HP OpenVMS System Management Utilities Reference Manual


Previous Contents Index

The command in this example changes the name of the account Hawkes to Kramerdove, modifies the user name identifier for the account, and renames all proxies to the account.
#2

UAF> RENAME HAWKES KRAMERDOVE
%UAF-I-PRACREN, proxies to HAWKES renamed
%UAF-I-RENMSG, user record renamed
%UAF-W-DEFPWD, Warning: copied or renamed records must receive 
  new password
%UAF-I-RDBMDFYMSG, identifier HAWKES modified
      

This example shows the warning message that the system displays if you fail to specify a new password with the RENAME command.

RENAME/IDENTIFIER

Renames an identifier in the rights database.

Format

RENAME/IDENTIFIER current-id-name new-id-name


Parameters

current-id-name

Specifies the name of an identifier to be renamed.

new-id-name

Specifies the new name for the identifier.

Qualifiers

None.

Description

The RENAME/IDENTIFIER command is functionally equivalent to the following AUTHORIZE command:

MODIFY/IDENTIFIER/NAME=new-id-name id-name


Example


UAF> RENAME/IDENTIFIER Q1SALES Q2SALES
%UAF-I-RDBMDFYMSG, identifier Q1SALES modified
      

The command in this example renames the identifier Q1SALES to Q2SALES.

REVOKE/IDENTIFIER

Takes an identifier away from a user.

Format

REVOKE/IDENTIFIER id-name user-spec


Parameters

id-name

Specifies the identifier name. The identifier name is a string of 1 to 31 alphanumeric characters. The name can contain underscores and dollar signs. It must contain at least one nonnumeric character.

user-spec

Specifies the UIC identifier that uniquely identifies the user on the system. This type of identifier appears in alphanumeric format, not numeric format; for example, [GROUP1,JONES].

Description

The REVOKE/IDENTIFIER command edits RIGHTSLIST.DAT, removing the user's name from the list of those who hold a given identifier. The change does not affect the process rights list of any current processes.

Example


UAF> REVOKE/IDENTIFIER INVENTORY CRAMER
%UAF-I-REVOKEMSG, identifier INVENTORY revoked from CRAMER
      

The command in this example revokes the identifier INVENTORY from the user Cramer. Cramer loses the identifier and any resources associated with it.

Note that because rights identifiers are stored in numeric format, it is not necessary to change records for users holding a renamed identifier.

SHOW

Displays reports for selected UAF records on the current SYS$OUTPUT device.

Note

SHOW/IDENTIFIER, SHOW/PROXY, and SHOW/RIGHTS are documented as separate commands.

Format

SHOW user-spec


Parameter

user-spec

Specifies the user name or UIC of the requested UAF record. If you omit the user-spec parameter, the UAF records of all users are listed. The asterisk (*) and percent sign (%) wildcard characters are permitted in the user name.

Qualifiers

/BRIEF

Specifies that a brief report be displayed. In the report, the Directory field displays one of the following items:

If you omit the /BRIEF qualifier, AUTHORIZE displays a full report.

/FULL

Specifies that a full report be displayed, including identifiers held by the user. Full reports include the details of the limits, privileges, login flags, and the command interpreter as well as the identifiers held by the user. The password is not listed.

/EXACT

Controls whether the SHOW command matches the search string exactly or treats uppercase and lowercase letters as equivalents. Enclose the specified string within quotation marks (" "). Use /EXACT with the /PAGE=SAVE and /SEARCH qualifiers.

/HIGHLIGHT[=keyword]

/NOHIGHLIGHT (default)

Identifies how to display the line that contains a string once it is found. The following keywords are valid:
BLINK
BOLD (default)
REVERSE
UNDERLINE

Use the /HIGHLIGHT qualifier with the /PAGE=SAVE and /SEARCH qualifiers.

/PAGE[=keyword]

/NOPAGE (default)

Controls the information display on a screen. The following keywords are valid:
CLEAR_SCREEN Clear the screen before displaying the next page.
SCROLL Display a continuous stream of information.
SAVE[= n] Store information and enable the navigational keys listed in Table 5-1. By default, the command saves 5 pages. The maximum page width is 255 columns.

