HPE Community
Operating System - OpenVMS
1753863 Members
7373 Online
108809 Solutions
New Discussion юеВ

Add an additional rights to a VMS account

 
SOLVED
Go to solution
Jorge Cocomess
Super Advisor

тАО10-04-2006 03:16 AM

тАО10-04-2006 03:16 AM

Add an additional rights to a VMS account

Hi,

I need to give addtional rights to an existing VMS account with Identifier Value Attributes
ORA_SGA %X80010002
ORA_DBA %X80010001

I really need to know the commands to do this modifications.

Thank you in advance.
Jorge
0 Kudos
Reply
8 REPLIES 8
Hein van den Heuvel
Honored Contributor

тАО10-04-2006 03:41 AM

тАО10-04-2006 03:41 AM

Solution

Re: Add an additional rights to a VMS account

- You are not supposed to hand out ORA_SGA
- The specific values are NOT critial.

Anway... Just ask Oracle!

Specically, just type in ORA_SGA at the METALINK search prompt.

All you need to know, and some more!
It will find for example:

VMS: QUICK START GUIDE: Alpha Open VMS - Oracle 9.0.1.0.0
Doc ID: Note:174248.1

Which reads:
"---3. Add Identifiers in the Rightslist using the SYSUAF Utility.

Verify ORA_SGA is added to the SYSUAF Rightslist. This identifier
is NOT granted to any users.
Ex: Add/identifier ORA_SGA"



And searching for ORA_DBA finds:

" How to Add and Grant Privileges:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1) Add a process rights identifier, i.e.:
$ SET DEFAULT SYS$SYSTEM:
$ RUN AUTHORIZE
UAF> ADD/IDENTIFIER ORA_DBA
%UAF-I-RDBADDMSG, identifier ORA_DBA value %X80010008 added to rights database

2) Grant the process rights identifier, i.e.:

UAF>GRANT/IDENTIFIER ORA_DBA
where is the account name"

Good luck,
Hein.
Reply
james_a_wells
Occasional Advisor

тАО10-04-2006 03:49 AM

тАО10-04-2006 03:49 AM

Re: Add an additional rights to a VMS account


use

$ MC AUTHORIZE
UAF> GRANT/IDENTIFIER %X80010002 ORA_SGA
UAF> GRANT/IDENTIFIER %X80010001 ORA_SGA

and to remove

UAF> REVOKE/IDENTIFIER %X80010002 ORA_SGA
UAF> REVOKE/IDENTIFIER %X80010001 ORA_SGA

0 Kudos
Reply
Jorge Cocomess
Super Advisor

тАО10-04-2006 06:24 AM

тАО10-04-2006 06:24 AM

Re: Add an additional rights to a VMS account

Here's the results when I tried to add identifier for ORA_SGA

UAF> GRANT/IDENTIFIER %X80010002 ORA_SGA
%UAF-E-GRANTERR, unable to grant identifier %X80010002 to ORA_SGA
-SYSTEM-F-IVIDENT, invalid identifier format
UAF> GRANT/IDENTIFIER %X80010001 ORA_SGA
%UAF-E-GRANTERR, unable to grant identifier %X80010001 to ORA_SGA
-SYSTEM-F-IVIDENT, invalid identifier format
0 Kudos
Reply
Hein van den Heuvel
Honored Contributor

тАО10-04-2006 06:47 AM

тАО10-04-2006 06:47 AM

Re: Add an additional rights to a VMS account


READ the ORACLE doc / metalinks

READ the error message

USE the HELP in VMS.

$MCR AUTHORIZE
UAF> HELP GRANT

Regards,
Hein.
0 Kudos
Reply
Daniel Fernandez Illan
Trusted Contributor

тАО10-04-2006 08:49 PM

тАО10-04-2006 08:49 PM

Re: Add an additional rights to a VMS account

Jorge
read Hein message

UAF>help grant/id
Parameters



id-name

Specifies the identifier name. The identifier name is a string
of 1 to 31 alphanumeric characters that can contain underscores
and dollar signs. The name must contain at least one nonnumeric
character.

If you have defined ORA_SGA identifier, you can grant to a VMS account using:

UAF>grant/id ora_sga

Saludos.
Daniel.
Reply
james_a_wells
Occasional Advisor

тАО10-04-2006 09:32 PM

тАО10-04-2006 09:32 PM

Re: Add an additional rights to a VMS account


if you use

$ pipe mc authorize show/ident/brief * | search sys$input %X80010002

this will bring up the identifier name
assigned to the value %X80010002

i.e

ADMIN %X80010002

then use
GRANT/IDENTIFIER ADMIN [100,113]
OR GRANT/IDENTIFIEr ADMIN CRAMER

where [100,113] is the UIC of the USER
where CRAMER is the name of the user
where ADMIN was the returned identifier name

in your case

GRANT/IDENTIFIER ADMIN ORA_SGA

Repeat the process for %X80010001 and
ORA_DBA


Reply
Hein van den Heuvel
Honored Contributor

тАО10-04-2006 10:50 PM

тАО10-04-2006 10:50 PM

Re: Add an additional rights to a VMS account

James,

I beg to differ. Jorge should not focus on the number, but on the name. The system will hand out a number when the identifier is created. From then on, just use the name.

Hein.
Reply
Jan van den Ende
Honored Contributor

тАО10-05-2006 07:19 AM

тАО10-05-2006 07:19 AM

Re: Add an additional rights to a VMS account

Yeah...

This is a perfect demonstration why I _HATE_ the

MC AUTHORIZE ADD/IDEN
without explicit /VALUE clause.

reasons:

- do it on 2 different systems.
BACKUP something from A to B trying to retain security by using /OWN=Original
... The _NUMERIC_ values are retained, but usually mean something different!

- merge two different system. (just see the various threads on the issue to get a feel of the relevance!) Ident values meaning different things on different systems? LOTS of "joy"!

- REMOVE an identifier. (any ACEs refering it are still there, now displaying the numeric value).
Some time later, ADD a (completely unrelated) identifier. The available value is re-used, and... any previoous ACEs refering yhat value happily apply for the new ident!

We ALWAYS create ident with /VALUE=IDENT=
For we have a routine that convert the 1st 4 chars to the first 6 chars of valid id values. The last 2 hex digits are available for subdivisions thereoff.
We tend to not REMOVE idents (regrattably, not rigidly enough).

Merging systems now becomes easy, as is tranfer while maintaining ACLs.

But, it has to be set up so from the start.

hth

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.