Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

Authorize

ADD

COPY

CREATE

DEFAULT

EXIT

GRANT

HELP

LIST

MODIFY

REMOVE

RENAME

REVOKE

SHOW

usage summary

Command Summary

Parameter

Qualifiers

Examples

/IDENTIFIER

/PROXY

/ACCESS

/ACCOUNT

/ADD_IDENTIFIER

/ALGORITHM

/ASTLM

/BATCH

/BIOLM

/BYTLM

/CLI

/CLITABLES

/CPUTIME

/DEFPRIVILEGES

/DEVICE

/DIALUP

/DIOLM

/DIRECTORY

/ENQLM

/EXPIRATION

/FILLM

/FLAGS

/GENERATE_PASSWORD

/INTERACTIVE

/JTQUOTA

/LGICMD

/LOCAL

/MAXACCTJOBS

/MAXDETACH

/MAXJOBS

/MODIFY_IDENTIFIER

/NETWORK

/OWNER

/PASSWORD

/PGFLQUOTA

/PRCLM

/PRIMEDAYS

/PRIORITY

/PRIVILEGES

/PWDEXPIRED

/PWDLIFETIME

/PWDMINIMUM

/REMOTE

/SHRFILLM

/TQELM

/UIC

/WSDEFAULT

/WSEXTENT

/WSQUOTA

Parameter

Qualifiers

Examples

/ATTRIBUTES

/USER

/VALUE

Parameters

Positional Qualifier

Examples

/DEFAULT

Parameters

Qualifiers

Examples

/ACCESS

/ACCOUNT

/ADD_IDENTIFIER

/ALGORITHM

/ASTLM

/BATCH

/BIOLM

/BYTLM

/CLI

/CLITABLES

/CPUTIME

/DEFPRIVILEGES

/DEVICE

/DIALUP

/DIOLM

/DIRECTORY

/ENQLM

/EXPIRATION

/FILLM

/FLAGS

/GENERATE_PASSWORD

/INTERACTIVE

/JTQUOTA

/LGICMD

/LOCAL

/MAXACCTJOBS

/MAXDETACH

/MAXJOBS

/MODIFY_IDENTIFIER

/NETWORK

/OWNER

/PASSWORD

/PGFLQUOTA

/PRCLM

/PRIMEDAYS

/PRIORITY

/PRIVILEGES

/PWDEXPIRED

/PWDLIFETIME

/PWDMINIMUM

/REMOTE

/SHRFILLM

/TQELM

/UIC

/WSDEFAULT

/WSEXTENT

/WSQUOTA

/PROXY

/RIGHTS

Example

Qualifiers

Example

/ACCESS

/ACCOUNT

/ADD_IDENTIFIER

/ALGORITHM

/ASTLM

/BATCH

/BIOLM

/BYTLM

/CLI

/CLITABLES

/CPUTIME

/DEFPRIVILEGES

/DEVICE

/DIALUP

/DIOLM

/DIRECTORY

/ENQLM

/EXPIRATION

/FILLM

/FLAGS

/GENERATE_PASSWORD

/INTERACTIVE

/JTQUOTA

/LGICMD

/LOCAL

/MAXACCTJOBS

/MAXDETACH

/MAXJOBS

/MODIFY_IDENTIFIER

/NETWORK

/OWNER

/PASSWORD

/PGFLQUOTA

/PRCLM

/PRIMEDAYS

/PRIORITY

/PRIVILEGES

/PWDEXPIRED

/PWDLIFETIME

/PWDMINIMUM

/REMOTE

/SHRFILLM

/TQELM

/UIC

/WSDEFAULT

/WSEXTENT

/WSQUOTA

Example

/IDENTIFIER

Parameters

Qualifier

Example

/ATTRIBUTES

Parameter

Examples

Parameter

Qualifiers

Examples

/IDENTIFIER

/PROXY

/RIGHTS

/BRIEF

/FULL

Parameter

Qualifiers

Examples

/BRIEF

/FULL

/USER

/VALUE

Example

Parameter

Qualifier

Example

/USER

Parameter

Qualifiers

Examples

/IDENTIFIER

/PROXY

/SYSTEM_PASSWORD

/ACCESS

/ACCOUNT

/ADD_IDENTIFIER

/ALGORITHM

/ASTLM

/BATCH

/BIOLM

/BYTLM

/CLI

/CLITABLES

/CPUTIME

/DEFPRIVILEGES

/DEVICE

/DIALUP

/DIOLM

/DIRECTORY

/ENQLM

/EXPIRATION

/FILLM

/FLAGS

/GENERATE_PASSWORD

/INTERACTIVE

/JTQUOTA

/LGICMD

/LOCAL

/MAXACCTJOBS

/MAXDETACH

/MAXJOBS

/MODIFY_IDENTIFIER

/NETWORK

/OWNER

/PASSWORD

/PGFLQUOTA

/PRCLM

/PRIMEDAYS

/PRIORITY

/PRIVILEGES

/PWDEXPIRED

/PWDLIFETIME

/PWDMINIMUM

/REMOTE

/SHRFILLM

/TQELM

/UIC

/WSDEFAULT

/WSEXTENT

/WSQUOTA

Parameter

Qualifiers

Examples

/ATTRIBUTES

/HOLDER

/NAME

/VALUE

Parameters

Qualifier

Example

/DEFAULT

Parameter

Example

Parameter

Qualifier

Example

/IDENTIFIER

/PROXY

/REMOVE_IDENTIFIER

Parameter

Example

Parameters

Example

Parameters

Qualifiers

Examples

/IDENTIFIER

/GENERATE_PASSWORD

/MODIFY_IDENTIFIER

/PASSWORD

Parameters

Example

/IDENTIFIER

Parameters

Example

Parameter

Qualifiers

Example

/IDENTIFIER

/PROXY

/RIGHTS

/BRIEF

/FULL

Parameter

Qualifiers

Example

/BRIEF

/FULL

/USER

/VALUE

Parameters

Example

Parameter

Qualifier

Example

/USER

AUTHORIZE — VMS 5.5

Additional information available:

Authorize

Authorize

   The Authorize Utility (AUTHORIZE) is a system management tool
   that allows you to control access to the system and to allocate
   resources to users.

   Format

     RUN AUTHORIZE

Additional information available:

ADDCOPYCREATEDEFAULTEXITGRANTHELP
LISTMODIFYREMOVERENAMEREVOKESHOW

usage summaryCommand Summary

usage summary

   To invoke AUTHORIZE, set your process default device and directory
   to SYS$SYSTEM, and type RUN AUTHORIZE. To terminate AUTHORIZE,
   enter the EXIT command at the UAF> prompt, or press Ctrl/Z.

   To create a listing file of reports for selected UAF records,
   enter the LIST command at the UAF> prompt. For more information on
   listing reports, see the description of the LIST command.

   Use of the Authorize Utility requires write access to SYSUAF.DAT,
   NETPROXY.DAT, or RIGHTSLIST.DAT in the SYS$SYSTEM directory.
   Write access to these files is normally restricted to users with a
   system UIC or the SYSPRV privilege.

Command Summary

   Command                 Function

         Managing System Resources and User Accounts with SYSUAF

   ADD                     Adds a user record to the SYSUAF and
                           corresponding identifiers to the rights
                           database.

   COPY                    Creates a new SYSUAF record that
                           duplicates an existing record.

   DEFAULT                 Modifies the default SYSUAF record.

   LIST                    Writes reports for selected UAF records to
                           a listing file, SYSUAF.LIS.

   MODIFY                  Changes values in a SYSUAF user record.
                           Qualifiers not specified in the command
                           remain unchanged.

   REMOVE                  Deletes a SYSUAF user record and
                           corresponding identifiers in the rights
                           database. The DEFAULT and SYSTEM records
                           cannot be deleted.

   RENAME                  Changes the user name of the SYSUAF record
                           (and, if specified, the corresponding
                           identifier) while retaining the
                           characteristics of the old record.

   SHOW                    Displays reports for selected SYSUAF
                           records.


                Managing Network Proxies with NETPROXY.DAT

   ADD/PROXY               Adds proxy access for the specified user.

   CREATE/PROXY            Creates a network proxy authorization file

   LIST/PROXY              Creates a listing file of all proxy
                           accounts and all remote users with proxy
                           access to the accounts

   MODIFY/PROXY            Modifies proxy access for the specified
                           user

   REMOVE/PROXY            Deletes proxy access for the specified
                           user

   SHOW/PROXY              Displays proxy access allowed for the
                           specified user


                 Managing Identifiers with RIGHTSLIST.DAT

   ADD/IDENTIFIER          Adds an identifier name to the rights
                           database

   CREATE/RIGHTS           Creates a new rights database file

   GRANT/IDENTIFIER        Grants an identifier name to a UIC
                           identifier

   LIST/IDENTIFIER         Creates a listing file of identifier names
                           and values

   LIST/RIGHTS             Creates a listing file of all identifiers
                           held by the specified user

   MODIFY/IDENTIFIER       Modifies the named identifier in the
                           rights database

   REMOVE/IDENTIFIER       Removes an identifier from the rights
                           database

   RENAME/IDENTIFIER       Renames an identifier in the rights
                           database

   REVOKE/IDENTIFIER       Revokes an identifier name from a UIC
                           identifier

   SHOW/IDENTIFIER         Displays identifier names and values on
                           the current output device

   SHOW/RIGHTS             Displays on the current output device
                           the names of all identifiers held by the
                           specified user



                            General Commands

   EXIT                    Returns the user to DCL command level

   HELP                    Displays HELP text for AUTHORIZE commands

   MODIFY/SYSTEM_PASSWORD  Sets the system password (equivalent to
                           the DCL command SET PASSWORD/SYSTEM)

ADD

   Adds a user record to the SYSUAF and corresponding identifiers to
   the rights database.

   Format

     ADD  newusername

Additional information available:

ParameterQualifiersExamples

/IDENTIFIER/PROXY

Parameter

newusername
   Specifies the name of the user record to be included in the
   SYSUAF. The newusername parameter is a string of 1 through 12
   alphanumeric characters and may contain underscores. Although
   dollar signs are permitted, they are usually reserved for system
   names.

Qualifiers

Additional information available:

/ACCESS/ACCOUNT/ADD_IDENTIFIER/ALGORITHM/ASTLM
/BATCH/BIOLM/BYTLM/CLI/CLITABLES/CPUTIME
/DEFPRIVILEGES/DEVICE/DIALUP/DIOLM/DIRECTORY
/ENQLM/EXPIRATION/FILLM/FLAGS/GENERATE_PASSWORD
/INTERACTIVE/JTQUOTA/LGICMD/LOCAL/MAXACCTJOBS
/MAXDETACH/MAXJOBS/MODIFY_IDENTIFIER/NETWORK/OWNER
/PASSWORD/PGFLQUOTA/PRCLM/PRIMEDAYS
/PRIORITY/PRIVILEGES/PWDEXPIRED/PWDLIFETIME
/PWDMINIMUM/REMOTE/SHRFILLM/TQELM/UIC/WSDEFAULT
/WSEXTENT/WSQUOTA

/ACCESS

      /ACCESS[=(range[,...])]

   Specifies hours of access for all modes of access. Syntax for
   range specification is:

   /[NO]ACCESS=([PRIMARY], [n-m], [n], [,...],[SECONDARY], [n-m], [n], [,...])

   Specify hours as integers from 0 to 23, inclusive. Hours may be
   specified as single hours (n),  or as ranges of hours (n-m). If
   the ending hour of a range is earlier than the starting hour,
   the range extends from the starting hour through midnight to the
   ending hour. The first set of hours after the keyword PRIMARY
   specifies hours on primary days; the second set of hours after
   the keyword SECONDARY specifies hours on secondary days. Note that
   hours are inclusive; that is, if you grant access during a given
   hour, access extends to the end of that hour.

   By default, a user has full access everyday. See the DCL command
   SET DAY in the VMS DCL Dictionary for information on overriding
   the defaults for primary and secondary day types.

/ACCOUNT

      /ACCOUNT=account-name

   Specifies a 1 through 8 alphanumeric character string that is
   the default name for the account (for example, a billing name or
   number). By default, no account name is assigned.

/ADD_IDENTIFIER

      /ADD_IDENTIFIER (default)
      /NOADD_IDENTIFIER

   Adds identifiers for the user name and account name to the
   rights database. The qualifier is used only with the ADD and COPY
   commands.

/ALGORITHM

      /ALGORITHM=keyword=type [=value]

   Sets the password encryption algorithm for a user. The keyword VMS
   refers to the algorithm used in the version of VMS that is running
   on your system, whereas a customer algorithm is one that is added
   through the $HASH_PASSWORD system service by a customer site, by
   a layered product, or by a third party. The customer algorithm
   is identified in $HASH_PASSWORD by an integer in the range of
   128-255. The customer algorithm number has to correspond with the
   number used in the AUTHORIZE command MODIFY/ALGORITHM. By default,
   passwords are encrypted with the VMS algorithm for the current
   version of the operating system.

   Keyword       Function


   BOTH          Set the algorithm for primary and secondary
                 passwords.
   CURRENT       Set the algorithm for the primary, secondary, both,
                 or no passwords depending on account status. Current
                 is the default value.

   PRIMARY       Set the algorithm for the primary password only.

   SECONDARY     Set the algorithm for the secondary password only.

   Type          Definition


   VMS           The algorithm used in the version of VMS that is
                 running on your system.
   CUSTOMER      A numeric value in the range 128-255 identifies a
                 customer algorithm.

/ASTLM

      /ASTLM=value

   Specifies the AST queue limit, which is the total number of
   asynchronous system trap (AST) operations and scheduled wake-
   up requests that the user can have queued at one time. The default
   is 24.

/BATCH

      /BATCH[=(range[,...])]

   Specifies the hours of access permitted for batch jobs. For a
   description of the range specification, see the /ACCESS qualifier.
   By default, a user can submit batch jobs any time.

/BIOLM

      /BIOLM=value

   Specifies a buffered I/O count limit for the BIOLM field of the
   UAF record. The buffered I/O count limit is the maximum number
   of buffered I/O operations, such as terminal I/O, that can be
   outstanding at one time. The default is 18.

/BYTLM

      /BYTLM=value

   Specifies the buffered I/O byte limit for the BYTLM field of the
   UAF record. The buffered I/O byte limit is the maximum number
   of bytes of nonpaged system dynamic memory that a user's job
   may consume at one time. Nonpaged dynamic memory is used for
   operations such as I/O buffering, mailboxes, and file-access
   windows. The default is 8192.

/CLI

      /CLI=cli-name

   Specifies the name of the default command language interpreter
   (CLI) for the CLI field of the UAF record. The cli-name is 1
   through 12 alphanumeric characters and should be either DCL or
   MCR. The default is DCL.

/CLITABLES

      /CLITABLES=filespec

   Specifies user-defined CLI tables for the account, from 1 to 31
   characters. The default is SYS$LIBRARY:DCLTABLES.

/CPUTIME

      /CPUTIME=time

   Specifies the maximum process CPU time for the CPU field of the
   UAF record. The maximum process CPU time is the maximum amount of
   CPU time a user's process can take per session. You must specify a
   delta-time value. The default is 0, which means an infinite amount
   of time.

/DEFPRIVILEGES

      /DEFPRIVILEGES=([NO]privname[,...])

   Specifies default privileges for the user; that is, those enabled
   at login time. A NO prefix removes a privilege from the user.
   The keyword [NO]ALL specified with the /DEFPRIVILEGES qualifier
   disables or enables all user privileges. The default privileges
   are TMPMBX and NETMBX.

/DEVICE

      /DEVICE=device-name

   Specifies the name of the user's default device at login. The
   device-name is a 1 through 31 alphanumeric character string.
   If you omit the colon from the device-name value, a colon is
   appended. The default device is SYS$SYSDISK.

/DIALUP

      /DIALUP[=(range[,...])]

