AUTHORIZE ADD — MicroVMS 4.5B
The ADD command will create a new entry in the user authorization file.
Format for creating new entries in SYSUAF.DAT:
ADD newusername [/qualifiers]
Additional information available:
/IDENTIFIER
The ADD/IDENTIFIER command is used to add an identifier to the rights
database.
Format:
ADD/IDENTIFIER [id-name]
Additional information available:
Parameters
id-name specifies the name of the identifier to be added to the rights database. If you omit the name, you must specify the /USER qualifier. The id-name is a string of 1 through 32 alphanumeric characters that may contain underscores and dollar signs. The name must contain at least one non-numeric character.
Qualifiers
Additional information available:
/ATTRIBUTES
/ATTRIBUTES=(keyword)
Specifies attributes to be associated with the new identifier.
Valid keywords are:
[NO]DYNAMIC Indicates whether or not unprivileged holders of the
identifier may add or remove the identifier from the
process rights list. The default is NODYNAMIC.
[NO]RESOURCE Indicates whether or not holders of the identifier
may charge resources to it. The default is NORESOURCE.
/USER
/USER=user-spec Scans the UAF record(s) of the specified user(s) and creates the appropriate identifiers(s). Specify user-spec by username or UIC. You can user the asterisk wildcard to specify multiple usernames or UICs: full user of the asterisk and percent wildcards is permitted for user names; UICs must be in the form [*,*], [n,*], [*,n], or [n,n]. A wildcard username specification (i.e., *) creates identifiers alphabetically by username; a wildcard UIC specification (i.e., [*,*]) creates them in numerical order by UIC.
/VALUE
/VALUE=value-specifier
Specifies the value to be attached to the identifier. Valid formats
for the value-specifier are:
IDENTIFIER:integer An integer value in the range of
32768 to 268435455, or a
hexadecimal number in the range
%X00008000 to 0FFFFFF
UIC:uic A uic value in the standard UIC
format
Examples
The following examples illustrate the use of the ADD/IDENTIFIER
command.
1. UAF> ADD/IDENTIFIER/VALUE=UIC:[300,011] INVENTORY
identifier INVENTORY value: [000300,000011] added to RIGHTSLIST.DAT
This command adds to the rights database an identifier named
INVENTORY. By default, the identifier is not marked as a
resource.
2. UAF> ADD/IDENTIFIER/ATTRIBUTES=(RESOURCE) -
/VALUE=IDENTIFIER:%X80011 PAYROLL
identifier PAYROLL value: %X80080011 added to RIGHTSLIST.DAT
This command adds the identifier PAYROLL and marks it as a
resource.
/PROXY
Adds a user record to the network UAF.
Format
ADD/PROXY node::remote-user local-user
Additional information available:
Parameters
node specifies a node name (1 through 6 alphanumberic characters). remote-user specifies the username of a user at a remote node. If you specify an asterisk, all users at the specified node can access files of a user specified on the local node. local-user specifies the username of a user on a local node.
Examples
1. UAF> ADD/PROXY MISHA::MARCO *
record successfully added NETUAF.DAT
The command in this example specifies that the user MARCO on
the remote node MISHA can only access the files of MARCO on the
local node.
2. UAF> ADD/PROXY MISHA::* MARCO
record successfully added to NETUAF.DAT
The command in this example specifies that any user on the
remote node MISHA can access the files of MARCO on the local
node.
Parameters
newusername "newusername" specifies the name of the user to be added to the user authorization file.
Qualifiers
Additional information available:
/ACCESS/ACCOUNT/ADD_IDENTIFIER/ASTLM/BATCH/BIOLM
/BYTLM/CLI/CLITABLES/CPUTIME/DEFPRIVILEGES
/DEVICE/DIALUP/DIOLM/DIRECTORY/ENQLM/EXPIRATION
/FILLM/FLAGS/GENERATE/INTERACTIVE/JTQUOTA
/LGICMD/LOCAL/MAXACCTJOBS/MAXDETACH/MAXJOBS
/NETWORK/OWNER/PASSWORD/PFLAGS/PGFLQUOTA
/P_RESTRICT/PRCLM/PRIMEDAYS/PRIORITY/PRIVILEGES
/PWDEXPIRED/PWDLIFETIME/PWDMINIMUM/QUEPRIORITY
/REMOTE/SFLAGS/S_RESTRICT/SHRFILLM/TQELM/UIC
/WSDEFAULT/WSEXTENT/WSQUOTA
/ACCESS
/[NO]ACCESS=([PRIMARY], [n-m], [n] [,...] [SECONDARY], [n-m], [n] [,...])
