. To simplify this process, it is recommended that you create the accounts, groups, and users that you need using the default capabilities. If you then decide to increase or decrease the capability of one or more accounts, groups, or users, you can use the ALTACCT, ALTGROUP, and ALTUSER commands to make these changes. You can issue the LISTACCT, LISTGROUP, or LISTUSER command, followed by the account, group, or user name, to view the current capabilities.

Refer to the Commands Reference (B3813-90011) manual for a list of capabilities and their meanings. In addition, this chapter provides a list of default capabilities that are set automatically when accounts, groups, and users are created.

To modify capabilities for an account

To define special capabilities for an account, use the ;CAP= parameter of the ALTACCT command. Note that to add any capabilities to the default list, you must enter all of the capabilities--the new ones and the defaults. Separate the capabilities in the command string with commas. In the following example, the process handling (PH) capability is added to the standard default capabilities for the account PAYROLL.

   :ALTACCT PAYROLL;CAP=AL,AM,BA,GL,IA,ND,SF,PH Return

To modify capabilities for a group

To define special capabilities for a group, use the ;CAP= parameter of the ALTGROUP command. To add any capabilities to the default list, you must enter all of the capabilities--the new ones and the defaults. Separate the capabilities in the list with commas. Remember that the capabilities of a group cannot exceed the capabilities of the account in which this group resides. In the following example, the process handling (PH) capability is added to the standard default capabilities for the group CURRENT.

   :ALTGROUP CURRENT.PAYROLL;CAP=BA,IA,PH Return

To modify capabilities for a user

To define special capabilities for a user, use the ;CAP= parameter of the ALTUSER command. Note that to add any capabilities to the default list you must enter all of the capabilities--the new ones and the defaults. Separate the capabilities in the list with commas. Remember that the capabilities of a user cannot exceed the capabilities of the account in which this user resides. In the following example, the process handling (PH) capability is added to the standard default capabilities for the user CLERK.

   :ALTUSER CLERK.PAYROLL;CAP=BA,IA,ND,PH,SF Return

To modify file access

To change the file access for all files residing in an existing account or group, use the ACCESS= parameter of the ALTACCT or ALTGROUP commands. This option limits the access of particular types of users to files within the specified group or account. Six types of file access are defined:

R

Read access allows users to read files.

L

Lock access permits a user to lock a file in order to prevent concurrent access to a file.

A

Append access allows a user to add or append information to a file, but prohibits a user from altering information already written.

W

Write access allows a user to add, delete, or change information in files and allows a user to delete files. It also implicitly allows lock and append access.

S

Save access allows a user to declare files within a group as permanent. (This pertains only to the group level.)

X

Execute access allows a user to execute or run program files.

User types are identified by the following codes:

ANY

Any user on the system.

AC

Member of this account only.

GU

Member of this group only.

AL

Account librarian user only.

GL

Group librarian user only.

Refer to the Commands Reference (B3813-90011) for further definition of file access. In addition, this chapter provides a list of the default file access set automatically when accounts and groups are created.

To modify file access for an account

To modify access to the files within an account, use the ACCESS= parameter of the ALTACCT command. This parameter specifies the file access granted to specific types of users for the files in the account.

To signify the beginning of this option list, open the parentheses and list the access codes for the first user type. Separate these codes with commas. Enter a colon to signify the end of the first code list, and specify the user type to be allowed this level of access to any file within the account. If more that one set of codes is necessary, enter a semicolon to signify the end of the first set. Repeat the access code and user type specifications for the second set, and so on. When the access codes for the user types have been completed, close the parentheses.

   :ALTACCT PAYROLL;ACCESS=(R,A,L,W,X:AC;R,X:ANY) Return

In the preceding example, all account users (:AC) are allowed to read (R), append (A), lock (L), write (W), and execute (X) any file in this account PAYROLL. This command also allows any user on the system (:ANY) to read (R) and execute (X) any file in this account.

To modify file access for a group

To modify the access to the files in a group, use the ACCESS= parameter of the ALTGROUP command. This parameter specifies lists of file access permissions for specific types of users.

To signify the beginning of this option list, open the parentheses and list the access codes for the first user type. Separate these codes with commas. Enter a colon to signify the end of the first code list, and specify the user type to be allowed this level of access to any files within this group. If more that one set of codes is necessary, enter a semicolon to signify the end of the first set. Repeat the access code and user type specifications for the second set, and so on. When the access code specification has been completed, close the parentheses.

   :ALTGROUP CURRENT.PAYROLL;ACCESS=(R,W,X:GU) Return

In the preceding example, group users (GU) are allowed to read (R), write (W), and execute (X) any file in the group CURRENT.

To delete an account

Only the system manager can delete an account from the system. The PURGEACCT command removes the specified account, its users, its groups, and its files from your system. It is a good practice to store the files in an account to a backup medium before deleting an account from the system. The following example deletes an account called PAYROLL -- along with its users, its groups, and its files -- from the system:

   :PURGEACCT PAYROLL Return

The following prompt appears:

   ACCOUNT PAYROLL TO BE PURGED? (YES/NO)_

If you wish to continue with the deletion of the account, acknowledge with a YES and press Return. If not, respond with NO and press Return.

To delete a group

Only the system manager or the account manager can delete a group from the system. The PURGEGROUP command removes the group and all files belonging to it from your system. It is a good practice to store the files in the group to tape before you remove the group. The following example removes the first quarter's group from the PAYROLL account:

   :PURGEGROUP QTR1 Return

The following prompt appears:

   GROUP QTR1 TO BE PURGED? (YES/NO)_

If you wish to continue with the deletion of the group, acknowledge with a YES and press Return. If not, then respond with NO and press Return.

To delete a user

Only the system manager or the account manager can delete a user from an account. The PURGEUSER command removes the specified user from the account. When the command is issued from a session, you are prompted to verify the action. The following example removes the user ROSEN from the PAYROLL account:

   :PURGEUSER ROSEN Return

The following prompt appears:

   USER ROSEN TO BE PURGED? (YES/NO)_

If you wish to continue with the deletion of the user, acknowledge with a YES and press Return. If not, respond with NO and press Return.



To restore files
  		 


Creating a Practice Account  
Feedback to webmaster