   Specifies hours of access permitted for dialup logins. For a
   description of the range specification, see the /ACCESS qualifier.
   The default is full access.

/DIOLM

      /DIOLM=value

   Specifies the direct I/O count limit for the DIOLM field of the
   UAF record. The direct I/O count limit is the maximum number of
   direct I/O operations (usually disk) that can be outstanding at
   one time. The default is 18.

/DIRECTORY

      /DIRECTORY=directory-name

   Specifies the default directory-name for the DIRECTORY field of
   the UAF record. The directory-name is 1 through 63 alphanumeric
   characters. Brackets are added to the directory name if omitted.
   The default directory name is [USER].

/ENQLM

      /ENQLM=value

   Specifies the lock queue limit for the ENQLM field of the UAF
   record. The lock queue limit is the maximum number of locks that
   can be queued by the user at one time. The default is 100.

/EXPIRATION

      /EXPIRATION=time (default)
      /NOEXPIRATION

   Specifies the expiration date and time of the account. The
   /NOEXPIRATION qualifier removes the expiration date on the account
   or resets the expiration time for expired accounts. The default
   expiration time period is 90 days for nonprivileged users.

/FILLM

      /FILLM=value

   Specifies the open file limit for the FILLM field of the UAF
   record. The open file limit is the maximum number of files that
   can be open at one time, including active network logical links.
   The default is 20.

/FLAGS

      /FLAGS=([NO]option[,...])

   Specifies login flags for the user. A NO in front of the flag
   clears the flag. The following are valid options:

   AUDIT                 Enables or disables security auditing for a
                         specific user. By default, VMS does not
                         audit the activities of specific users
                         (NOAUDIT).

   AUTOLOGIN             Restricts the user to the automatic login
                         mechanism when logging in to an account.
                         When set, the flag disables login by any
                         terminal that requires entry of a user name
                         and password. The default is to require a
                         user name and password (NOAUTOLOGIN).

   CAPTIVE               Prevents the user from changing any defaults
                         at login, for example, /CLI, /DISK,
                         /COMMAND, or /LGICMD. It also prevents
                         the user from escaping the captive login
                         command procedure and gaining access to
                         the DCL command level. The CAPTIVE flag
                         establishes an environment where Ctrl
                         /Y interrupts are initially turned off;
                         however, command procedures can still turn
                         on Ctrl/Y interrupts with the DCL command
                         SET CONTROL=Y. By default, an account is not
                         captive (NOCAPTIVE).

   DEFCLI                Restricts the user to the default command
                         interpreter by prohibiting the use of the
                         /CLI qualifier at login; (the MCR command
                         can still be used). By default, a user can
                         choose a CLI (NODEFCLI).

   DISCTLY               Establishes an environment where Ctrl
                         /Y interrupts are initially turned off
                         and are invalid until a SET CONTROL_
                         Y is encountered. This could happen in
                         SYLOGIN.COM or in a procedure called
                         by SYLOGIN.COM. Once a SET CONTROL_Y is
                         executed (which requires no privilege),
                         a user can enter a Ctrl/Y and reach the
                         DCL. If the intent of DISCTLY is to force
                         execution of the login command files, then
                         SYLOGIN.COM should issue the DCL command SET
                         CONTROL_Y before exiting to turn on Ctrl/Y
                         interrupts. By default, Ctrl/Y is enabled
                         (NODISCTLY).

   DISFORCE_PWD_CHANGE   Removes the requirement that a user must
                         change an expired password at login.
                         By default, a person can use an expired
                         password only once (NODISFORCE_PWD_CHANGE),
                         and then he or she is forced to change the
                         password after logging in. If a new password
                         is not selected, the user is locked out of
                         the system.

   DISIMAGE              Prevents the user from executing the RUN or
                         the MCR command or from using the foreign
                         command mechanism in DCL. By default, a user
                         can execute RUN, MCR, and foreign commands
                         (NODISIMAGE).

   DISMAIL               Disables mail delivery to the user.
                         By default, mail delivery is enabled
                         (NODISMAIL).

   DISNEWMAIL            Suppresses announcements of new mail at
                         login. By default, VMS announces new mail
                         (NODISNEWMAIL).

   DISPWDDIC             Disables automatic screening of new
                         passwords against a system dictionary.
                         By default, passwords are automatically
                         screened (NODISPWDDIC).

   DISPWDHIS             Disables automatic checking of new passwords
                         against a list of the user's old passwords.
                         By default, VMS screens new passwords
                         (NODISPWDHIS).

   DISRECONNECT          Disables automatic reconnection to an
                         existing process when a terminal connection
                         has been interrupted. By default, automatic
                         reconnection is disabled (DISRECONNECT).

   DISREPORT             Suppresses reports of the last login time,
                         login failures, and other security reports.
                         By default, login information is displayed
                         (NODISREPORT).

   DISUSER               Disables the account so the user cannot
                         log in. For example, the DEFAULT account is
                         disabled. By default, an account is enabled
                         (NODISUSER).

   DISWELCOME            Suppresses the "Welcome to ..." system login
                         message. By default, a system login message
                         appears (NODISWELCOME).

   GENPWD                Restricts the user to generated passwords.
                         By default, users choose their own passwords
                         (NOGENPWD).

   LOCKPWD               Prevents the user from changing the password
                         for the account. By default, users can
                         change their passwords (NOLOCKPWD).

   PWD_EXPIRED           Marks a password as expired. Users cannot
                         log in if this flag is set. LOGINOUT.EXE
                         sets the flag when users log in with the
                         DISFORCE_PWD_CHANGE flag set and their
                         password is expired. Primarily, a system
                         manager will only be clearing this flag.
                         By default, passwords are not expired after
                         login (NOPWD_EXPIRED).

   PWD2_EXPIRED          Marks a secondary password as expired.
                         Users cannot log in if this flag is set.
                         LOGINOUT.EXE sets the flag if users log in
                         with the DISFORCE_PWD_CHANGE flag set and
                         their passwords expire. Primarily, a system
                         manager will only be clearing this flag.
                         By default, passwords are not set to expire
                         after login (NOPWD2_EXPIRED).

   RESTRICTED            Prevents the user from changing any defaults
                         at login (for example, specifying /DISK,
                         /COMMAND, or /LGICMD) and prohibits user
                         specification of a CLI with the /CLI
                         qualifier. The RESTRICTED flag establishes
                         an environment where Ctrl/Y interrupts are
                         initially turned off; however, command
                         procedures can still turn on Ctrl/Y
                         interrupts with the DCL command SET CONTROL_
                         Y. This flag is typically used to prevent an
                         applications user from having unrestricted
                         access to the CLI. By default, a user can
                         change defaults (NORESTRICTED).

                         The flag provides compatibility with CAPTIVE
                         accounts in VMS systems prior to Version
                         5.2.

/GENERATE_PASSWORD

      /GENERATE_PASSWORD[=keyword]
      /NOGENERATE_PASSWORD (default)

   Invokes the password generator to create user passwords. Generated
   passwords can consist of 1 to 10 characters. Specify one of the
   following keywords:

   BOTH       Generate primary and secondary passwords.

   CURRENT    Do whatever the DEFAULT account does. This could mean
              to generate primary, secondary, both, or no passwords.
              This is the default keyword.

   PRIMARY    Generate primary password only.

   SECONDARY  Generate secondary password only.

   Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are
   mutually exclusive, and whenever you modify a password, the
   original one expires and the new one is valid for only one login.

/INTERACTIVE

      /INTERACTIVE[ =(range[,...])]

   Specifies the hours of access for interactive logins. For a
   description of the range specification, see the /ACCESS qualifier.
   By default, there are no access restrictions on interactive
   logins.

/JTQUOTA

      /JTQUOTA=value

   Specifies the initial byte quota with which the job-wide logical
   name table is to be created. By default, the value is 1024.

/LGICMD

      /LGICMD=filespec

   Specifies the name of the default login command file. The file
   name defaults to the device specified for /DEVICE, the directory
   specified for /DIRECTORY, a file name of LOGIN, and a file type
   of COM. If you select the defaults for all these values, the file
   name is SYS$SYSTEM:[USER]LOGIN.COM.

/LOCAL

      /LOCAL[=(range[,...])]

   Specifies hours of access for interactive logins from local
   terminals. For a description of the range specification, see the
   /ACCESS qualifier. By default, there are no access restrictions on
   local logins.

/MAXACCTJOBS

      /MAXACCTJOBS=value

   Specifies the maximum number of batch, interactive, and detached
   processes that may be active at one time for all users of the same
   account. By default, a user has a maximum of 0, which represents
   an unlimited number.

/MAXDETACH

      /MAXDETACH=value

   Specifies the maximum number of detached processes with the
   cited user name that may be active at one time. The keyword NONE
   indicates the user cannot create detached processes. By default, a
   user has a value of 0, which represents an unlimited number.

/MAXJOBS

      /MAXJOBS=value

   Specifies the maximum number of processes (interactive, batch,
   detached, and network) with the cited user name that may be active
   simultaneously. The first four network jobs are not counted. By
   default, a user has a maximum value of 0, which represents an
   unlimited number.

/MODIFY_IDENTIFIER

      /MODIFY_IDENTIFIER (default)
      /NOMODIFY_IDENTIFIER

   Specifies whether the identifier associated with the cited user
   is to be modified in the rights database. This qualifier only
   applies when you modify the UIC or user name in the UAF record. By
   default, the associated identifiers are modified.

/NETWORK

      /NETWORK[=(range[,...])]

   Specifies hours of access for network batch jobs. For a
   description of the range specification, see the /ACCESS qualifier.
   By default, there are no access restrictions on network logins.

/OWNER

      /OWNER=owner-name

   Specifies the name of the owner of the account. This name can
   be used, for example, for billing purposes. The owner-name is 1
   through 31 characters and there is no default.

/PASSWORD

      /PASSWORD=(password1[,password2])
      /NOPASSWORD

   Specifies up to two passwords for login. Passwords can be from
   0 to 32 characters in length, and can include alphanumeric
   characters, dollar signs, and underscores.

   To set only the first password, specify /PASSWORD=password. To set
   both the first and second password, specify /PASSWORD=(password1,
   password2). To change the first password without affecting the
   second, specify /PASSWORD=(password, ""). To change the second
   password without affecting the first, specify /PASSWORD=("",
   password). To set both passwords to null, specify /NOPASSWORD.

   By default, the ADD command assigns a password of 'USER'. When
   creating a new UAF record with the COPY or RENAME command, you
   must specify a password.

/PGFLQUOTA

      /PGFLQUOTA=value

   Specifies the paging file limit. This is the maximum number of
   pages that the person's process can use in the system paging file.
   By default, the value is 10,240.

/PRCLM

      /PRCLM=value

   Specifies the subprocess creation limit. This is the maximum
   number of subprocesses that can exist at one time for the
   specified user's process. By default, the value is 2.

/PRIMEDAYS

      /PRIMEDAYS=([NO]day[,...])

   Defines the primary and secondary days of the week for logging
   in. A day prefixed with NO is a secondary day; without a NO it
   is a primary day. Specify the days as a list separated by commas
   and enclosed in parentheses. Use the primary and secondary day
   definitions in conjunction with such qualifiers as /ACCESS,
   /INTERACTIVE, and /BATCH. By default, primary days are Monday
   through Friday and the secondary days are Saturday and Sunday. Any
   days omitted from the list take their default value.

/PRIORITY

      /PRIORITY=value

   Specifies the default base priority. The value is an integer in
   the range of 0 through 31. By default, the value is set to 4 for
   timesharing users.

/PRIVILEGES

      /PRIVILEGES=([NO]privname[,...])

   Specifies which privileges the user is authorized to hold although
   these privileges are not necessarily enabled at login. (The
   /DEFPRIVILEGES determines which are enabled). A NO prefix removes
   the privilege from the user. The keyword NOALL disables all user
   privileges. There are many privileges available with varying
   degrees of power and potential system impact. Please see the Guide
   to VMS System Security for a detailed discussion. By default, a
   user holds TMPMBX and NETMBX privileges.

/PWDEXPIRED

      /PWDEXPIRED (default)
      /NOPWDEXPIRED

   Specifies the password is valid for only one login. Users must
   change their passwords immediately after login or be locked out of
   the system. For a week prior to expiration, the VMS system warns
   users of the upcoming password expiration. They can either specify
   a new password during the week with the DCL command SET PASSWORD
   or wait until expiration and be forced to change. By default, a
   user has to change a password when first logging in to an account.

/PWDLIFETIME

      /PWDLIFETIME=time (default)
      /NOPWDLIFETIME

   Specifies the length of time a password is valid. You must specify
   a delta-time value, which takes the form [dddd-] [hh:mm:ss.cc].
   For example, a lifetime of 120 days, 0 hours, 0 seconds would
   be expressed as /PWDLIFETIME="120-", whereas a lifetime of 120
   days 12 hours, 30 minutes and 30 seconds would be expressed as
   /PWDLIFETIME="120-12:30:30". If a period longer than the specified
   time has elapsed when the user logs in, a warning message is
   displayed, and the password is marked as expired. A time equal to
   NONE means that the password never expires. By default, a password
   expires in 90 days.

/PWDMINIMUM

      /PWDMINIMUM=value

   Specifies the minimum password length in characters. By default, a
   password must have at least 6 characters.

/REMOTE

      /REMOTE[=(range[,...])]

   Specifies hours during which access is permitted for interactive
   logins from network remote terminals (with the DCL command SET
   HOST). For a description of the range specification, see the
   /ACCESS qualifier. By default, remote logins have no access
   restrictions.

/SHRFILLM

      /SHRFILLM=value

   Specifies the maximum number of shared files the user may have
   open at one time. By default, VMS assigns a value of 0, which
   represents an infinite number.

/TQELM

   Specifies the total number of entries in the timer queue plus the
   number of temporary common event flag clusters that the user can
   have at one time. By default, a user can have 10.

/UIC

      /UIC=value

   Specifies the user identification code (UIC). The UIC value is
   a group number in the range 1-37776 (octal) and a member number
   in the range 0-177776 (octal), which are separated by a comma
   and enclosed in brackets. Each user should have a unique UIC. By
   default, the UIC value is [200,200].

/WSDEFAULT

      /WSDEFAULT=value

   Specifies the default working set size. This represents the
   initial limit to the number of physical pages the process can
   use. The minimum value is 50 pages. By default, a user has 150
   pages.

/WSEXTENT

      /WSEXTENT=value

   Specifies the working set maximum. This represents the maximum
   amount of physical memory allowed to the process. The system
   provides memory to a process beyond its working set quota only
   when it has excess free pages. The additional memory is recalled
   by the system if needed. The value is an integer equal to or
   greater than WSQUOTA. By default, the value is 512.

/WSQUOTA

      /WSQUOTA=value

   Specifies the working set quota. This is the maximum amount of
   physical memory a user process can lock into its working set. It
   also represents the maximum amount of swap space that the system
   reserves for this process and the maximum amount of physical
   memory that the system allows the process to consume if the
   system-wide memory demand is significant. The minimum value is
   50 pages. By default, the quota is 256.

Examples

   1.  UAF> ADD ROBIN /PASSWORD=SP0152/UIC=[014,006] -
       _/DEVICE=SYS$USER/DIRECTORY=[ROBIN]/OWNER="JOSEPH ROBIN" /ACCOUNT=INV
       %UAF-I-ADDMSG, user record successfully added
       %UAF-I-RDBADDMSGU, identifier ROBIN value: [000014,000006] added to
         RIGHTSLIST.DAT
       %UAF-I-RDBADDMSGU, identifier INV value: [000014,177777] added to
         RIGHTSLIST.DAT

     This example illustrates the typical ADD command and
     qualifiers. The record that results from this command appears
     in the description of the SHOW command.

/IDENTIFIER

   Adds an identifier to the rights database.