Table 5-1 Screen Control Keys
Key or Key Sequence Action Taken When Key or Key Sequence Is Pressed
DOWN ARROW KEY Scroll the display down one line
LEFT ARROW KEY Scroll the display one column to the left
RIGHT ARROW KEY Scroll the display one column to the right
UP ARROW KEY Scroll the display up one line
Find (E1) Search for a new string in the information being displayed
Insert Here (E2) Move the display to the right by half a screen
Remove (E3) Move the display to the left by half a screen
Select (E4) Switch from 80-column displays to 132-column displays
Prev Screen (E5) Return to the previous page
Next Screen (E6) Display the next page
CTRL/Z Return to the UAF> prompt
Help Display AUTHORIZE help text
F16 (Do) Switch from the oldest to the newest page
Ctrl/W Refresh the display

/SEARCH=string

Used with the /PAGE=SAVE qualifier to specify a string to find in the information being displayed. You can dynamically change the search string by pressing the Find key (E1) while the information is being displayed.

/WRAP

/NOWRAP (default)

Used with the /PAGE=SAVE qualifier to limit the number of columns to the width of the screen and wrap lines that extend beyond the width of the screen to the next line.

The /NOWRAP qualifier extends lines beyond the width of the screen. Use the /PAGE=SAVE qualifier and the screen control keys listed in Table 5-1 to view the entire screen.


Description

The SHOW command produces reports on user authorization records. You can select the reports to be displayed, as follows:

Examples

#1

UAF> SHOW ROBIN
      

The command in this example displays a full report for the user ROBIN. The display corresponds to the first example in the description of the ADD command. Most defaults are in effect.


Username: ROBIN                       Owner:  JOSEPH ROBIN 
Account:  VMS                         UIC:    [14,6] ([INV,ROBIN]) 
CLI:      DCL                         Tables: DCLTABLES 
Default:  SYS$USER:[ROBIN] 
LGICMD: 
Login Flags: 
Primary days:   Mon Tue Wed Thu Fri 
Secondary days:                     Sat Sun 
No access restrictions 
Expiration:    (none)    Pwdminimum:  6   Login Fails:     0 
Pwdlifetime:   (none)    Pwdchange:   15-JAN-2000 14:08 
Last Login:    (none) (interactive),      (none) (non-interactive) 
Maxjobs:         0  Fillm:       300  Bytlm:        32768 
Maxacctjobs:     0  Shrfillm:      0  Pbytlm:           0 
Maxdetach:       0  BIOlm:        40  JTquota:       4096 
Prclm:           2  DIOlm:        40  WSdef:          256 
Prio:            4  ASTlm:        40  WSquo:          512 
Queprio:         0  TQElm:        10  WSextent:      1024 
CPU:        (none)  Enqlm:       200  Pgflquo:      32768 
Authorized Privileges: 
  TMPMBX NETMBX 
Default Privileges: 
  TMPMBX NETMBX 
Identifier                  Value            Attributes 
  CLASS_CA101               %X80010032       NORESOURCE NODYNAMIC 
  CLASS_PY102               %X80010049       NORESOURCE NODYNAMIC 

Note

The quotas Pbytlm and Queprio are placeholders only.
#2

UAF> SHOW [360,*] /BRIEF
      

The command in this example displays a brief report for every user with a group UIC of 360.


Owner       Username UIC       Account  Privs Pri Default Directory 
JOHN JAMES  JAMES    [360,201] USER     Normal  4 DOCD$:[JAMES] 
SUZY JONES  JONES    [360,203] DOC      Devour  4 DOCD$:[JONES] 
CLIFF BROWN BROWN    [360,021] DOC      All     4 disuser 
JOY CARTER  CARTER   [360,005] DOCSEC   Group   4 expired 

#3

UAF> SHOW WELCH
      

This command displays a full report for the restricted user WELCH. This display corresponds to the second example in the description of the ADD command.


