topic Re: Identifiers in Operating System - OpenVMS

Identifiers

Swain — Thu, 23 Jul 2009 06:31:32 GMT

I deleted one identifier mistakenly.

how can I retrieve the same without informing users?

UAF> remove/id
_id_name: Access$user
%UAF-I-RDBREMMSG, identifier ACCESS$USER value %X8001004F removed from rights database

It's urgent.

Thanks,
Amaresh

Re: Identifiers

Jeremy Begg — Thu, 23 Jul 2009 06:42:04 GMT

I usually find honesty is the best policy in such cases ... but your environment may differ!

Try this:

$ mcr authorize add/ident access$user /value=id:%x1004f

Note that identifiers often have attributes such as RESOURCE or DYNAMIC. If you know this identifier had one or more attributes you should specify them on the command line, e.g.

$ mcr authorize add/ident access$user /value=id:%x1004f /attr=resource

Regards,
Jeremy Begg

Re: Identifiers

Swain — Thu, 23 Jul 2009 06:54:26 GMT

I tried adding the same identifier with same value...

UAF> ADD /IDENTIFIER/ATTRIBUTES=(RESOURCE)/VALUE=IDENTIFIER:%X8001004F ACCESS$USER
%UAF-E-BADVALUE, error in value specification \-2147418033\

but got error

Re: Identifiers

Swain — Thu, 23 Jul 2009 06:57:15 GMT

done..

I had to omit 800 in %X8001004F

Thanks a lot!!

Re: Identifiers

Swain — Thu, 23 Jul 2009 07:00:35 GMT

one more query..

where do the identifiers store?
can we check the rights database?
can we add usernames to a particular identifier without GRANT command?
e.g. in this particular case, how can I add the users previously holding this ACCESS$USER id?

Thanks,
Amaresh

Re: Identifiers

Craig A — Thu, 23 Jul 2009 07:04:44 GMT

You need to restore RIGHTSLIST.DAT from the last good backup prior to you issuing the REMOVE/IDENT command.

Craig A

Re: Identifiers

Robert Gezelter — Thu, 23 Jul 2009 10:35:02 GMT

Amaresh,

With all due respect to Craig, I must demur with the suggestion contained in his post to "... restore RIGHTSLIST.DAT from the last good backup ..."

Restoring RIGHTSLIST.DAT in-place will destroy any other changes that have been made to the file in the interim. To verify the precise nature of the RIGHTSLIST definition for ACCESS$USER, restore the RIGHTSLIST.DAT file from the last backup to a scratch location, define the process logical name RIGHTSLIST to point to the restored file, and do a full SHOW command on the identifier.

Once one has that information, one can conform the definition of ACCESS$USER in the active RIGHTSLIST to the contents of the RIGHTSLIST from the backup.

- Bob Gezelter, http://www.rlgsc.com

Re: Identifiers

Craig A — Thu, 23 Jul 2009 11:31:59 GMT

100% spot-on Robert. And silly me for not making it crystal clear that you should not restore RIGHTSLIST.DAT to its real location.

Craig A

Re: Identifiers

Swain — Thu, 23 Jul 2009 11:57:26 GMT

Thanks a lot Robert, Craig!

It worked.

Regards,
Amaresh

Re: Identifiers

John Gillings — Fri, 24 Jul 2009 04:30:05 GMT

It's safer to omit the values and attributes:

$ MCR AUTHIORIZE ADD/IDENT/USER=ACCESS$USER

This will fill in the correct attributes and values for a UIC identifier.

If you have "standard" identifiers (ie: identifier name same as the corresponding username), this is quite safe to do at any time. Worst case is it won't add the identifier because it already exists.

Indeed, you can "repair" your RIGHTSLIST with

$ MCR AUTHIORIZE ADD/IDENT/USER=*

This will scan all users and create any missing identifiers.

Re: Identifiers

Hoff — Fri, 24 Jul 2009 10:29:08 GMT

Um, AUTHIORIZE? John meant AUTHORIZE.