   Format

     ADD/IDENTIFIER  [id-name]

Additional information available:

ParameterQualifiersExamples

Parameter

id-name
   Specifies the name of the identifier to be added to the rights
   database. If you omit the name, you must specify the /USER
   qualifier. The identifier name is a string of 1 through 31
   alphanumeric characters that may contain underscores and dollar
   signs. The name must contain at least one nonnumeric character.

Qualifiers

Additional information available:

/ATTRIBUTES/USER/VALUE

/ATTRIBUTES
      /ATTRIBUTES=(keyword[,...])

   Specifies attributes to be associated with the new identifier. The
   following are valid keywords:

   [NO]RESOURCE  Determines whether holders of the identifier may
                 charge disk space to the identifier. The default is
                 NORESOURCE.

   [NO]DYNAMIC   Determines whether unprivileged holders of the
                 identifier may add or remove the identifier from
                 the process rights list by using the DCL command SET
                 RIGHTS_LIST. The default is NODYNAMIC.

/USER
      /USER=user-spec

   Scans the UAF record for the specified user and creates the
   corresponding identifier. Specify user-spec by user name or
   UIC. You can use the asterisk wildcard to specify multiple user
   names or UICs. Full use of the asterisk and percent wildcards
   is permitted for user names; UICs must be in the form [*,*],
   [n,*], [*,n], or [n,n]. A wildcard user name specification (*)
   creates identifiers alphabetically by user name; a wildcard UIC
   specification ([*,*]) creates them in numerical order by UIC.

/VALUE
      /VALUE=value-specifier

   Specifies the value to be attached to the identifier. The
   following are valid formats for the value-specifier:

   IDENTIFIER:integer  An integer value in the range of 65,536 to
                       268,435,455. You may also specify the value
                       in hexadecimal (precede the value with %X) or
                       octal (precede the value with %O).

                       The VMS system displays this type of
                       identifier in hexadecimal. Note that
                       %X80000000 is added to the value you specify
                       in order to differentiate general identifiers
                       from UIC identifiers.

   UIC:uic             A UIC value in standard UIC format consists
                       of a member name and, optionally, a group
                       name enclosed in brackets, for example,
                       [GROUP1,JONES] or [360,031].

                       In alphanumeric UICs, the group and member
                       names can each contain up to 31 alphanumeric
                       characters, at least one of which is
                       alphabetic. The names can include the
                       characters A through Z, dollar signs ($),
                       underscores (_),  and the numbers 0 through 9.

                       In numeric UICs, the group number is an octal
                       number in the range of 1 through 37776; the
                       member number is an octal number in the range
                       of 0 through 177776. You can omit leading
                       zeros when you are specifying group and member
                       numbers.

                       Regardless of the UIC format you use, the
                       system translates a UIC to a 32-bit numeric
                       value.

   Typically, system managers add identifiers as UIC values when
   representing system users; identifiers in integer format are
   applied to system resources.

Examples

   1.  UAF> ADD/IDENTIFIER/VALUE=UIC:[300,011] INVENTORY
       %UAF-I-RDBADDMSGU, identifier INVENTORY value: [000300,000011] added
             to RIGHTSLIST.DAT

     The command in this example adds an identifier named INVENTORY
     to the rights database. By default, the identifier is not
     marked as a resource.

/PROXY

   Adds user entries to the network proxy authorization file.

   Format

     ADD/PROXY  node::remote-user local-user[,...]

Additional information available:

ParametersPositional QualifierExamples

Parameters

node
   Specifies a node name (1 through 6 alphanumeric characters). If
   you specify an asterisk (*), the specified remote user on all
   nodes is served by the account specified as local-user.

remote-user
   Specifies the user name of a user at a remote node. If you specify
   an asterisk, all users at the specified node are served by the
   local user.

   For non-VMS systems that implement DECnet Phase IV+, specifies
   the UIC of a user at a remote node. You can specify a wildcard
   asterisk in the group and member fields of the UIC.

local-user
   Specifies the user names of from 1 to 16 users on the local node.
   If you specify an asterisk, a local-user name equal to remote-user
   name will be used.

Positional Qualifier

Additional information available:

/DEFAULT

/DEFAULT
   Establishes the specified user name as the default proxy account.
   The remote user can request proxy access to an authorized account
   other than the default proxy account by specifying the name of
   the proxy account in the access control string of the network
   operation.

Examples

   1.  UAF> ADD/PROXY MISHA::* MARCO/DEFAULT, OSCAR
       %UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT

     The command in this example specifies that any user on the
     remote node MISHA can, by default, use the MARCO account on the
     local node for DECnet tasks such as remote file access. Remote
     users can also access the OSCAR proxy account by specifying the
     user name OSCAR in the access control string when remote node
     access is attempted.

COPY

   Creates a new SYSUAF record that duplicates an existing UAF
   record.

   Format

     COPY  oldusername newusername

Additional information available:

ParametersQualifiersExamples

Parameters

oldusername
   Name of an existing user record to serve as a template for the new
   record.

newusername
   Name for the new user record. The user name is a string of 1
   through 12 alphanumeric characters.

Qualifiers

Additional information available:

/ACCESS/ACCOUNT/ADD_IDENTIFIER/ALGORITHM/ASTLM
/BATCH/BIOLM/BYTLM/CLI/CLITABLES/CPUTIME
/DEFPRIVILEGES/DEVICE/DIALUP/DIOLM/DIRECTORY
/ENQLM/EXPIRATION/FILLM/FLAGS/GENERATE_PASSWORD
/INTERACTIVE/JTQUOTA/LGICMD/LOCAL/MAXACCTJOBS
/MAXDETACH/MAXJOBS/MODIFY_IDENTIFIER/NETWORK/OWNER
/PASSWORD/PGFLQUOTA/PRCLM/PRIMEDAYS
/PRIORITY/PRIVILEGES/PWDEXPIRED/PWDLIFETIME
/PWDMINIMUM/REMOTE/SHRFILLM/TQELM/UIC/WSDEFAULT
/WSEXTENT/WSQUOTA

/ACCESS

      /ACCESS[=(range[,...])]

   Specifies hours of access for all modes of access. Syntax for
   range specification is:

   /[NO]ACCESS=([PRIMARY], [n-m], [n], [,...],[SECONDARY], [n-m], [n], [,...])

   Specify hours as integers from 0 to 23, inclusive. Hours may be
   specified as single hours (n),  or as ranges of hours (n-m). If
   the ending hour of a range is earlier than the starting hour,
   the range extends from the starting hour through midnight to the
   ending hour. The first set of hours after the keyword PRIMARY
   specifies hours on primary days; the second set of hours after
   the keyword SECONDARY specifies hours on secondary days. Note that
   hours are inclusive; that is, if you grant access during a given
   hour, access extends to the end of that hour.

   By default, a user has full access everyday. See the DCL command
   SET DAY in the VMS DCL Dictionary for information on overriding
   the defaults for primary and secondary day types.

/ACCOUNT

      /ACCOUNT=account-name

   Specifies a 1 through 8 alphanumeric character string that is
   the default name for the account (for example, a billing name or
   number). By default, no account name is assigned.

/ADD_IDENTIFIER

      /ADD_IDENTIFIER (default)
      /NOADD_IDENTIFIER

   Adds identifiers for the user name and account name to the
   rights database. The qualifier is used only with the ADD and COPY
   commands.

/ALGORITHM

      /ALGORITHM=keyword=type [=value]

   Sets the password encryption algorithm for a user. The keyword VMS
   refers to the algorithm used in the version of VMS that is running
   on your system, whereas a customer algorithm is one that is added
   through the $HASH_PASSWORD system service by a customer site, by
   a layered product, or by a third party. The customer algorithm
   is identified in $HASH_PASSWORD by an integer in the range of
   128-255. The customer algorithm number has to correspond with the
   number used in the AUTHORIZE command MODIFY/ALGORITHM. By default,
   passwords are encrypted with the VMS algorithm for the current
   version of he operating system.

   Keyword       Function


   BOTH          Set the algorithm for primary and secondary
                 passwords.
   CURRENT       Set the algorithm for the primary, secondary, both,
                 or no passwords depending on account status. Current
                 is the default value.

   PRIMARY       Set the algorithm for the primary password only.

   SECONDARY     Set the algorithm for the secondary password only.

   Type          Definition


   VMS           The algorithm used in the version of VMS that is
                 running on your system.
   CUSTOMER      A numeric value in the range 128-255 identifies a
                 customer algorithm.

/ASTLM

      /ASTLM=value

   Specifies the AST queue limit, which is the total number of
   asynchronous system trap (AST) operations and scheduled wake-
   up requests that the user can have queued at one time. The default
   is 24.

/BATCH

      /BATCH[=(range[,...])]

   Specifies the hours of access permitted for batch jobs. For a
   description of the range specification, see the /ACCESS qualifier.
   By default, a user can submit batch jobs any time.

/BIOLM

      /BIOLM=value

   Specifies a buffered I/O count limit for the BIOLM field of the
   UAF record. The buffered I/O count limit is the maximum number
   of buffered I/O operations, such as terminal I/O, that can be
   outstanding at one time. The default is 18.

/BYTLM

      /BYTLM=value

   Specifies the buffered I/O byte limit for the BYTLM field of the
   UAF record. The buffered I/O byte limit is the maximum number
   of bytes of nonpaged system dynamic memory that a user's job
   may consume at one time. Nonpaged dynamic memory is used for
   operations such as I/O buffering, mailboxes, and file-access
   windows. The default is 8192.

/CLI

      /CLI=cli-name

   Specifies the name of the default command language interpreter
   (CLI) for the CLI field of the UAF record. The cli-name is 1
   through 12 alphanumeric characters and should be either DCL or
   MCR. The default is DCL.

/CLITABLES

      /CLITABLES=filespec

   Specifies user-defined CLI tables for the account, from 1 to 31
   characters. The default is SYS$LIBRARY:DCLTABLES.

/CPUTIME

      /CPUTIME=time

   Specifies the maximum process CPU time for the CPU field of the
   UAF record. The maximum process CPU time is the maximum amount of
   CPU time a user's process can take per session. You must specify a
   delta-time value. The default is 0, which means an infinite amount
   of time.

/DEFPRIVILEGES

      /DEFPRIVILEGES=([NO]privname[,...])

   Specifies default privileges for the user; that is, those enabled
   at login time. A NO prefix removes a privilege from the user.
   The keyword [NO]ALL specified with the /DEFPRIVILEGES qualifier
   disables or enables all user privileges. The default privileges
   are TMPMBX and NETMBX.

/DEVICE

      /DEVICE=device-name

   Specifies the name of the user's default device at login. The
   device-name is a 1 through 31 alphanumeric character string.
   If you omit the colon from the device-name value, a colon is
   appended. The default device is SYS$SYSDISK.

/DIALUP

      /DIALUP[=(range[,...])]

   Specifies hours of access permitted for dial-up logins. For a
   description of the range specification, see the /ACCESS qualifier.
   The default is full access.

/DIOLM

      /DIOLM=value

   Specifies the direct I/O count limit for the DIOLM field of the
   UAF record. The direct I/O count limit is the maximum number of
   direct I/O operations (usually disk) that can be outstanding at
   one time. The default is 18.

/DIRECTORY

      /DIRECTORY=directory-name

   Specifies the default directory-name for the DIRECTORY field of
   the UAF record. The directory-name is 1 through 63 alphanumeric
   characters. Brackets are added to the directory name if omitted.
   The default directory name is [USER].

/ENQLM

      /ENQLM=value

   Specifies the lock queue limit for the ENQLM field of the UAF
   record. The lock queue limit is the maximum number of locks that
   can be queued by the user at one time. The default is 100.

/EXPIRATION

      /EXPIRATION=time (default)
      /NOEXPIRATION

   Specifies the expiration date and time of the account. The
   /NOEXPIRATION qualifier removes the expiration date on the account
   or resets the expiration time for expired accounts. The default
   expiration time period is 90 days for nonprivileged users.

/FILLM

      /FILLM=value

   Specifies the open file limit for the FILLM field of the UAF
   record. The open file limit is the maximum number of files that
   can be open at one time, including active network logical links.
   The default is 20.

/FLAGS

      /FLAGS=([NO]option[,...])

   Specifies login flags for the user. A NO in front of the flag
   clears the flag. The following are valid options:

   AUDIT                 Enables or disables security auditing for a
                         specific user. By default, VMS does not
                         audit the activities of specific users
                         (NOAUDIT).

   AUTOLOGIN             Restricts the user to the automatic login
                         mechanism when logging in to an account.
                         When set, the flag disables login by any
                         terminal that requires entry of a user name
                         and password. The default is to require a
                         user name and password (NOAUTOLOGIN).

   CAPTIVE               Prevents the user from changing any defaults
                         at login, for example, /CLI, /DISK,
                         /COMMAND, or /LGICMD. It also prevents
                         the user from escaping the captive login
                         command procedure and gaining access to
                         the DCL command level. The CAPTIVE flag
                         establishes an environment where Ctrl
                         /Y interrupts are initially turned off;
                         however, command procedures can still turn
                         on Ctrl/Y interrupts with the DCL command
                         SET CONTROL=Y. By default, an account is not
                         captive (NOCAPTIVE).

   DEFCLI                Restricts the user to the default command
                         interpreter by prohibiting the use of the
                         /CLI qualifier at login; (the MCR command
                         can still be used). By default, a user can
                         choose a CLI (NODEFCLI).

   DISCTLY               Establishes an environment where Ctrl
                         /Y interrupts are initially turned off
                         and are invalid until a SET CONTROL_
                         Y is encountered. This could happen in
                         SYLOGIN.COM or in a procedure called
                         by SYLOGIN.COM. Once a SET CONTROL_Y is
                         executed (which requires no privilege),
                         a user can enter a Ctrl/Y and reach the
                         DCL. If the intent of DISCTLY is to force
                         execution of the login command files, then
                         SYLOGIN.COM should issue the DCL command SET
                         CONTROL_Y before exiting to turn on Ctrl/Y
                         interrupts. By default, Ctrl/Y is enabled
                         (NODISCTLY).

   DISFORCE_PWD_CHANGE   Removes the requirement that a user must
                         change an expired password at login.
                         By default, a person can use an expired
                         password only once (NODISFORCE_PWD_CHANGE),
                         and then he or she is forced to change the
                         password after logging in. If a new password
                         is not selected, the user is locked out of
                         the system.

   DISIMAGE              Prevents the user from executing the RUN or
                         the MCR command or from using the foreign
                         command mechanism in DCL. By default, a user
                         can execute RUN, MCR, and foreign commands
                         (NODISIMAGE).

   DISMAIL               Disables mail delivery to the user.
                         By default, mail delivery is enabled
                         (NODISMAIL).

   DISNEWMAIL            Suppresses announcements of new mail at
                         login. By default, VMS announces new mail
                         (NODISNEWMAIL).

   DISPWDDIC             Disables automatic screening of new
                         passwords against a system dictionary.
                         By default, passwords are automatically
                         screened (NODISPWDDIC).

   DISPWDHIS             Disables automatic checking of new passwords
                         against a list of the user's old passwords.
                         By default, VMS screens new passwords
                         (NODISPWDHIS).

   DISRECONNECT          Disables automatic reconnection to an
                         existing process when a terminal connection
                         has been interrupted. By default, automatic
                         reconnection is disabled (DISRECONNECT).

   DISREPORT             Suppresses reports of the last login time,
                         login failures, and other security reports.
                         By default, login information is displayed
                         (NODISREPORT).

   DISUSER               Disables the account so the user cannot
                         log in. For example, the DEFAULT account is
                         disabled. By default, an account is enabled
                         (NODISUSER).

   DISWELCOME            Suppresses the "Welcome to ..." system login
                         message. By default, a system login message
                         appears (NODISWELCOME).

   GENPWD                Restricts the user to generated passwords.
                         By default, users choose their own passwords
                         (NOGENPWD).