 
Username: WELCH                   Owner:  ROB WELCH 
Account:  INV                     UIC:    [14,51] ([14,51]) 
CLI:      DCL                     Tables: DCLTABLES 
Default:  SYS$USER:[WELCH] 
LGICMD:   SECUREIN 
Login Flags:  Restricted Diswelcome Disnewmail ExtAuth 
Primary days:   Mon Tue Wed Thu Fri 
Secondary days:                     Sat Sun 
Primary   000000000011111111112222  Secondary 000000000011111111112222 
Day Hours 012345678901234567890123  Day Hours 012345678901234567890123 
Network:  -----  No access  ------            ##### Full access ###### 
Batch:    #########--------#######            ---------#########------ 
Local:    #########--------#######            ---------#########------ 
Dialup:   ##### Full access ######            -----  No access  ------ 
Remote:   #########--------#######            ---------#########------ 
Expiration:        (none)    Pwdminimum:  6  Login Fails:     0 
Pwdlifetime:       (none)    Pwdchange:      (pre-expired) 
Last Login:        (none) (interactive),     (none) (non-interactive) 
Maxjobs:         0  Fillm:       300  Bytlm:        32768 
Maxacctjobs:     0  Shrfillm:      0  Pbytlm:           0 
Maxdetach:       0  BIOlm:        40  JTquota:       4096 
Prclm:           2  DIOlm:        40  WSdef:          256 
Prio:            4  ASTlm:        40  WSquo:          512 
Queprio:         4  TQElm:        10  WSextent:      1024 
CPU:        (none)  Enqlm:       200  Pgflquo:      32768 
Authorized Privileges: 
  TMPMBX NETMBX 
Default Privileges: 
  TMPMBX NETMBX          

Note that WELCH is a captive user who does not receive announcements of new mail or the welcome message when logging in. His login command file, SECUREIN.COM, is presumably a captive command file that controls all of his operations. (Such a command file never exits, but performs operations for its user and logs him out when appropriate.) The CAPTIVE flag prevents WELCH from escaping control of the command file by using Ctrl/Y or other means. Furthermore, he is restricted to logging in between the hours of 5:00 P.M. and 8:59 A.M. on weekdays and 9:00 A.M. and 5:59 P.M. on weekends. Although he is allowed to use dial-up lines at all times during the week, he is not allowed to log in over the network. On weekends, he is further restricted so that he cannot dial in at any time or use the DCL command SET HOST between the hours of 6:00 P.M. and 8:59 A.M.

SHOW/IDENTIFIER

Displays information about an identifier, such as its name, value, attributes, and holders, on the current SYS$OUTPUT device.

Format

SHOW/IDENTIFIER [id-name]


Parameter

id-name

Specifies an identifier name. The identifier name is a string of 1 to 31 alphanumeric characters. The name can contain underscores and dollar signs. It must contain at least one nonnumeric character. If you omit the identifier name, you must specify /USER or /VALUE.

Qualifiers

/BRIEF

Specifies a brief listing in which only the identifier name, value, and attributes are displayed. The default format is /BRIEF.

/FULL

Specifies a full listing in which the names of the identifier's holders are displayed along with the identifier's name, value, and attributes.

/USER=user-spec

Specifies one or more users whose identifiers are to be displayed. The user-spec can be a user name or a UIC. You can use the asterisk wildcard character (*) to specify multiple UICs or all user names. UICs must be in the form [*,*], [n,*], [*,n], or [n,n]. A wildcard user name specification (*) displays identifiers alphabetically by user name; a wildcard UIC specification ([*,*]) displays them numerically by UIC.

/VALUE=value-specifier

Specifies the value of the identifier to be listed. The following formats are valid for the value-specifier:
IDENTIFIER:n An integer value in the range of 65,536 to 268,435,455. You can also specify the value in hexadecimal (precede the value with %X) or octal (precede the value with %O).

To differentiate general identifiers from UIC identifiers, %X80000000 is added to the value you specify.

GID:n GID is the POSIX group identifier. It is an integer value in the range 0 to 16,777,215 (%XFFFFFF). The system will add %XA400.0000 to the value you specify and then enter this new value into the system RIGHTSLIST as an identifier.
UIC:uic A UIC value in the standard UIC format.

See also the screen control qualifiers listed under the SHOW command:

/EXACT

/HIGHLIGHT[=keyword]

/NOHIGHLIGHT (default)

/PAGE[=keyword]

/NOPAGE (default)

/SEARCH=string

/WRAP

/NOWRAP (default)


Description

The SHOW/IDENTIFIER command displays identifier names, values, attributes, and holders in various formats depending on the qualifiers specified. Two of these formats are illustrated in the following examples.