/[NO]ACCESS="[PRIMARY][:] [n-m][,] [n][,...][;] [SECONDARY][:] [n-m][,...]"
Used to specify hours of access for all modes of logins. Specify hours
as integers from 0 to 23, inclusive. Hours may be specified as single
hours (n), or as ranges of hours (n-m). If the ending hour of a range
is earlier than the starting hour, the range extends from the starting
hour through midnight to the the ending hour. The first set of hours
after the keyword PRIMARY specifies hours on primary days; the second
set of hours after the keyword SECONDARY specifies hours on secondary
days.
All the list elements are optional. If no hours are specified for a
day type, access is permitted the entire day. If only primary hours
or only secondary hours are given, no access is permitted for secondary
or primary days, respectively. If hours are given with no day type, they
apply to both types of days.
Negating the qualifier by specifying /NOACCESS=(...) completely inverts
the sense of the access hours.
Examples:
/ACCESS allows unrestricted access
/NOACCESS=SECONDARY allows access on primary days only
/ACCESS=(9-17) allows access from 9 am through 5 pm on all days
/NOACCESS=(PRIMARY, 9-17, SECONDARY, 18-8)
allows access from 9 through 5 on secondary days
and all but 9 through 5 on primary days
/ACCESS="Primary: 9-16; Secondary: 18-7, 8; Primary: 17"
allows access from 9 through 5 on primary days
and all but 9 through 5 on secondary days
To specify access hours for specific types of logins, see the
/BATCH, /NETWORK, /INTERACTIVE, /LOCAL, /DIALUP, and /REMOTE qualifiers.
/ACCOUNT
/ACCOUNT=account-name Specifies a default account name. This field is often used for billing purposes, and should consist of 1 through 8 characters.
/ADD_IDENTIFIER
/[NO]ADD_IDENTIFIER Controls whether an identifier corresponding to the specified username and UIC is added to the rights database. The default is /ADD_IDENTIFIER.
/ASTLM
/ASTLM=n Specifies the AST queue limit, which is the total number of asynchronous system trap operations and scheduled wakeup requests that can be outstanding at one time for the user.
/BATCH
/[NO]BATCH=([PRIMARY], [n-m], [n] [,...] [SECONDARY], [n-m], [n] [,...]) /[NO]BATCH="[PRIMARY][:] [n-m][,] [n][,...][;] [SECONDARY][:] [n-m][,...]" Specifies hours of access permitted for batch jobs. For a detailed description of the interpretation of the access specification, see the /ACCESS qualifier.
/BIOLM
/BIOLM=n Specifies the total buffered I/O operations that can be outstanding at one time.
/BYTLM
/BYTLM=n Total number of bytes that can be specified for transfer in outstanding buffered I/O operations.
/CLI
/CLI=cli-name Name of the default command interpreter.
/CLITABLES
/CLITABLES=table-name Name of the default command interpreter tables.
/CPUTIME
/CPUTIME=delta-time Maximum amount of CPU time a user process can take per session. The unit of time must be in delta format. 0 means infinite.
/DEFPRIVILEGES
/DEFPRIVILEGES=([NO]privname [,...]) Specifies the default privileges for the user (i.e., those enabled at login time). A NO prefix removes this privilege from the user; specifying a privilege without the NO prefix allows the user that privilege. There are many privileges available with varying degrees of power and potential system impact. Please see the VAX/VMS System Manager's Reference Manual for a more detailed discussion of the available privileges.
/DEVICE
/DEVICE=device-name Name of default device (must be a direct access device) from one to fifteen characters. The colon is automatically added if omitted. A blank device is interpreted as SYS$SYSDISK.
/DIALUP
/[NO]DIALUP=([PRIMARY], [n-m], [n] [,...] [SECONDARY], [n-m], [n] [,...]) /[NO]DIALUP="[PRIMARY][:] [n-m][,] [n][,...][;] [SECONDARY][:] [n-m][,...]" Specifies hours of access permitted for interactive login via dialup terminals. For a detailed description of the interpretation of the access specification, see the /ACCESS qualifier.
/DIOLM
/DIOLM=n Total direct (usually disk) I/O operations that can be outstanding at one time.
/DIRECTORY
/DIRECTORY=directory-name Name of default login directory. Brackets (either [] or <>) must be supplied.
/ENQLM
/ENQLM=n Total number of lock requests which may be outstanding at one time.
/EXPIRATION
/EXPIRATION=time Expiration date and time of the account. Specify as an absolute or combination time.