   LOCKPWD               Prevents the user from changing the password
                         for the account. By default, users can
                         change their passwords (NOLOCKPWD).

   PWD_EXPIRED           Marks a password as expired. Users cannot
                         log in if this flag is set. LOGINOUT.EXE
                         sets the flag when users log in with the
                         DISFORCE_PWD_CHANGE flag set and their
                         password is expired. Primarily, a system
                         manager will only be clearing this flag.
                         By default, passwords are not expired after
                         login (NOPWD_EXPIRED).

   PWD2_EXPIRED          Marks a secondary password as expired.
                         Users cannot log in if this flag is set.
                         LOGINOUT.EXE sets the flag if users log in
                         with the DISFORCE_PWD_CHANGE flag set and
                         their passwords expire. Primarily, a system
                         manager will only be clearing this flag.
                         By default, passwords are not set to expire
                         after login (NOPWD2_EXPIRED).

   RESTRICTED            Prevents the user from changing any defaults
                         at login (for example, specifying /DISK,
                         /COMMAND, or /LGICMD) and prohibits user
                         specification of a CLI with the /CLI
                         qualifier. The RESTRICTED flag establishes
                         an environment where Ctrl/Y interrupts are
                         initially turned off; however, command
                         procedures can still turn on Ctrl/Y
                         interrupts with the DCL command SET CONTROL_
                         Y. This flag is typically used to prevent an
                         applications user from having unrestricted
                         access to the CLI. By default, a user can
                         change defaults (NORESTRICTED).

                         The flag provides compatibility with CAPTIVE
                         accounts in VMS systems prior to Version
                         5.2.

/GENERATE_PASSWORD

      /GENERATE_PASSWORD[=keyword]
      /NOGENERATE_PASSWORD (default)

   Invokes the password generator to create user passwords. Generated
   passwords can consist of 1 to 10 characters. Specify one of the
   following keywords:

   BOTH       Generate primary and secondary passwords.

   CURRENT    Do whatever the DEFAULT account does. This could mean
              to generate primary, secondary, both, or no passwords.
              This is the default keyword.

   PRIMARY    Generate primary password only.

   SECONDARY  Generate secondary password only.

   Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are
   mutually exclusive, and whenever you modify a password, the
   original one expires and the new one is valid for only one login.

/INTERACTIVE

      /INTERACTIVE[ =(range[,...])]

   Specifies the hours of access for interactive logins. For a
   description of the range specification, see the /ACCESS qualifier.
   By default, there are no access restrictions on interactive
   logins.

/JTQUOTA

      /JTQUOTA=value

   Specifies the initial byte quota with which the job-wide logical
   name table is to be created. By default, the value is 1024.

/LGICMD

      /LGICMD=filespec

   Specifies the name of the default login command file. The file
   name defaults to the device specified for /DEVICE, the directory
   specified for /DIRECTORY, a file name of LOGIN, and a file type
   of COM. If you select the defaults for all these values, the file
   name is SYS$SYSTEM:[USER]LOGIN.COM.

/LOCAL

      /LOCAL[=(range[,...])]

   Specifies hours of access for interactive logins from local
   terminals. For a description of the range specification, see the
   /ACCESS qualifier. By default, there are no access restrictions on
   local logins.

/MAXACCTJOBS

      /MAXACCTJOBS=value

   Specifies the maximum number of batch, interactive, and detached
   processes that may be active at one time for all users of the same
   account. By default, a user has a maximum of 0, which represents
   an unlimited number.

/MAXDETACH

      /MAXDETACH=value

   Specifies the maximum number of detached processes with the
   cited user name that may be active at one time. The keyword NONE
   indicates the user cannot create detached processes. By default, a
   user has a value of 0, which represents an unlimited number.

/MAXJOBS

      /MAXJOBS=value

   Specifies the maximum number of processes (interactive, batch,
   detached, and network) with the cited user name that may be active
   simultaneously. The first four network jobs are not counted. By
   default, a user has a maximum value of 0, which represents an
   unlimited number.

/MODIFY_IDENTIFIER

      /MODIFY_IDENTIFIER (default)
      /NOMODIFY_IDENTIFIER

   Specifies whether the identifier associated with the cited user
   is to be modified in the rights database. This qualifier only
   applies when you modify the UIC or user name in the UAF record. By
   default, the associated identifiers are modified.

/NETWORK

      /NETWORK[=(range[,...])]

   Specifies hours of access for network batch jobs. For a
   description of the range specification, see the /ACCESS qualifier.
   By default, there are no access restrictions on network logins.

/OWNER

      /OWNER=owner-name

   Specifies the name of the owner of the account. This name can
   be used, for example, for billing purposes. The owner-name is 1
   through 31 characters and there is no default.

/PASSWORD

      /PASSWORD=(password1[,password2])
      /NOPASSWORD

   Specifies up to two passwords for login. Passwords can be from
   0 to 32 characters in length, and can include alphanumeric
   characters, dollar signs, and underscores.

   To set only the first password, specify /PASSWORD=password. To set
   both the first and second password, specify /PASSWORD=(password1,
   password2). To change the first password without affecting the
   second, specify /PASSWORD=(password, ""). To change the second
   password without affecting the first, specify /PASSWORD=("",
   password). To set both passwords to null, specify /NOPASSWORD.

   By default, the ADD command assigns a password of 'USER'. When
   creating a new UAF record with the COPY or RENAME command, you
   must specify a password.

/PGFLQUOTA

      /PGFLQUOTA=value

   Specifies the paging file limit. This is the maximum number of
   pages that the person's process can use in the system paging file.
   By default, the value is 10,240.

/PRCLM

      /PRCLM=value

   Specifies the subprocess creation limit. This is the maximum
   number of subprocesses that can exist at one time for the
   specified user's process. By default, the value is 2.

/PRIMEDAYS

      /PRIMEDAYS=([NO]day[,...])

   Defines the primary and secondary days of the week for logging
   in. A day prefixed with NO is a secondary day; without a NO it
   is a primary day. Specify the days as a list separated by commas
   and enclosed in parentheses. Use the primary and secondary day
   definitions in conjunction with such qualifiers as /ACCESS,
   /INTERACTIVE, and /BATCH. By default, primary days are Monday
   through Friday and the secondary days are Saturday and Sunday. Any
   days omitted from the list take their default value.

/PRIORITY

      /PRIORITY=value

   Specifies the default base priority. The value is an integer in
   the range of 0 through 31. By default, the value is set to 4 for
   timesharing users.

/PRIVILEGES

      /PRIVILEGES=([NO]privname[,...])

   Specifies which privileges the user is authorized to hold although
   these privileges are not necessarily enabled at login. (The
   /DEFPRIVILEGES determines which are enabled). A NO prefix removes
   the privilege from the user. The keyword NOALL disables all user
   privileges. There are many privileges available with varying
   degrees of power and potential system impact. Please see the Guide
   to VMS System Security for a detailed discussion. By default, a
   user holds TMPMBX and NETMBX privileges.

/PWDEXPIRED

      /PWDEXPIRED (default)
      /NOPWDEXPIRED

   Specifies the password is valid for only one login. Users must
   change their passwords immediately after login or be locked out of
   the system. For a week prior to expiration, the VMS system warns
   users of the upcoming password expiration. They can either specify
   a new password during the week with the DCL command SET PASSWORD
   or wait until expiration and be forced to change. By default, a
   user has to change a password when first logging in to an account.

/PWDLIFETIME

      /PWDLIFETIME=time (default)
      /NOPWDLIFETIME

   Specifies the length of time a password is valid. You must specify
   a delta-time value, which takes the form [dddd-] [hh:mm:ss.cc].
   For example, a lifetime of 120 days, 0 hours, 0 seconds would
   be expressed as /PWDLIFETIME="120-", whereas a lifetime of 120
   days 12 hours, 30 minutes and 30 seconds would be expressed as
   /PWDLIFETIME="120-12:30:30". If a period longer than the specified
   time has elapsed when the user logs in, a warning message is
   displayed, and the password is marked as expired. A time equal to
   NONE means that the password never expires. By default, a password
   expires in 90 days.

/PWDMINIMUM

      /PWDMINIMUM=value

   Specifies the minimum password length in characters. By default, a
   password must have at least 6 characters.

/REMOTE

      /REMOTE[=(range[,...])]

   Specifies hours during which access is permitted for interactive
   logins from network remote terminals (with the DCL command SET
   HOST). For a description of the range specification, see the
   /ACCESS qualifier. By default, remote logins have no access
   restrictions.

/SHRFILLM

      /SHRFILLM=value

   Specifies the maximum number of shared files the user may have
   open at one time. By default, VMS assigns a value of 0, which
   represents an infinite number.

/TQELM

   Specifies the total number of entries in the timer queue plus the
   number of temporary common event flag clusters that the user can
   have at one time. By default, a user can have 10.

/UIC

      /UIC=value

   Specifies the user identification code (UIC). The UIC value is
   a group number in the range 1-37776 (octal) and a member number
   in the range 0-177776 (octal), which are separated by a comma
   and enclosed in brackets. Each user should have a unique UIC. By
   default, the UIC value is [200,200].

/WSDEFAULT

      /WSDEFAULT=value

   Specifies the default working set size. This represents the
   initial limit to the number of physical pages the process can
   use. The minimum value is 50 pages. By default, a user has 150
   pages.

/WSEXTENT

      /WSEXTENT=value

   Specifies the working set maximum. This represents the maximum
   amount of physical memory allowed to the process. The system
   provides memory to a process beyond its working set quota only
   when it has excess free pages. The additional memory is recalled
   by the system if needed. The value is an integer equal to or
   greater than WSQUOTA. By default, the value is 512.

/WSQUOTA

      /WSQUOTA=value

   Specifies the working set quota. This is the maximum amount of
   physical memory a user process can lock into its working set. It
   also represents the maximum amount of swap space that the system
   reserves for this process and the maximum amount of physical
   memory that the system allows the process to consume if the
   system-wide memory demand is significant. The minimum value is
   50 pages. By default, the quota is 256.

Examples

   1.  UAF> COPY ROBIN SPARROW /PASSWORD=SP0152
       %UAF-I-COPMSG, user record copied
       %UAF-E-RDBADDERRU, unable to add SPARROW value: [000014,00006] to
             RIGHTSLIST.DAT   -SYSTEM-F-DUPIDENT, duplicate identifier

     The command in this example adds a record for Thomas Sparrow
     that is identical, except for the password, to that of Joseph
     Robin. Note that since there is no change in the UIC value,
     no identifier is added to RIGHTSLIST.DAT. AUTHORIZE issues a
     "duplicate identifier" error message.

CREATE

Additional information available:

/PROXY/RIGHTS

/PROXY

   Creates and initializes the network proxy authorization file,
   NETPROXY.DAT.

   Format

     CREATE/PROXY

/RIGHTS

   Creates and initializes the rights database, RIGHTSLIST.DAT.

   Format

     CREATE/RIGHTS

Additional information available:

Example

Example

   UAF> CREATE/RIGHTS
   %UAF-E-RDBCREERR, unable to create RIGHTSLIST.DAT
   -RMS-E-FEX, file already exists, not superseded

     You can use the command in this example to create and
     initialize a new rights database. Note, however, that
     RIGHTSLIST.DAT is created automatically during the installation
     process. Thus you must delete or rename the existing file
     before creating a new one.

DEFAULT

   Modifies the SYSUAF's DEFAULT record.

   Format

     DEFAULT

Additional information available:

QualifiersExample

Qualifiers

Additional information available:

/ACCESS/ACCOUNT/ADD_IDENTIFIER/ALGORITHM/ASTLM
/BATCH/BIOLM/BYTLM/CLI/CLITABLES/CPUTIME
/DEFPRIVILEGES/DEVICE/DIALUP/DIOLM/DIRECTORY
/ENQLM/EXPIRATION/FILLM/FLAGS/GENERATE_PASSWORD
/INTERACTIVE/JTQUOTA/LGICMD/LOCAL/MAXACCTJOBS
/MAXDETACH/MAXJOBS/MODIFY_IDENTIFIER/NETWORK/OWNER
/PASSWORD/PGFLQUOTA/PRCLM/PRIMEDAYS
/PRIORITY/PRIVILEGES/PWDEXPIRED/PWDLIFETIME
/PWDMINIMUM/REMOTE/SHRFILLM/TQELM/UIC/WSDEFAULT
/WSEXTENT/WSQUOTA

/ACCESS

      /ACCESS[=(range[,...])]

   Specifies hours of access for all modes of access. Syntax for
   range specification is:

   /[NO]ACCESS=([PRIMARY], [n-m], [n], [,...],[SECONDARY], [n-m], [n], [,...])

   Specify hours as integers from 0 to 23, inclusive. Hours may be
   specified as single hours (n),  or as ranges of hours (n-m). If
   the ending hour of a range is earlier than the starting hour,
   the range extends from the starting hour through midnight to the
   ending hour. The first set of hours after the keyword PRIMARY
   specifies hours on primary days; the second set of hours after
   the keyword SECONDARY specifies hours on secondary days. Note that
   hours are inclusive; that is, if you grant access during a given
   hour, access extends to the end of that hour.

   By default, a user has full access everyday. See the DCL command
   SET DAY in the VMS DCL Dictionary for information on overriding
   the defaults for primary and secondary day types.

/ACCOUNT

      /ACCOUNT=account-name

   Specifies a 1 through 8 alphanumeric character string that is
   the default name for the account (for example, a billing name or
   number). By default, no account name is assigned.

/ADD_IDENTIFIER

      /ADD_IDENTIFIER (default)
      /NOADD_IDENTIFIER

   Adds identifiers for the user name and account name to the
   rights database. The qualifier is used only with the ADD and COPY
   commands.

/ALGORITHM

      /ALGORITHM=keyword=type [=value]

   Sets the password encryption algorithm for a user. The keyword VMS
   refers to the algorithm used in the version of VMS that is running
   on your system, whereas a customer algorithm is one that is added
   through the $HASH_PASSWORD system service by a customer site, by
   a layered product, or by a third party. The customer algorithm
   is identified in $HASH_PASSWORD by an integer in the range of
   128-255. The customer algorithm number has to correspond with the
   number used in the AUTHORIZE command MODIFY/ALGORITHM. By default,
   passwords are encrypted with the VMS algorithm for the current
   version of he operating system.

   Keyword       Function


   BOTH          Set the algorithm for primary and secondary
                 passwords.
   CURRENT       Set the algorithm for the primary, secondary, both,
                 or no passwords depending on account status. Current
                 is the default value.

   PRIMARY       Set the algorithm for the primary password only.

   SECONDARY     Set the algorithm for the secondary password only.

   Type          Definition


   VMS           The algorithm used in the version of VMS that is
                 running on your system.
   CUSTOMER      A numeric value in the range 128-255 identifies a
                 customer algorithm.

/ASTLM

      /ASTLM=value

   Specifies the AST queue limit, which is the total number of
   asynchronous system trap (AST) operations and scheduled wake-
   up requests that the user can have queued at one time. The default
   is 24.

/BATCH

      /BATCH[=(range[,...])]

   Specifies the hours of access permitted for batch jobs. For a
   description of the range specification, see the /ACCESS qualifier.
   By default, a user can submit batch jobs any time.

/BIOLM

      /BIOLM=value

   Specifies a buffered I/O count limit for the BIOLM field of the
   UAF record. The buffered I/O count limit is the maximum number
   of buffered I/O operations, such as terminal I/O, that can be
   outstanding at one time. The default is 18.

/BYTLM

      /BYTLM=value

   Specifies the buffered I/O byte limit for the BYTLM field of the
   UAF record. The buffered I/O byte limit is the maximum number
   of bytes of nonpaged system dynamic memory that a user's job
   may consume at one time. Nonpaged dynamic memory is used for
   operations such as I/O buffering, mailboxes, and file-access
   windows. The default is 8192.