Examples

#1

UAF> SHOW/IDENTIFIER/FULL INVENTORY
      

This command would produce output similar to the following example:


Name               Value           Attributes 
INVENTORY          %X80010006      NORESOURCE NODYNAMIC 
  Holder            Attributes 
  ANDERSON          NORESOURCE NODYNAMIC 
  BROWN             NORESOURCE NODYNAMIC 
  CRAMER            NORESOURCE NODYNAMIC          

#2

UAF> SHOW/IDENTIFIER/USER=ANDERSON
      

This command displays the identifier associated with the user ANDERSON, as follows:


 
Name                       Value           Attributes 
ANDERSON                   [000300,000015] NORESOURCE NODYNAMIC 

The identifier is shown, along with its value and attributes. Note, however, that this is the same result you would produce had you specified ANDERSON's UIC with the following forms of the command:


UAF> SHOW/IDENTIFIER/USER=[300,015]


UAF> SHOW/IDENTIFIER/VALUE=UIC:[300,015]

SHOW/PROXY

Displays all authorized proxy access for the specified remote user.

Format

SHOW/PROXY node::remote-user


Parameters

node

Specifies the name of a network node in the network proxy authorization file. The asterisk wildcard character (*) is permitted in the node specification.

remote-user

Specifies the user name or UIC of a user on a remote node. The asterisk wildcard character (*) is permitted in the remote-user specification.


Qualifiers

/OLD

Directs AUTHORIZE to display information from NETPROXY.DAT rather than the default file NET$PROXY.DAT.

If someone modifies the proxy database on a cluster node that is running an OpenVMS system prior to Version 6.1, you can use the /OLD qualifier to display the contents of the old database, NETPROXY.DAT.

See also the screen control qualifiers listed under the SHOW command:

/EXACT

/HIGHLIGHT[=keyword]

/NOHIGHLIGHT (default)

/PAGE[=keyword]

/NOPAGE (default)

/SEARCH=string

/WRAP

/NOWRAP (default)


Description

The SHOW/PROXY command displays the first 255 characters of a node name although the command can handle a maximum of 1024 characters.

Examples

#1

UAF> SHOW/PROXY SAMPLE::[200,100]
 
 Default proxies are flagged with an * 
 
SAMPLE::[200,100] 
     MARCO *                              PROXY2 
     PROXY3                    
      

The command in this example displays all authorized proxy access for the user on node SAMPLE with a UIC of [200,100]. The default proxy account can be changed from MARCO to PROXY2 or PROXY3 with the MODIFY/PROXY command.

#2

UAF> SHOW/PROXY *::*
 
 Default proxies are flagged with (D) 
 
TAO:.TWA.RANCH::MARTINEZ 
    MARTINEZ (D)                        SALES_READER 
 
UAF> show/proxy/old *::* 
 
 Default proxies are flagged with (D) 
 
RANCH::MARTINEZ 
    MARTINEZ (D)                        SALES_READER
      

The command in this example displays information about local authorized proxy access on a system running DECnet-Plus. The first command draws information from the file NET$PROXY.DAT. By including the /OLD qualifier on the SHOW/PROXY command, AUTHORIZE displays information from the file NETPROXY.DAT.

SHOW/RIGHTS

Displays the identifiers held by the specified identifiers or, if /USER is specified, all identifiers held by the specified users.

Format

SHOW/RIGHTS [id-name]


Parameter

id-name

Specifies the name of the identifier associated with the user. If you omit the identifier name, you must specify the /USER qualifier.

Qualifier

/USER=user-spec

Specifies one or more users whose identifiers are to be listed. The user-spec can be a user name or a UIC. You can use the asterisk wildcard character (*) to specify multiple UICs or all user names. UICs must be in the form [*,*], [n,*], [*,n], or [n,n]. A wildcard user name specification (*) or wildcard UIC specification ([*,*]) displays all identifiers held by users. The wildcard user name specification displays holders' user names alphabetically; the wildcard UIC specification displays them in the numerical order of their UICs.

See also the screen control qualifiers listed under the SHOW command:

/EXACT

/HIGHLIGHT[=keyword]

/NOHIGHLIGHT (default)

/PAGE[=keyword]

/NOPAGE (default)

/SEARCH=string

/WRAP

/NOWRAP (default)


Description

Output displayed from the SHOW/RIGHTS command is identical to that written to RIGHTSLIST.LIS when you use the LIST/RIGHTS command.

Example


UAF> SHOW/RIGHTS ANDERSON
      

This command displays all identifiers held by the user ANDERSON. For example:


Name                Value           Attributes 
INVENTORY           %X80010006      NORESOURCE NODYNAMIC 
PAYROLL             %X80010022      NORESOURCE NODYNAMIC  

Note that the following formats of the command produce the same result:

SHOW/RIGHTS/USER=ANDERSON


SHOW/RIGHTS/USER=[300,015]


Previous Next Contents Index