/FILLM
/FILLM=n Total number of files that can be open at one time, including active network logical links.
/FLAGS
/FLAGS=([NO]option[,...])
Login flags for this user. Options which may be specified are:
[NO]AUDIT - [do not] audit all security relevant actions
[NO]AUTOLOGIN - [do not] restrict this account to autologins only
[NO]CAPTIVE - [do not] prevent user from changing any defaults
at login
[NO]DEFCLI - [do not] prevent user from changing default CLI
or CLI tables
[NO]DISCTLY - [do not] disable <CTRL/Y> interrupts
[NO]DISMAIL - [do not] prevent mail delivery to this user
[NO]DISNEWMAIL - [do not] suppress "New Mail..." announcements
[NO]DISRECONNECT-[do not] disable automated reconnections
[NO]DISREPORT - [do not] disable time of last login and other
security reports
[NO]DISUSER - [do not] disable this account completely
[NO]DISWELCOME - [do not] suppress "Welcome to..." login message
[NO]GENPWD - [do not] require user to use generated passwords
[NO]LOCKPWD - [do not] prevent user from changing password
[NO]PWD_EXPIRED- [do not] mark password as expired
[NO]PWD2_EXPIRED-[do not] mark second password as expired
/GENERATE
/GENERATE /GENERATE=CURRENT /GENERATE=PRIMARY /GENERATE=SECONDARY /GENERATE=BOTH /GENERATE=ALL Generate a random password. The formats of the passwords is the same as for the DCL SET PASSWORD /GENERATE command.
/INTERACTIVE
/[NO]INTERACTIVE=([PRIMARY], [n-m], [n] [,...] [SECONDARY], [n-m], [n] [,...]) /[NO]INTERACTIVE="[PRIMARY][:] [n-m][,] [n][,...][;] [SECONDARY][:] [n][,...]" Specifies hours of access permitted for interactive login via any terminal. For a detailed description of the interpretation of the access specification, see the /ACCESS qualifier.
/JTQUOTA
/JTQUOTA=n Specifies the initial byte quota with which the job-wide logical name table is to be created with.
/LGICMD
/LGICMD=filespec Name of login command file. Default device and directory are used to locate the command file.
/LOCAL
/[NO]LOCAL=([PRIMARY], [n-m], [n] [,...] [SECONDARY], [n-m], [n] [,...]) /[NO]LOCAL="[PRIMARY][:] [n-m][,] [n][,...][;] [SECONDARY][:] [n-m][,...]" Specifies hours of access permitted for interactive login via local terminals. For a detailed description of the interpretation of the access specification, see the /ACCESS qualifier.
/MAXACCTJOBS
/MAXACCTJOBS=n Specifies the maximum number of batch, interactive and detached processes which may be active at one time for all users which are on the same account as the user for which the qualifier is present.
/MAXDETACH
/MAXDETACH=n Specifies the maximum number of detached processes with this username that may be active at one time. Processes which cause this count to be exceeded are terminated.
/MAXJOBS
/MAXJOBS=n Maximum number of interactive, batch, and detached processes with this username which can be active at one time. Processes which cause this count to be exceeded are terminated.
/NETWORK
/[NO]NETWORK=([PRIMARY], [n-m], [n] [,...] [SECONDARY], [n-m], [n] [,...]) /[NO]NETWORK="[PRIMARY][:] [n-m][,] [n][,...][;] [SECONDARY][:] [n-m][,...]" Specifies hours of access permitted for network jobs. For a detailed description of the interpretation of the access specification, see the /ACCESS qualifier.
/OWNER
/OWNER=owner-name Name of owner for billing purposes, etc. May be from one to 31 characters.
/PASSWORD
/PASSWORD=(password [,password2])
/NOPASSWORD
Password(s) for login. Must be from 0 to 31 characters in length, and
must be composed of alphanumeric characters, dollar signs, and underscores.
To set the first password with no second password, specify
/PASSWORD=password
To set both passwords, specify
/PASSWORD=(password, password2)
To set only the first password leaving the second alone, specify
/PASSWORD=(password, "")
To set only the second password leaving the first alone, specify
/PASSWORD=("", password2)
To clear the second password leaving the first alone, specify
/PASSWORD=""
To clear both passwords, specify
/NOPASSWORD
/PFLAGS
/PFLAGS=([NO]option[,...])
This qualifier is obsolete and is retained for compatibility purposes.
For current usage, see the /ACCESS, etc., qualifiers.