/CLI

      /CLI=cli-name

   Specifies the name of the default command language interpreter
   (CLI) for the CLI field of the UAF record. The cli-name is 1
   through 12 alphanumeric characters and should be either DCL or
   MCR. The default is DCL.

/CLITABLES

      /CLITABLES=filespec

   Specifies user-defined CLI tables for the account, from 1 to 31
   characters. The default is SYS$LIBRARY:DCLTABLES.

/CPUTIME

      /CPUTIME=time

   Specifies the maximum process CPU time for the CPU field of the
   UAF record. The maximum process CPU time is the maximum amount of
   CPU time a user's process can take per session. You must specify a
   delta-time value. The default is 0, which means an infinite amount
   of time.

/DEFPRIVILEGES

      /DEFPRIVILEGES=([NO]privname[,...])

   Specifies default privileges for the user; that is, those enabled
   at login time. A NO prefix removes a privilege from the user.
   The keyword [NO]ALL specified with the /DEFPRIVILEGES qualifier
   disables or enables all user privileges. The default privileges
   are TMPMBX and NETMBX.

/DEVICE

      /DEVICE=device-name

   Specifies the name of the user's default device at login. The
   device-name is a 1 through 31 alphanumeric character string.
   If you omit the colon from the device-name value, a colon is
   appended. The default device is SYS$SYSDISK.

/DIALUP

      /DIALUP[=(range[,...])]

   Specifies hours of access permitted for dial-up logins. For a
   description of the range specification, see the /ACCESS qualifier.
   The default is full access.

/DIOLM

      /DIOLM=value

   Specifies the direct I/O count limit for the DIOLM field of the
   UAF record. The direct I/O count limit is the maximum number of
   direct I/O operations (usually disk) that can be outstanding at
   one time. The default is 18.

/DIRECTORY

      /DIRECTORY=directory-name

   Specifies the default directory-name for the DIRECTORY field of
   the UAF record. The directory-name is 1 through 63 alphanumeric
   characters. Brackets are added to the directory name if omitted.
   The default directory name is [USER].

/ENQLM

      /ENQLM=value

   Specifies the lock queue limit for the ENQLM field of the UAF
   record. The lock queue limit is the maximum number of locks that
   can be queued by the user at one time. The default is 100.

/EXPIRATION

      /EXPIRATION=time (default)
      /NOEXPIRATION

   Specifies the expiration date and time of the account. The
   /NOEXPIRATION qualifier removes the expiration date on the account
   or resets the expiration time for expired accounts. The default
   expiration time period is 90 days for nonprivileged users.

/FILLM

      /FILLM=value

   Specifies the open file limit for the FILLM field of the UAF
   record. The open file limit is the maximum number of files that
   can be open at one time, including active network logical links.
   The default is 20.

/FLAGS

      /FLAGS=([NO]option[,...])

   Specifies login flags for the user. A NO in front of the flag
   clears the flag. The following are valid options:

   AUDIT                 Enables or disables security auditing for a
                         specific user. By default, VMS does not
                         audit the activities of specific users
                         (NOAUDIT).

   AUTOLOGIN             Restricts the user to the automatic login
                         mechanism when logging in to an account.
                         When set, the flag disables login by any
                         terminal that requires entry of a user name
                         and password. The default is to require a
                         user name and password (NOAUTOLOGIN).

   CAPTIVE               Prevents the user from changing any defaults
                         at login, for example, /CLI, /DISK,
                         /COMMAND, or /LGICMD. It also prevents
                         the user from escaping the captive login
                         command procedure and gaining access to
                         the DCL command level. The CAPTIVE flag
                         establishes an environment where Ctrl
                         /Y interrupts are initially turned off;
                         however, command procedures can still turn
                         on Ctrl/Y interrupts with the DCL command
                         SET CONTROL=Y. By default, an account is not
                         captive (NOCAPTIVE).

   DEFCLI                Restricts the user to the default command
                         interpreter by prohibiting the use of the
                         /CLI qualifier at login; (the MCR command
                         can still be used). By default, a user can
                         choose a CLI (NODEFCLI).

   DISCTLY               Establishes an environment where Ctrl
                         /Y interrupts are initially turned off
                         and are invalid until a SET CONTROL_
                         Y is encountered. This could happen in
                         SYLOGIN.COM or in a procedure called
                         by SYLOGIN.COM. Once a SET CONTROL_Y is
                         executed (which requires no privilege),
                         a user can enter a Ctrl/Y and reach the
                         DCL. If the intent of DISCTLY is to force
                         execution of the login command files, then
                         SYLOGIN.COM should issue the DCL command SET
                         CONTROL_Y before exiting to turn on Ctrl/Y
                         interrupts. By default, Ctrl/Y is enabled
                         (NODISCTLY).

   DISFORCE_PWD_CHANGE   Removes the requirement that a user must
                         change an expired password at login.
                         By default, a person can use an expired
                         password only once (NODISFORCE_PWD_CHANGE),
                         and then he or she is forced to change the
                         password after logging in. If a new password
                         is not selected, the user is locked out of
                         the system.

   DISIMAGE              Prevents the user from executing the RUN or
                         the MCR command or from using the foreign
                         command mechanism in DCL. By default, a user
                         can execute RUN, MCR, and foreign commands
                         (NODISIMAGE).

   DISMAIL               Disables mail delivery to the user.
                         By default, mail delivery is enabled
                         (NODISMAIL).

   DISNEWMAIL            Suppresses announcements of new mail at
                         login. By default, VMS announces new mail
                         (NODISNEWMAIL).

   DISPWDDIC             Disables automatic screening of new
                         passwords against a system dictionary.
                         By default, passwords are automatically
                         screened (NODISPWDDIC).

   DISPWDHIS             Disables automatic checking of new passwords
                         against a list of the user's old passwords.
                         By default, VMS screens new passwords
                         (NODISPWDHIS).

   DISRECONNECT          Disables automatic reconnection to an
                         existing process when a terminal connection
                         has been interrupted. By default, automatic
                         reconnection is disabled (DISRECONNECT).

   DISREPORT             Suppresses reports of the last login time,
                         login failures, and other security reports.
                         By default, login information is displayed
                         (NODISREPORT).

   DISUSER               Disables the account so the user cannot
                         log in. For example, the DEFAULT account is
                         disabled. By default, an account is enabled
                         (NODISUSER).

   DISWELCOME            Suppresses the "Welcome to ..." system login
                         message. By default, a system login message
                         appears (NODISWELCOME).

   GENPWD                Restricts the user to generated passwords.
                         By default, users choose their own passwords
                         (NOGENPWD).

   LOCKPWD               Prevents the user from changing the password
                         for the account. By default, users can
                         change their passwords (NOLOCKPWD).

   PWD_EXPIRED           Marks a password as expired. Users cannot
                         log in if this flag is set. LOGINOUT.EXE
                         sets the flag when users log in with the
                         DISFORCE_PWD_CHANGE flag set and their
                         password is expired. Primarily, a system
                         manager will only be clearing this flag.
                         By default, passwords are not expired after
                         login (NOPWD_EXPIRED).

   PWD2_EXPIRED          Marks a secondary password as expired.
                         Users cannot log in if this flag is set.
                         LOGINOUT.EXE sets the flag if users log in
                         with the DISFORCE_PWD_CHANGE flag set and
                         their passwords expire. Primarily, a system
                         manager will only be clearing this flag.
                         By default, passwords are not set to expire
                         after login (NOPWD2_EXPIRED).

   RESTRICTED            Prevents the user from changing any defaults
                         at login (for example, specifying /DISK,
                         /COMMAND, or /LGICMD) and prohibits user
                         specification of a CLI with the /CLI
                         qualifier. The RESTRICTED flag establishes
                         an environment where Ctrl/Y interrupts are
                         initially turned off; however, command
                         procedures can still turn on Ctrl/Y
                         interrupts with the DCL command SET CONTROL_
                         Y. This flag is typically used to prevent an
                         applications user from having unrestricted
                         access to the CLI. By default, a user can
                         change defaults (NORESTRICTED).

                         The flag provides compatibility with CAPTIVE
                         accounts in VMS systems prior to Version
                         5.2.

/GENERATE_PASSWORD

      /GENERATE_PASSWORD[=keyword]
      /NOGENERATE_PASSWORD (default)

   Invokes the password generator to create user passwords. Generated
   passwords can consist of 1 to 10 characters. Specify one of the
   following keywords:

   BOTH       Generate primary and secondary passwords.

   CURRENT    Do whatever the DEFAULT account does. This could mean
              to generate primary, secondary, both, or no passwords.
              This is the default keyword.

   PRIMARY    Generate primary password only.

   SECONDARY  Generate secondary password only.

   Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are
   mutually exclusive, and whenever you modify a password, the
   original one expires and the new one is valid for only one login.

/INTERACTIVE

      /INTERACTIVE[ =(range[,...])]

   Specifies the hours of access for interactive logins. For a
   description of the range specification, see the /ACCESS qualifier.
   By default, there are no access restrictions on interactive
   logins.

/JTQUOTA

      /JTQUOTA=value

   Specifies the initial byte quota with which the job-wide logical
   name table is to be created. By default, the value is 1024.

/LGICMD

      /LGICMD=filespec

   Specifies the name of the default login command file. The file
   name defaults to the device specified for /DEVICE, the directory
   specified for /DIRECTORY, a file name of LOGIN, and a file type
   of COM. If you select the defaults for all these values, the file
   name is SYS$SYSTEM:[USER]LOGIN.COM.

/LOCAL

      /LOCAL[=(range[,...])]

   Specifies hours of access for interactive logins from local
   terminals. For a description of the range specification, see the
   /ACCESS qualifier. By default, there are no access restrictions on
   local logins.

/MAXACCTJOBS

      /MAXACCTJOBS=value

   Specifies the maximum number of batch, interactive, and detached
   processes that may be active at one time for all users of the same
   account. By default, a user has a maximum of 0, which represents
   an unlimited number.

/MAXDETACH

      /MAXDETACH=value

   Specifies the maximum number of detached processes with the
   cited user name that may be active at one time. The keyword NONE
   indicates the user cannot create detached processes. By default, a
   user has a value of 0, which represents an unlimited number.

/MAXJOBS

      /MAXJOBS=value

   Specifies the maximum number of processes (interactive, batch,
   detached, and network) with the cited user name that may be active
   simultaneously. The first four network jobs are not counted. By
   default, a user has a maximum value of 0, which represents an
   unlimited number.

/MODIFY_IDENTIFIER

      /MODIFY_IDENTIFIER (default)
      /NOMODIFY_IDENTIFIER

   Specifies whether the identifier associated with the cited user
   is to be modified in the rights database. This qualifier only
   applies when you modify the UIC or user name in the UAF record. By
   default, the associated identifiers are modified.

/NETWORK

      /NETWORK[=(range[,...])]

   Specifies hours of access for network batch jobs. For a
   description of the range specification, see the /ACCESS qualifier.
   By default, there are no access restrictions on network logins.

/OWNER

      /OWNER=owner-name

   Specifies the name of the owner of the account. This name can
   be used, for example, for billing purposes. The owner-name is 1
   through 31 characters and there is no default.

/PASSWORD

      /PASSWORD=(password1[,password2])
      /NOPASSWORD

   Specifies up to two passwords for login. Passwords can be from
   0 to 32 characters in length, and can include alphanumeric
   characters, dollar signs, and underscores.

   To set only the first password, specify /PASSWORD=password. To set
   both the first and second password, specify /PASSWORD=(password1,
   password2). To change the first password without affecting the
   second, specify /PASSWORD=(password, ""). To change the second
   password without affecting the first, specify /PASSWORD=("",
   password). To set both passwords to null, specify /NOPASSWORD.

   By default, the ADD command assigns a password of 'USER'. When
   creating a new UAF record with the COPY or RENAME command, you
   must specify a password.

/PGFLQUOTA

      /PGFLQUOTA=value

   Specifies the paging file limit. This is the maximum number of
   pages that the person's process can use in the system paging file.
   By default, the value is 10,240.

/PRCLM

      /PRCLM=value

   Specifies the subprocess creation limit. This is the maximum
   number of subprocesses that can exist at one time for the
   specified user's process. By default, the value is 2.

/PRIMEDAYS

      /PRIMEDAYS=([NO]day[,...])

   Defines the primary and secondary days of the week for logging
   in. A day prefixed with NO is a secondary day; without a NO it
   is a primary day. Specify the days as a list separated by commas
   and enclosed in parentheses. Use the primary and secondary day
   definitions in conjunction with such qualifiers as /ACCESS,
   /INTERACTIVE, and /BATCH. By default, primary days are Monday
   through Friday and the secondary days are Saturday and Sunday. Any
   days omitted from the list take their default value.

/PRIORITY

      /PRIORITY=value

   Specifies the default base priority. The value is an integer in
   the range of 0 through 31. By default, the value is set to 4 for
   timesharing users.

/PRIVILEGES

      /PRIVILEGES=([NO]privname[,...])

   Specifies which privileges the user is authorized to hold although
   these privileges are not necessarily enabled at login. (The
   /DEFPRIVILEGES determines which are enabled). A NO prefix removes
   the privilege from the user. The keyword NOALL disables all user
   privileges. There are many privileges available with varying
   degrees of power and potential system impact. Please see the Guide
   to VMS System Security for a detailed discussion. By default, a
   user holds TMPMBX and NETMBX privileges.

/PWDEXPIRED

      /PWDEXPIRED (default)
      /NOPWDEXPIRED

   Specifies the password is valid for only one login. Users must
   change their passwords immediately after login or be locked out of
   the system. For a week prior to expiration, the VMS system warns
   users of the upcoming password expiration. They can either specify
   a new password during the week with the DCL command SET PASSWORD
   or wait until expiration and be forced to change. By default, a
   user has to change a password when first logging in to an account.

/PWDLIFETIME

      /PWDLIFETIME=time (default)
      /NOPWDLIFETIME

   Specifies the length of time a password is valid. You must specify
   a delta-time value, which takes the form [dddd-] [hh:mm:ss.cc].
   For example, a lifetime of 120 days, 0 hours, 0 seconds would
   be expressed as /PWDLIFETIME="120-", whereas a lifetime of 120
   days 12 hours, 30 minutes and 30 seconds would be expressed as
   /PWDLIFETIME="120-12:30:30". If a period longer than the specified
   time has elapsed when the user logs in, a warning message is
   displayed, and the password is marked as expired. A time equal to
   NONE means that the password never expires. By default, a password
   expires in 90 days.

/PWDMINIMUM

      /PWDMINIMUM=value

   Specifies the minimum password length in characters. By default, a
   password must have at least 6 characters.

/REMOTE

      /REMOTE[=(range[,...])]

   Specifies hours during which access is permitted for interactive
   logins from network remote terminals (with the DCL command SET
   HOST). For a description of the range specification, see the
   /ACCESS qualifier. By default, remote logins have no access
   restrictions.

/SHRFILLM

      /SHRFILLM=value

   Specifies the maximum number of shared files the user may have
   open at one time. By default, VMS assigns a value of 0, which
   represents an infinite number.

/TQELM

   Specifies the total number of entries in the timer queue plus the
   number of temporary common event flag clusters that the user can
   have at one time. By default, a user can have 10.

/UIC

      /UIC=value

   Specifies the user identification code (UIC). The UIC value is
   a group number in the range 1-37776 (octal) and a member number
   in the range 0-177776 (octal), which are separated by a comma
   and enclosed in brackets. Each user should have a unique UIC. By
   default, the UIC value is [200,200].

/WSDEFAULT

      /WSDEFAULT=value

   Specifies the default working set size. This represents the
   initial limit to the number of physical pages the process can
   use. The minimum value is 50 pages. By default, a user has 150
   pages.

/WSEXTENT

      /WSEXTENT=value

   Specifies the working set maximum. This represents the maximum
   amount of physical memory allowed to the process. The system
   provides memory to a process beyond its working set quota only
   when it has excess free pages. The additional memory is recalled
   by the system if needed. The value is an integer equal to or
   greater than WSQUOTA. By default, the value is 512.

/WSQUOTA

      /WSQUOTA=value

   Specifies the working set quota. This is the maximum amount of
   physical memory a user process can lock into its working set. It
   also represents the maximum amount of swap space that the system
   reserves for this process and the maximum amount of physical
   memory that the system allows the process to consume if the
   system-wide memory demand is significant. The minimum value is
   50 pages. By default, the quota is 256.

Example

   UAF> DEFAULT /DEVICE=SYS$USER/LGICMD=SYS$MANAGER:SECURELGN -
   _UAF>/PRIVILEGES=(TMPMBX,GRPNAM,GROUP)
   %-UAF-MDFYMSG, user record(s) updated

     The command in this example modifies the DEFAULT record,
     changing the default device, default login command file, and
     default privileges.

EXIT

   Enables you to exit from AUTHORIZE and return to DCL command
   level. You can also return to command level by pressing Ctrl/Z.

   Format

     EXIT

Additional information available:

Example

Example

   1.  UAF> EXIT
       %UAF-I-DONEMSG, system authorization file modified
       %UAF-I-NAFNOMODS, no modifications made to network authorization file
       %UAF-I-RDBDONEMSG, rights data base modified

     The command in this example terminates the AUTHORIZE session
     and returns control to the DCL command level. Note that the
     utility reports any modifications made during the session.

GRANT

Additional information available:

/IDENTIFIER

/IDENTIFIER

   Assigns the specified identifier to the user and documents the
   user as a holder of the identifier in the rights database.

   Format

     GRANT/IDENTIFIER  id-name user-spec

Additional information available:

ParametersQualifierExample

Parameters

id-name
   Specifies the identifier name. The identifier name is a string of
   1 through 31 alphanumeric characters that may contain underscores
   and dollar signs. The name must contain at least one nonnumeric
   character.

user-spec
   Specifies the UIC identifier that uniquely identifies the user
   on the system. This type of identifier appears in alphanumeric
   format, for example, [GROUP1,JONES].

Qualifier

Additional information available:

/ATTRIBUTES

/ATTRIBUTES
      /ATTRIBUTES=(keyword[,...])

   Specifies attributes to be associated with the identifier. The
   following are valid keywords:

   [NO]RESOURCE  Determines whether holders of the identifier may
                 charge resources to it. The default is NORESOURCE.

   [NO]DYNAMIC   Determines whether unprivileged holders of the
                 identifier can add or remove it from the process
                 rights list. The default is NODYNAMIC.

Example

   UAF> GRANT/IDENTIFIER INVENTORY [300,015]
   %UAF-I-GRANTMSG, identifier INVENTORY granted to CRAMER

     The command in this example grants the identifier INVENTORY
     to a user with the UIC [300,015]. The user Cramer becomes the
     holder of the identifier and any resources associated with it.
     The following command produces the same result:

         UAF> GRANT/IDENTIFIER INVENTORY CRAMER

HELP

   Displays information concerning the use of AUTHORIZE, including
   formats and explanations of commands, parameters, and qualifiers.

   Format

     HELP  [keyword[,...]

Additional information available:

ParameterExamples

Parameter

keyword[,...]
   Specifies one or more keywords that refer to the topic, command,
   qualifier, or parameter on which you want information from the
   AUTHORIZE Help command.

Examples

   1.  UAF> HELP MODIFY/WSDEFAULT

     The command in this example displays information about the
     /WSDEFAULT qualifier:

         MODIFY

           /WSDEFAULT=n
            Initial limit of a working set for the user process.

LIST

   Writes reports for selected UAF records to a listing file,
   SYSUAF.LIS.

   Format

     LIST  [user-spec]

Additional information available:

ParameterQualifiersExamples

/IDENTIFIER/PROXY/RIGHTS

Parameter

user-spec
   Specifies the user name or UIC of the desired UAF record. Without
   the user-spec parameter, AUTHORIZE lists the user records of all
   users. The asterisk and percent sign wildcards are permitted in
   the user name.

Qualifiers

Additional information available:

/BRIEF/FULL

/BRIEF

   Specifies that a brief report be written to SYSUAF.LIS. /BRIEF is
   the default qualifier.

/FULL

   Specifies that a full report be written to SYSUAF.LIS, including
   identifiers held by the user.

Examples

   1.  UAF> LIST ROBIN/FULL
       %UAF-I-LSTMSG1, writing listing file
       %UAF-I-LSTMSG2, listing file SYSUAF.LIS complete

     This command lists a full report for the user record ROBIN.

/IDENTIFIER

   Creates a listing file (RIGHTSLIST.LIS) in which identifier names,
   attributes, values, and holders are written.

   Format

     LIST/IDENTIFIER  [id-name]

Additional information available:

ParameterQualifiersExamples

Parameter

id-name
   Specifies an identifier name. You can specify the asterisk
   wildcard character (*)  to list all identifiers. If you omit the
   identifier name, you must specify /USER or /VALUE.

Qualifiers

Additional information available:

/BRIEF/FULL/USER/VALUE

/BRIEF
   Specifies a brief listing in which only the identifier name, value
   and attributes appear.

/FULL
   Specifies a full listing, in which the names of the identifier's
   holders are displayed along with the identifier's name, value, and
   attributes. /FULL is the default listing format.

/USER
      /USER=user-spec

   Specifies one or more users whose identifiers are to be listed.
   User-spec may be a user name or UIC. You can use the asterisk
   wildcard to specify multiple user names or UICs. UICs must be
   in the form [*,*], [n,*], [*,n], or [n,n]. A wildcard user name
   specification (*)  lists identifiers alphabetically by user name;
   a wildcard UIC specification ([*,*]) lists them numerically by
   UIC.

/VALUE
      /VALUE=value-specifier

   Specifies the value of the identifier to be listed. The following
   are valid formats for the value-specifier:

   IDENTIFIER:integer  An integer value in the range of 65,536 to
                       268,435,455. You may also specify the value
                       in hexadecimal (precede the value with %X) or
                       octal (precede the value with %O).

                       Note that %X80000000 is added to the value
                       you specify in order to differentiate general
                       identifiers from UIC identifiers.

   UIC:uic             A UIC value in the standard UIC format.

Examples

   1.  UAF> LIST/IDENTIFIER INVENTORY
       %UAF-I-LSTMSG1, writing listing file
       %UAF-I-RLSTMSG, listing file RIGHTSLIST.LIS complete

     The command in this example generates a full listing for the
     identifier INVENTORY, including its value (in hexadecimal),
     holders, and attributes.

/PROXY

   Creates a listing file of the network proxy database entries.

   Format

     LIST/PROXY

Additional information available:

Example

Example

   UAF> LIST/PROXY
   %UAF-I-LSTMSG1, writing listing file
   %UAF-I-NETLSTMSG, listing file NETPROXY.LIS complete

     The command in this example creates a listing file of all the
     entries in the network proxy database.

/RIGHTS

   Lists identifiers held by the specified identifier or, if /USER is
   specified, all identifiers held by the specified users.

   Format

     LIST/RIGHTS  [id-name]

Additional information available:

ParameterQualifierExample

Parameter

[id-name]
   Specifies the name of the identifier associated with the user.
   Specify the identifier in UIC format. If you omit the identifier
   name, you must specify the /USER qualifier.

Qualifier

Additional information available:

/USER

/USER
      /USER=user-spec

   Specifies a user whose identifiers are to be listed. User-spec
   may be a user name or UIC. You can use the asterisk wildcard to
   specify multiple UICs or all user names. UICs must be in the form
   [*,*], [n,*], [*,n], or [n,n]. A wildcard user name specification
   (*)  or wildcard UIC specification ([*,*]) lists all identifiers
   held by users. The wildcard user name specification lists holders'
   user names alphabetically; the wildcard UIC specification lists
   them in the numerical order of their UICs.

Example

   UAF> LIST/RIGHTS PAYROLL
   %UAF-I-LSTMSG1, writing listing file
   %UAF-I-RLSTMSG, listing file RIGHTSLIST.LIS complete

     The command in this example lists identifiers held by PAYROLL,
     providing PAYROLL is the name of a UIC format identifier.

MODIFY

   Changes values in a SYSUAF user record. Qualifiers not specified
   in the command remain unchanged.

   Format

     MODIFY  username /qualifier[,...]

Additional information available:

ParameterQualifiersExamples

/IDENTIFIER/PROXY/SYSTEM_PASSWORD

Parameter

username
   Specifies the name of a user in the SYSUAF. The asterisk and
   percent sign wild card characters are permitted in the user name.
   When you specify a single asterisk for the user name, you modify
   the records of all users.

Qualifiers

Additional information available:

/ACCESS/ACCOUNT/ADD_IDENTIFIER/ALGORITHM/ASTLM
/BATCH/BIOLM/BYTLM/CLI/CLITABLES/CPUTIME
/DEFPRIVILEGES/DEVICE/DIALUP/DIOLM/DIRECTORY
/ENQLM/EXPIRATION/FILLM/FLAGS/GENERATE_PASSWORD
/INTERACTIVE/JTQUOTA/LGICMD/LOCAL/MAXACCTJOBS
/MAXDETACH/MAXJOBS/MODIFY_IDENTIFIER/NETWORK/OWNER
/PASSWORD/PGFLQUOTA/PRCLM/PRIMEDAYS
/PRIORITY/PRIVILEGES/PWDEXPIRED/PWDLIFETIME
/PWDMINIMUM/REMOTE/SHRFILLM/TQELM/UIC/WSDEFAULT
/WSEXTENT/WSQUOTA

/ACCESS

      /ACCESS[=(range[,...])]

   Specifies hours of access for all modes of access. Syntax for
   range specification is:

   /[NO]ACCESS=([PRIMARY], [n-m], [n], [,...],[SECONDARY], [n-m], [n], [,...])

   Specify hours as integers from 0 to 23, inclusive. Hours may be
   specified as single hours (n),  or as ranges of hours (n-m). If
   the ending hour of a range is earlier than the starting hour,
   the range extends from the starting hour through midnight to the
   ending hour. The first set of hours after the keyword PRIMARY
   specifies hours on primary days; the second set of hours after
   the keyword SECONDARY specifies hours on secondary days. Note that
   hours are inclusive; that is, if you grant access during a given
   hour, access extends to the end of that hour.

   By default, a user has full access everyday. See the DCL command
   SET DAY in the VMS DCL Dictionary for information on overriding
   the defaults for primary and secondary day types.

/ACCOUNT

      /ACCOUNT=account-name

   Specifies a 1 through 8 alphanumeric character string that is
   the default name for the account (for example, a billing name or
   number). By default, no account name is assigned.

/ADD_IDENTIFIER

      /ADD_IDENTIFIER (default)
      /NOADD_IDENTIFIER

   Adds identifiers for the user name and account name to the
   rights database. The qualifier is used only with the ADD and COPY
   commands.

/ALGORITHM

      /ALGORITHM=keyword=type [=value]

   Sets the password encryption algorithm for a user. The keyword VMS
   refers to the algorithm used in the version of VMS that is running
   on your system, whereas a customer algorithm is one that is added
   through the $HASH_PASSWORD system service by a customer site, by
   a layered product, or by a third party. The customer algorithm
   is identified in $HASH_PASSWORD by an integer in the range of
   128-255. The customer algorithm number has to correspond with the
   number used in the AUTHORIZE command MODIFY/ALGORITHM. By default,
   passwords are encrypted with the VMS algorithm for the current
   version of he operating system.

   Keyword       Function


   BOTH          Set the algorithm for primary and secondary
                 passwords.
   CURRENT       Set the algorithm for the primary, secondary, both,
                 or no passwords depending on account status. Current
                 is the default value.

   PRIMARY       Set the algorithm for the primary password only.

   SECONDARY     Set the algorithm for the secondary password only.

   Type          Definition


   VMS           The algorithm used in the version of VMS that is
                 running on your system.
   CUSTOMER      A numeric value in the range 128-255 identifies a
                 customer algorithm.

/ASTLM

      /ASTLM=value

   Specifies the AST queue limit, which is the total number of
   asynchronous system trap (AST) operations and scheduled wake-
   up requests that the user can have queued at one time. The default
   is 24.

/BATCH

      /BATCH[=(range[,...])]

   Specifies the hours of access permitted for batch jobs. For a
   description of the range specification, see the /ACCESS qualifier.
   By default, a user can submit batch jobs any time.

/BIOLM

      /BIOLM=value

   Specifies a buffered I/O count limit for the BIOLM field of the
   UAF record. The buffered I/O count limit is the maximum number
   of buffered I/O operations, such as terminal I/O, that can be
   outstanding at one time. The default is 18.

/BYTLM

      /BYTLM=value

   Specifies the buffered I/O byte limit for the BYTLM field of the
   UAF record. The buffered I/O byte limit is the maximum number
   of bytes of nonpaged system dynamic memory that a user's job
   may consume at one time. Nonpaged dynamic memory is used for
   operations such as I/O buffering, mailboxes, and file-access
   windows. The default is 8192.

/CLI

      /CLI=cli-name

   Specifies the name of the default command language interpreter
   (CLI) for the CLI field of the UAF record. The cli-name is 1
   through 12 alphanumeric characters and should be either DCL or
   MCR. The default is DCL.

/CLITABLES

      /CLITABLES=filespec

   Specifies user-defined CLI tables for the account, from 1 to 31
   characters. The default is SYS$LIBRARY:DCLTABLES.

/CPUTIME

      /CPUTIME=time

   Specifies the maximum process CPU time for the CPU field of the
   UAF record. The maximum process CPU time is the maximum amount of
   CPU time a user's process can take per session. You must specify a
   delta-time value. The default is 0, which means an infinite amount
   of time.

/DEFPRIVILEGES

      /DEFPRIVILEGES=([NO]privname[,...])

   Specifies default privileges for the user; that is, those enabled
   at login time. A NO prefix removes a privilege from the user.
   The keyword [NO]ALL specified with the /DEFPRIVILEGES qualifier
   disables or enables all user privileges. The default privileges
   are TMPMBX and NETMBX.

/DEVICE

      /DEVICE=device-name

   Specifies the name of the user's default device at login. The
   device-name is a 1 through 31 alphanumeric character string.
   If you omit the colon from the device-name value, a colon is
   appended. The default device is SYS$SYSDISK.

/DIALUP

      /DIALUP[=(range[,...])]

   Specifies hours of access permitted for dial-up logins. For a
   description of the range specification, see the /ACCESS qualifier.
   The default is full access.

/DIOLM

      /DIOLM=value

   Specifies the direct I/O count limit for the DIOLM field of the
   UAF record. The direct I/O count limit is the maximum number of
   direct I/O operations (usually disk) that can be outstanding at
   one time. The default is 18.

/DIRECTORY

      /DIRECTORY=directory-name

   Specifies the default directory-name for the DIRECTORY field of
   the UAF record. The directory-name is 1 through 63 alphanumeric
   characters. Brackets are added to the directory name if omitted.
   The default directory name is [USER].

/ENQLM

      /ENQLM=value

   Specifies the lock queue limit for the ENQLM field of the UAF
   record. The lock queue limit is the maximum number of locks that
   can be queued by the user at one time. The default is 100.

/EXPIRATION

      /EXPIRATION=time (default)
      /NOEXPIRATION

   Specifies the expiration date and time of the account. The
   /NOEXPIRATION qualifier removes the expiration date on the account
   or resets the expiration time for expired accounts. The default
   expiration time period is 90 days for nonprivileged users.

/FILLM

      /FILLM=value

   Specifies the open file limit for the FILLM field of the UAF
   record. The open file limit is the maximum number of files that
   can be open at one time, including active network logical links.
   The default is 20.

/FLAGS

      /FLAGS=([NO]option[,...])