Login flags for primary days. Options are:
[NO]DISDIALUP - [do not] prohibit user from dialing in
[NO]DISNETWORK - [do not] prohibit user from logging in via a
"SET HOST" command.
/PGFLQUOTA
/PGFLQUOTA=n Total pages that this process can use in the system paging file. Should be a minimum of 2048 for a typical interactive process.
/P_RESTRICT
/P_RESTRICT=(n-m[,...])
or
/P_RESTRICT=(n[,...])
This qualifier is obsolete and is retained for compatibility purposes.
For current usage, see the /ACCESS, etc., qualifiers.
Used to specify hours or ranges of hours to restrict user from logging in on
primary days.
/P_RESTRICT=(...) is roughly equivalent to /NOACCESS=(PRIMARY, ...)
/PRCLM
/PRCLM=n Total number of subprocesses that can exist at one time.
/PRIMEDAYS
/PRIMEDAYS=([NO]day[,...]) Used to define primary and secondary days. A day prefixed with NO becomes a secondary day, and a day without the NO prefix is defined as a primary day. Primary and secondary day definitions are used in conjunction with the /ACCESS, etc., qualifiers.
/PRIORITY
/PRIORITY=n Default base priority for user. The priority should be in the range from 0 - 31, and 4 is the default for a timesharing user.
/PRIVILEGES
/PRIVILEGES=([NO]privname[,...]) Specifies authorized privileges for this user. Privileges which are allowed or disallowed for this user. A NO prefix removes this privilege from the user; specifying a privilege without the NO prefix allows the user that privilege. There are many privileges available with varying degrees of power and potential system impact. Please see the VAX/VMS System Manager's Reference Manual for a more detailed discussion of the available privileges.
/PWDEXPIRED
/[NO]PWDEXPIRED Password is [not] pre-expired. When a password is pre-expired, the user is allowed to log in once, at which time he must change his password or be locked out of the system.
/PWDLIFETIME
/PWDLIFETIME=delta-time /PWDLIFETIME=NONE Password lifetime. If the date of last password change is older than the password lifetime, when the user logs in, he is issued a warning message and the password is marked as expired. If there is no password lifetime, the password never expires. Delta-time is in the form: [dddd-] [hh:mm:ss.cc]
/PWDMINIMUM
/PWDMINIMUM=n Minimum password length in characters. Note that this value is only enforced by the SET PASSWORD command; passwords in violation of this value may be specified to AUTHORIZE.
/QUEPRIORITY
/QUEPRIORITY=n Maximum priority for queuing batch and print jobs. The priority should be in the range from 0 - 31, and 4 is the default value for a timesharing user.
/REMOTE
/[NO]REMOTE=([PRIMARY], [n-m], [n] [,...] [SECONDARY], [n-m], [n] [,...]) /[NO]REMOTE="[PRIMARY][:] [n-m][,] [n][,...][;] [SECONDARY][:] [n-m][,...]" Specifies hours of access permitted for interactive login via network remote terminals (i.e., SET HOST). For a detailed description of the interpretation of the access specification, see the /ACCESS qualifier.
/SFLAGS
/SFLAGS=([NO]option[,...])
This qualifier is obsolete and is retained for compatibility purposes.
For current usage, see the /ACCESS, etc., qualifiers.
Login flags for secondary days. Options are:
[NO]DISDIALUP - [do not] prohibit user from dialing in
[NO]DISNETWORK - [do not] prohibit user from logging in via a
"SET HOST" command.
/S_RESTRICT
/S_RESTRICT=(n-m[,...])
or
/S_RESTRICT=(n[,...])
This qualifier is obsolete and is retained for compatibility purposes.
For current usage, see the /ACCESS, etc., qualifiers.
Used to specify hours or ranges of hours to restrict user from logging in on
secondary days.
/S_RESTRICT=(...) is roughly equivalent to /NOACCESS=(SECONDARY, ...)
/SHRFILLM
/SHRFILLM=n Maximum number of shared files allowed to be open at one time.
/TQELM
/TQELM=n Total entries in the timer queue plus the number of temporary common event flag clusters that the user can have at one time.
/UIC
/UIC=uic User identification code as explained in the VAX/VMS System Manager's Reference Manual. The UIC should have an octal group number and user number, and be separated by a comma and enclosed in brackets.
/WSDEFAULT
/WSDEFAULT=n Initial limit of a working set for the user process.
/WSEXTENT
/WSEXTENT=n Maximum to which the user's process may raise its working set limit when there is free memory available.
/WSQUOTA
/WSQUOTA=n Maximum to which the user's process may raise the working set limit when system memory is in demand.