   Specifies login flags for the user. A NO in front of the flag
   clears the flag. The following are valid options:

   AUDIT                 Enables or disables security auditing for a
                         specific user. By default, VMS does not
                         audit the activities of specific users
                         (NOAUDIT).

   AUTOLOGIN             Restricts the user to the automatic login
                         mechanism when logging in to an account.
                         When set, the flag disables login by any
                         terminal that requires entry of a user name
                         and password. The default is to require a
                         user name and password (NOAUTOLOGIN).

   CAPTIVE               Prevents the user from changing any defaults
                         at login, for example, /CLI, /DISK,
                         /COMMAND, or /LGICMD. It also prevents
                         the user from escaping the captive login
                         command procedure and gaining access to
                         the DCL command level. The CAPTIVE flag
                         establishes an environment where Ctrl
                         /Y interrupts are initially turned off;
                         however, command procedures can still turn
                         on Ctrl/Y interrupts with the DCL command
                         SET CONTROL=Y. By default, an account is not
                         captive (NOCAPTIVE).

   DEFCLI                Restricts the user to the default command
                         interpreter by prohibiting the use of the
                         /CLI qualifier at login; (the MCR command
                         can still be used). By default, a user can
                         choose a CLI (NODEFCLI).

   DISCTLY               Establishes an environment where Ctrl
                         /Y interrupts are initially turned off
                         and are invalid until a SET CONTROL_
                         Y is encountered. This could happen in
                         SYLOGIN.COM or in a procedure called
                         by SYLOGIN.COM. Once a SET CONTROL_Y is
                         executed (which requires no privilege),
                         a user can enter a Ctrl/Y and reach the
                         DCL. If the intent of DISCTLY is to force
                         execution of the login command files, then
                         SYLOGIN.COM should issue the DCL command SET
                         CONTROL_Y before exiting to turn on Ctrl/Y
                         interrupts. By default, Ctrl/Y is enabled
                         (NODISCTLY).

   DISFORCE_PWD_CHANGE   Removes the requirement that a user must
                         change an expired password at login.
                         By default, a person can use an expired
                         password only once (NODISFORCE_PWD_CHANGE),
                         and then he or she is forced to change the
                         password after logging in. If a new password
                         is not selected, the user is locked out of
                         the system.

   DISIMAGE              Prevents the user from executing the RUN or
                         the MCR command or from using the foreign
                         command mechanism in DCL. By default, a user
                         can execute RUN, MCR, and foreign commands
                         (NODISIMAGE).

   DISMAIL               Disables mail delivery to the user.
                         By default, mail delivery is enabled
                         (NODISMAIL).

   DISNEWMAIL            Suppresses announcements of new mail at
                         login. By default, VMS announces new mail
                         (NODISNEWMAIL).

   DISPWDDIC             Disables automatic screening of new
                         passwords against a system dictionary.
                         By default, passwords are automatically
                         screened (NODISPWDDIC).

   DISPWDHIS             Disables automatic checking of new passwords
                         against a list of the user's old passwords.
                         By default, VMS screens new passwords
                         (NODISPWDHIS).

   DISRECONNECT          Disables automatic reconnection to an
                         existing process when a terminal connection
                         has been interrupted. By default, automatic
                         reconnection is disabled (DISRECONNECT).

   DISREPORT             Suppresses reports of the last login time,
                         login failures, and other security reports.
                         By default, login information is displayed
                         (NODISREPORT).

   DISUSER               Disables the account so the user cannot
                         log in. For example, the DEFAULT account is
                         disabled. By default, an account is enabled
                         (NODISUSER).

   DISWELCOME            Suppresses the "Welcome to ..." system login
                         message. By default, a system login message
                         appears (NODISWELCOME).

   GENPWD                Restricts the user to generated passwords.
                         By default, users choose their own passwords
                         (NOGENPWD).

   LOCKPWD               Prevents the user from changing the password
                         for the account. By default, users can
                         change their passwords (NOLOCKPWD).

   PWD_EXPIRED           Marks a password as expired. Users cannot
                         log in if this flag is set. LOGINOUT.EXE
                         sets the flag when users log in with the
                         DISFORCE_PWD_CHANGE flag set and their
                         password is expired. Primarily, a system
                         manager will only be clearing this flag.
                         By default, passwords are not expired after
                         login (NOPWD_EXPIRED).

   PWD2_EXPIRED          Marks a secondary password as expired.
                         Users cannot log in if this flag is set.
                         LOGINOUT.EXE sets the flag if users log in
                         with the DISFORCE_PWD_CHANGE flag set and
                         their passwords expire. Primarily, a system
                         manager will only be clearing this flag.
                         By default, passwords are not set to expire
                         after login (NOPWD2_EXPIRED).

   RESTRICTED            Prevents the user from changing any defaults
                         at login (for example, specifying /DISK,
                         /COMMAND, or /LGICMD) and prohibits user
                         specification of a CLI with the /CLI
                         qualifier. The RESTRICTED flag establishes
                         an environment where Ctrl/Y interrupts are
                         initially turned off; however, command
                         procedures can still turn on Ctrl/Y
                         interrupts with the DCL command SET CONTROL_
                         Y. This flag is typically used to prevent an
                         applications user from having unrestricted
                         access to the CLI. By default, a user can
                         change defaults (NORESTRICTED).

                         The flag provides compatibility with CAPTIVE
                         accounts in VMS systems prior to Version
                         5.2.

/GENERATE_PASSWORD

      /GENERATE_PASSWORD[=keyword]
      /NOGENERATE_PASSWORD (default)

   Invokes the password generator to create user passwords. Generated
   passwords can consist of 1 to 10 characters. Specify one of the
   following keywords:

   BOTH       Generate primary and secondary passwords.

   CURRENT    Do whatever the DEFAULT account does. This could mean
              to generate primary, secondary, both, or no passwords.
              This is the default keyword.

   PRIMARY    Generate primary password only.

   SECONDARY  Generate secondary password only.

   Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are
   mutually exclusive, and whenever you modify a password, the
   original one expires and the new one is valid for only one login.

/INTERACTIVE

      /INTERACTIVE[ =(range[,...])]

   Specifies the hours of access for interactive logins. For a
   description of the range specification, see the /ACCESS qualifier.
   By default, there are no access restrictions on interactive
   logins.

/JTQUOTA

      /JTQUOTA=value

   Specifies the initial byte quota with which the job-wide logical
   name table is to be created. By default, the value is 1024.

/LGICMD

      /LGICMD=filespec

   Specifies the name of the default login command file. The file
   name defaults to the device specified for /DEVICE, the directory
   specified for /DIRECTORY, a file name of LOGIN, and a file type
   of COM. If you select the defaults for all these values, the file
   name is SYS$SYSTEM:[USER]LOGIN.COM.

/LOCAL

      /LOCAL[=(range[,...])]

   Specifies hours of access for interactive logins from local
   terminals. For a description of the range specification, see the
   /ACCESS qualifier. By default, there are no access restrictions on
   local logins.

/MAXACCTJOBS

      /MAXACCTJOBS=value

   Specifies the maximum number of batch, interactive, and detached
   processes that may be active at one time for all users of the same
   account. By default, a user has a maximum of 0, which represents
   an unlimited number.

/MAXDETACH

      /MAXDETACH=value

   Specifies the maximum number of detached processes with the
   cited user name that may be active at one time. The keyword NONE
   indicates the user cannot create detached processes. By default, a
   user has a value of 0, which represents an unlimited number.

/MAXJOBS

      /MAXJOBS=value

   Specifies the maximum number of processes (interactive, batch,
   detached, and network) with the cited user name that may be active
   simultaneously. The first four network jobs are not counted. By
   default, a user has a maximum value of 0, which represents an
   unlimited number.

/MODIFY_IDENTIFIER

      /MODIFY_IDENTIFIER (default)
      /NOMODIFY_IDENTIFIER

   Specifies whether the identifier associated with the cited user
   is to be modified in the rights database. This qualifier only
   applies when you modify the UIC or user name in the UAF record. By
   default, the associated identifiers are modified.

/NETWORK

      /NETWORK[=(range[,...])]

   Specifies hours of access for network batch jobs. For a
   description of the range specification, see the /ACCESS qualifier.
   By default, there are no access restrictions on network logins.

/OWNER

      /OWNER=owner-name

   Specifies the name of the owner of the account. This name can
   be used, for example, for billing purposes. The owner-name is 1
   through 31 characters and there is no default.

/PASSWORD

      /PASSWORD=(password1[,password2])
      /NOPASSWORD

   Specifies up to two passwords for login. Passwords can be from
   0 to 32 characters in length, and can include alphanumeric
   characters, dollar signs, and underscores.

   To set only the first password, specify /PASSWORD=password. To set
   both the first and second password, specify /PASSWORD=(password1,
   password2). To change the first password without affecting the
   second, specify /PASSWORD=(password, ""). To change the second
   password without affecting the first, specify /PASSWORD=("",
   password). To set both passwords to null, specify /NOPASSWORD.

   By default, the ADD command assigns a password of 'USER'. When
   creating a new UAF record with the COPY or RENAME command, you
   must specify a password.

/PGFLQUOTA

      /PGFLQUOTA=value

   Specifies the paging file limit. This is the maximum number of
   pages that the person's process can use in the system paging file.
   By default, the value is 10,240.

/PRCLM

      /PRCLM=value

   Specifies the subprocess creation limit. This is the maximum
   number of subprocesses that can exist at one time for the
   specified user's process. By default, the value is 2.

/PRIMEDAYS

      /PRIMEDAYS=([NO]day[,...])

   Defines the primary and secondary days of the week for logging
   in. A day prefixed with NO is a secondary day; without a NO it
   is a primary day. Specify the days as a list separated by commas
   and enclosed in parentheses. Use the primary and secondary day
   definitions in conjunction with such qualifiers as /ACCESS,
   /INTERACTIVE, and /BATCH. By default, primary days are Monday
   through Friday and the secondary days are Saturday and Sunday. Any
   days omitted from the list take their default value.

/PRIORITY

      /PRIORITY=value

   Specifies the default base priority. The value is an integer in
   the range of 0 through 31. By default, the value is set to 4 for
   timesharing users.

/PRIVILEGES

      /PRIVILEGES=([NO]privname[,...])

   Specifies which privileges the user is authorized to hold although
   these privileges are not necessarily enabled at login. (The
   /DEFPRIVILEGES determines which are enabled). A NO prefix removes
   the privilege from the user. The keyword NOALL disables all user
   privileges. There are many privileges available with varying
   degrees of power and potential system impact. Please see the Guide
   to VMS System Security for a detailed discussion. By default, a
   user holds TMPMBX and NETMBX privileges.

/PWDEXPIRED

      /PWDEXPIRED (default)
      /NOPWDEXPIRED

   Specifies the password is valid for only one login. Users must
   change their passwords immediately after login or be locked out of
   the system. For a week prior to expiration, the VMS system warns
   users of the upcoming password expiration. They can either specify
   a new password during the week with the DCL command SET PASSWORD
   or wait until expiration and be forced to change. By default, a
   user has to change a password when first logging in to an account.

/PWDLIFETIME

      /PWDLIFETIME=time (default)
      /NOPWDLIFETIME

   Specifies the length of time a password is valid. You must specify
   a delta-time value, which takes the form [dddd-] [hh:mm:ss.cc].
   For example, a lifetime of 120 days, 0 hours, 0 seconds would
   be expressed as /PWDLIFETIME="120-", whereas a lifetime of 120
   days 12 hours, 30 minutes and 30 seconds would be expressed as
   /PWDLIFETIME="120-12:30:30". If a period longer than the specified
   time has elapsed when the user logs in, a warning message is
   displayed, and the password is marked as expired. A time equal to
   NONE means that the password never expires. By default, a password
   expires in 90 days.

/PWDMINIMUM

      /PWDMINIMUM=value

   Specifies the minimum password length in characters. By default, a
   password must have at least 6 characters.

/REMOTE

      /REMOTE[=(range[,...])]

   Specifies hours during which access is permitted for interactive
   logins from network remote terminals (with the DCL command SET
   HOST). For a description of the range specification, see the
   /ACCESS qualifier. By default, remote logins have no access
   restrictions.

/SHRFILLM

      /SHRFILLM=value

   Specifies the maximum number of shared files the user may have
   open at one time. By default, VMS assigns a value of 0, which
   represents an infinite number.

/TQELM

   Specifies the total number of entries in the timer queue plus the
   number of temporary common event flag clusters that the user can
   have at one time. By default, a user can have 10.

/UIC

      /UIC=value

   Specifies the user identification code (UIC). The UIC value is
   a group number in the range 1-37776 (octal) and a member number
   in the range 0-177776 (octal), which are separated by a comma
   and enclosed in brackets. Each user should have a unique UIC. By
   default, the UIC value is [200,200].

/WSDEFAULT

      /WSDEFAULT=value

   Specifies the default working set size. This represents the
   initial limit to the number of physical pages the process can
   use. The minimum value is 50 pages. By default, a user has 150
   pages.

/WSEXTENT

      /WSEXTENT=value

   Specifies the working set maximum. This represents the maximum
   amount of physical memory allowed to the process. The system
   provides memory to a process beyond its working set quota only
   when it has excess free pages. The additional memory is recalled
   by the system if needed. The value is an integer equal to or
   greater than WSQUOTA. By default, the value is 512.

/WSQUOTA

      /WSQUOTA=value

   Specifies the working set quota. This is the maximum amount of
   physical memory a user process can lock into its working set. It
   also represents the maximum amount of swap space that the system
   reserves for this process and the maximum amount of physical
   memory that the system allows the process to consume if the
   system-wide memory demand is significant. The minimum value is
   50 pages. By default, the quota is 256.

Examples

   1.  UAF> MODIFY ROBIN /PASSWORD=SP0172
       %UAF-I-MDFYMSG, user record(s) updated

     The command in this example changes the password for user ROBIN
     without altering any other values in the record.

/IDENTIFIER

   Modifies an identifier name, associated value, or its attributes
   in the rights database.

   Format

     MODIFY/IDENTIFIER  id-name

Additional information available:

ParameterQualifiersExamples

Parameter

id-name
   Specifies the name of an identifier to be modified.

Qualifiers

Additional information available:

/ATTRIBUTES/HOLDER/NAME/VALUE

/ATTRIBUTES
      /ATTRIBUTES=(keyword[,...])

   Specifies attributes to be associated with the modified
   identifier. The following are valid keywords:

   [NO]RESOURCE  Determines whether holders of the identifier can
                 charge resources to it.

                 If you specify RESOURCE, a holder named with
                 the /HOLDER qualifier gains the right to charge
                 resources to the identifier. If you specify
                 NORESOURCE, the holder loses the right to charge
                 resources. If you specify NORESOURCE and do not
                 name any holder (if /HOLDER is not specified), all
                 holders lose the right to charge resources. The
                 default is NORESOURCE.

   [NO]DYNAMIC   Determines whether unprivileged holders of the
                 identifier can add or remove it from the process
                 rights list. The default is NODYNAMIC.

/HOLDER
      /HOLDER=username

   Specifies the holder of an identifier whose attributes are to be
   modified. The /HOLDER qualifier is used only in conjunction with
   the /ATTRIBUTES qualifier. If you specify /HOLDER, the /NAME and
   /VALUE qualifiers are ignored.

/NAME
      /NAME=new-id-name

   Specifies a new identifier name to be associated with the
   identifier.

/VALUE
      /VALUE=value-specifier

   Specifies a new identifier value. Note that an identifier value
   cannot be modified from a UIC to a non-UIC format or vice versa.
   The following are valid formats for the value-specifier:

   IDENTIFIER:integer  An integer value in the range of 65,536 to
                       268,435,455. You can also specify the value
                       in hexadecimal (precede the value with %X) or
                       octal (precede the value with %O).

                       Note that %X80000000 is added to the value
                       you specify in order to differentiate general
                       identifiers from UIC identifiers.

   UIC:uic             A UIC value in the standard UIC format.

Examples

   1.  UAF> MODIFY/IDENTIFIER OLD_ID /NAME=NEW_ID
       %UAF-I-RDBMDFYMSG, identifier OLD_ID modified

     The command in this example changes the name of the OLD_ID
     identifier to NEW_ID.

/PROXY

   Modifies an entry in the network proxy authorization file
   (NETPROXY.DAT) to specify a different local account as the default
   proxy account for the remote user or to specify that there is no
   default proxy account for the remote user.

   Format

     MODIFY/PROXY  node::remote-user

Additional information available:

ParametersQualifierExample

Parameters

node
   Specifies a node name (1 through 6 alphanumeric characters). If
   you specify an asterisk, the specified remote user on all nodes is
   served by the local user.

remote-user
   Specifies the user name of a user at a remote node. If you specify
   an asterisk, all users at the specified node are served by the
   local-user.

   For non-VMS systems which implement DECnet Phase IV+, specifies
   the UIC of a user at a remote node. You can specify a wildcard
   asterisk in the group and member fields of the UIC.

Qualifier

Additional information available:

/DEFAULT

/DEFAULT
      /DEFAULT[=local-user]
   /NODEFAULT

   Designates the default user name on the local node through which
   proxy access from the remote user is directed. If /NODEFAULT is
   specified, removes the default designation.

Example

   UAF> MODIFY/PROXY MISHA::MARCO /DEFAULT=JOHNSON
   %UAF-I-NAFADDMSG, record successfully modified in NETPROXY.DAT

     The command in this example changes the default proxy account
     for user MARCO on the remote node MISHA to the JOHNSON account.

/SYSTEM_PASSWORD

   Changes the system password in the same manner as the DCL command
   SET PASSWORD/SYSTEM.

   Format

     MODIFY/SYSTEM_PASSWORD=system-password

Additional information available:

ParameterExample

Parameter

system-password
   Specifies the new system password.

Example

   UAF> MODIFY/SYSTEM_PASSWORD=ABRACADABRA
   UAF>

     This command changes the system password to ABRACADABRA.

REMOVE

   Deletes a SYSUAF user record and corresponding identifiers in the
   rights database. The DEFAULT and SYSTEM records cannot be deleted.

   Format

     REMOVE  username

Additional information available:

ParameterQualifierExample

/IDENTIFIER/PROXY

Parameter

username
   Specifies the name of a user in the SYSUAF.

Qualifier

Additional information available:

/REMOVE_IDENTIFIER

/REMOVE_IDENTIFIER

      /REMOVE_IDENTIFIER (default)
      /NOREMOVE_IDENTIFIER

   Specifies whether the user name and account name identifiers
   should be removed from the rights database when a record is
   removed from the UAF. If there are two UAF records with the same
   UIC, the user name identifier is removed only when the second
   record is deleted. Similarly, the account name identifier is
   removed only if there are no remaining UAF records with the same
   group as the deleted record.

Example

   UAF> REMOVE ROBIN
   %UAF-I-REMMSG, record removed from SYSUAF.DAT
   %UAF-I-
RDBREMMSGU, identifier ROBIN value: [000014,000006] removed from
     RIGHTSLIST.DAT

     The command in this example deletes the record for user ROBIN
     from the SYSUAF and ROBIN's UIC identifier from RIGHTSLIST.DAT.

/IDENTIFIER

   Removes an identifier from the rights database.

   Format

     REMOVE/IDENTIFIER  id-name

Additional information available:

ParameterExample

Parameter

id-name
   Specifies the name of an identifier in the rights database.

Example

   UAF> REMOVE/IDENTIFIER Q1SALES
   %UAF-I-RDBREMMSGU, identifier Q1SALES value %X80010024 removed from
     RIGHTSLIST.DAT

     The command in this example removes the identifier Q1SALES from
     the rights database. All of its holder records are removed with
     it.

/PROXY

   Deletes network proxy access for the specified remote user.

   Format

     REMOVE/PROXY  node::remote-user [local-user,...]

Additional information available:

ParametersExample

Parameters

node
   Specifies the name of a network node in the network UAF.

remote-user
   Specifies the user name or UIC of a user on a remote node. The
   asterisk wildcard character is permitted in the remote-user
   specification.

local-user
   Specifies the user name of from 1 to 16 users on the local node.
   If no local user is specified, proxy access to all local accounts
   is removed.

Example

   UAF> REMOVE/PROXY MISHA::MARCO
   %UAF-I-NAFDONEMSG, record removed from NETPROXY.DAT

     The command in this example deletes the record for MISHA::MARCO
     from the network proxy authorization file, removing all proxy
     access to the local node for user MARCO on node MISHA.

RENAME

   Changes the user name of the SYSUAF record (and, if specified, the
   corresponding identifier) while retaining the characteristics of
   the old record.

   Format

     RENAME  oldusername newusername

Additional information available:

ParametersQualifiersExamples

/IDENTIFIER

Parameters

oldusername
   Specifies the name of a user currently in the SYSUAF.

newusername
   Specifies the new name for the user. It can contain 1 through 12
   alphanumeric characters and underscores. Although dollar signs are
   permitted, they are usually reserved for system names.

Qualifiers

Additional information available:

/GENERATE_PASSWORD/MODIFY_IDENTIFIER/PASSWORD

/GENERATE_PASSWORD

      /GENERATE_PASSWORD[=keyword]
      /NOGENERATE_PASSWORD (default)

   Invokes the password generator to create user passwords. Generated
   passwords can consist of 1 to 10 characters. Specify one of the
   following keywords:

   BOTH       Generate primary and secondary passwords.

   CURRENT    Do whatever the DEFAULT account does. This could mean
              to generate primary, secondary, both, or no passwords.
              This is the default keyword.

   PRIMARY    Generate primary password only.

   SECONDARY  Generate secondary password only.

   Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are
   mutually exclusive, and whenever you modify a password, the old
   one expires automatically and the new one is valid only once. On
   login, users are forced to change their passwords.

/MODIFY_IDENTIFIER

      /MODIFY_IDENTIFIER (default)
      /NOMODIFY_IDENTIFIER

   Specifies whether the identifier associated with the cited user
   is to be modified in the rights database. This qualifier only
   applies when you modify the UIC or user name in the UAF record. By
   default, the associated identifiers are modified.

/PASSWORD

      /PASSWORD=(password1[,password2])
      /NOPASSWORD

   Specifies up to two passwords for login. Passwords can be from
   0 to 32 characters in length, and can include alphanumeric
   characters, dollar signs, and underscores.

   To set only the first password, specify /PASSWORD=password. To set
   both the first and second password, specify /PASSWORD=(password1,
   password2). To change the first password without affecting the
   second, specify /PASSWORD=(password, ""). To change the second
   password without affecting the first, specify /PASSWORD=("",
   password). To set both passwords to null, specify /NOPASSWORD.

   By default, the ADD command assigns a password of 'USER'. When
   creating a new UAF record with the COPY or RENAME command, you
   must specify a password.

Examples

   1.  UAF> RENAME HAWKES KRAMERDOVE/PASSWORD=MARANNKRA
       %UAF-I-PRACREN, proxies to HAWKES renamed
       %UAF-I-RENMSG, user record renamed
       %UAF-I-RDBMDFYMSG, identifier HAWKES modified

     The command in this example changes the name of the account
     Hawkes to Kramerdove, modifies the user name identifier for the
     account, and renames all proxies to the account.

/IDENTIFIER

   Renames an identifier in the rights database.

   Format

     RENAME/IDENTIFIER  current-id-name new-id-name

Additional information available:

ParametersExample

Parameters

current-id-name
   Specifies the name of an identifier to be renamed.

new-id-name
   Specifies the new name for the identifier.

Example

   UAF> RENAME/IDENTIFIER Q1SALES Q2SALES
   %UAF-I-RDBMDFYMSG, identifier Q1SALES modified

     The command in this example renames the identifier Q1SALES to
     Q2SALES.

REVOKE

Additional information available:

/IDENTIFIER

/IDENTIFIER

   Takes an identifier away from a user.

   Format

     REVOKE/IDENTIFIER  id-name user-spec

Additional information available:

ParametersExample

Parameters

id-name
   Specifies the identifier name. The identifier name is a string of
   1 through 31 alphanumeric characters that may contain underscores
   and dollar signs. The name must contain at least one nonnumeric
   character.

user-spec
   Specifies the UIC identifier that uniquely identifies the user
   on the system. This type of identifier appears in alphanumeric
   format, for example, [GROUP1,JONES].

Example

   UAF> REVOKE/IDENTIFIER INVENTORY CRAMER
   %UAF-I-REVOKEMSG, identifier INVENTORY revoked from CRAMER

     The command in this example revokes the identifier INVENTORY
     from the user Cramer. Cramer loses the identifier and any
     resources associated with it.

     Note that, since rights identifiers are stored in numeric
     format, it is not necessary to change records for users holding
     a renamed identifier.

SHOW

   Displays reports for selected UAF records on the current
   SYS$OUTPUT device.

   Format

     SHOW  user-spec

Additional information available:

ParameterQualifiersExample

/IDENTIFIER/PROXY/RIGHTS

Parameter

user-spec
   Specifies the user name or UIC of the desired UAF record. If you
   omit the user-spec parameter, the UAF records of all users are
   listed. The asterisk and percent sign wildcard characters are
   permitted in the user name.

Qualifiers

Additional information available:

/BRIEF/FULL

/BRIEF

   Specifies that a brief report be displayed. If you omit the /BRIEF
   qualifier, a full report is displayed.

/FULL

   Specifies that a full report be displayed, including identifiers
   held by the user. Full reports include the details of the limits,
   privileges, login flags, and the command interpreter as well as
   the identifiers held by the user. The password is never listed.

Example

   UAF> SHOW ROBIN

     The command in this example displays a full report for the
     user ROBIN. The display corresponds to the first example in the
     description of the ADD command. Note that most defaults are in
     effect.

         Username: ROBIN                            Owner:  JOSEPH ROBIN
         Account:  VMS                              UIC:    [14,6] ([INV,ROBIN])
         CLI:      DCL                              Tables: DCLTABLES
         Default:  SYS$USER:[ROBIN]
         LGICMD:
         Login Flags:
         Primary days:   Mon Tue Wed Thu Fri
         Secondary days:                     Sat Sun
         No access restrictions
         Expiration:            (none)    Pwdminimum:  6   Login Fails:     0
         Pwdlifetime:           (none)    Pwdchange:   15-APR-1989 14:08
         Last Login:            (none) (interactive),      (none) (non-interactive)
         Maxjobs:         0  Fillm:        20  Bytlm:        12480
         Maxacctjobs:     0  Shrfillm:      0  Pbytlm:           0
         Maxdetach:       0  BIOlm:         6  JTquota:       1024
         Prclm:           2  DIOlm:         6  WSdef:          300
         Prio:            4  ASTlm:        10  WSquo:          350
         Queprio:         0  TQElm:        10  WSextent:       700
         CPU:        (none)  Enqlm:        30  Pgflquo:      12480
         Authorized Privileges:
           TMPMBX NETMBX
         Default Privileges:
           TMPMBX NETMBX
         Identifier                         Value            Attributes
           CLASS_CA101                      %X80010032       NORESOURCE NODYNAMIC
           CLASS_PY102                      %X80010049       NORESOURCE NODYNAMIC

                                  NOTE

      The quotas Pbytlm and Queprio are not implemented for
      Version 5.5.

/IDENTIFIER

   Displays information about an identifier, such as its name, value,
   attributes, and holders, on the current SYS$OUTPUT device.

   Format

     SHOW/IDENTIFIER  [id-name]

Additional information available:

ParameterQualifiersExample

Parameter

id-name
   Specifies an identifier name. The identifier name is a string of
   1 through 31 alphanumeric characters that may contain underscores
   and dollar signs. The name must contain at least one nonnumeric
   character. If you omit the identifier name, you must specify /USER
   or /VALUE.

Qualifiers

Additional information available:

/BRIEF/FULL/USER/VALUE

/BRIEF
   Specifies a brief listing, in which only the identifier name,
   value, and attributes are displayed. The default format is /BRIEF.

/FULL
   Specifies a full listing in which the names of the identifier's
   holders are displayed along with the identifier's name, value, and
   attributes.

/USER
      /USER=user-spec

   Specifies one or more users whose identifiers are to be displayed.
   User-spec can be a user name or a UIC. You can use the asterisk
   wildcard to specify multiple UICs or all user names. UICs must
   be in the form [*,*], [n,*], [*,n], or [n,n]. A wildcard user
   name specification (*)  displays identifiers alphabetically by
   user name; a wildcard UIC specification ([*,*]) displays them
   numerically by UIC.

/VALUE
      /VALUE=value-specifier

   Specifies the value of the identifier to be listed. The following
   are valid formats for the value-specifier:

   IDENTIFIER:integer  An integer value in the range of 65,536 to
                       268,435,455. You may also specify the value
                       in hexadecimal (precede the value with %X) or
                       octal (precede the value with %O).

                       Note that %X80000000 is added to the value
                       you specify in order to differentiate general
                       identifiers from UIC identifiers.

   UIC:uic             A UIC value in the standard UIC format.

Example

   UAF> SHOW/IDENTIFIER/FULL INVENTORY

     The command in this example would produce output similar to the
     following:

         Name               Value           Attributes
         INVENTORY          %X80010006      NORESOURCE NODYNAMIC
           Holder            Attributes
           ANDERSON          NORESOURCE NODYNAMIC
           BROWN             NORESOURCE NODYNAMIC
           CRAMER            NORESOURCE NODYNAMIC

/PROXY

   Displays all authorized proxy access for the specified remote
   user.

   Format

     SHOW/PROXY  node::remote-user

Additional information available:

ParametersExample

Parameters

node
   Specifies the name of a network node in the network proxy
   authorization file. The asterisk wildcard is permitted in the
   node specification.

remote-user
   Specifies the user name or UIC of a user on a remote node. The
   asterisk wildcard is permitted in the remote-user specification.

Example

   UAF> SHOW/PROXY SAMPLE::[200,100]

    Default proxies are flagged with an *

   SAMPLE::[200,100]
        MARCO *                              PROXY2
        PROXY3

     The command in this example displays all authorized proxy
     access for the user on node SAMPLE with a UIC of [200,100].
     The default proxy account can be changed from MARCO to PROXY2
     or PROXY3 with the MODIFY/PROXY command.

/RIGHTS

   Displays the identifiers held by the specified identifiers or, if
   /USER is specified, all identifiers held by the specified users.

   Format

     SHOW/RIGHTS  [user-spec]

Additional information available:

ParameterQualifierExample

Parameter

[user-spec]
   The name of the identifier associated with the user. Specify the
   identifier in UIC format. If you omit the identifier name, you
   must specify the /USER qualifier.

Qualifier

Additional information available:

/USER

/USER
      /USER=user-spec

   Specifies one or more users whose identifiers are to be listed.
   User-spec can be a user name or a UIC. You can use the asterisk
   wildcard to specify multiple UICs or all user names. UICs must
   be in the form [*,*], [n,*], [*,n], or [n,n]. A wildcard user
   name specification (*)  or wildcard UIC specification ([*,*])
   displays all identifiers held by users. The wildcard user name
   specification displays holders' user names alphabetically; the
   wildcard UIC specification displays them in the numerical order of
   their UICs.

Example

   UAF> SHOW/RIGHTS ANDERSON

     This command displays all identifiers held by the user
     ANDERSON. For example:

         Name                Value           Attributes
         INVENTORY           %X80010006      NORESOURCE NODYNAMIC
         PAYROLL             %X80010022      NORESOURCE NODYNAMIC

     Note that the following formats of the command produce the same
     result:

   SHOW/RIGHTS/USER=ANDERSON

   SHOW/RIGHTS/USER=[300,015]

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026