1748224 Members
4308 Online
108759 Solutions
New Discussion юеВ

Re: Identifiers

 
SOLVED
Go to solution
Swain
Regular Advisor

Identifiers

I deleted one identifier mistakenly.

how can I retrieve the same without informing users?

UAF> remove/id
_id_name: Access$user
%UAF-I-RDBREMMSG, identifier ACCESS$USER value %X8001004F removed from rights database

It's urgent.

Thanks,
Amaresh
10 REPLIES 10
Jeremy Begg
Trusted Contributor
Solution

Re: Identifiers

I usually find honesty is the best policy in such cases ... but your environment may differ!

Try this:

$ mcr authorize add/ident access$user /value=id:%x1004f

Note that identifiers often have attributes such as RESOURCE or DYNAMIC. If you know this identifier had one or more attributes you should specify them on the command line, e.g.

$ mcr authorize add/ident access$user /value=id:%x1004f /attr=resource

Regards,
Jeremy Begg
Swain
Regular Advisor

Re: Identifiers

I tried adding the same identifier with same value...

UAF> ADD /IDENTIFIER/ATTRIBUTES=(RESOURCE)/VALUE=IDENTIFIER:%X8001004F ACCESS$USER
%UAF-E-BADVALUE, error in value specification \-2147418033\


but got error
Swain
Regular Advisor

Re: Identifiers

done..

I had to omit 800 in %X8001004F

Thanks a lot!!
Swain
Regular Advisor

Re: Identifiers

one more query..

where do the identifiers store?
can we check the rights database?
can we add usernames to a particular identifier without GRANT command?
e.g. in this particular case, how can I add the users previously holding this ACCESS$USER id?

Thanks,
Amaresh
Craig A
Valued Contributor

Re: Identifiers

You need to restore RIGHTSLIST.DAT from the last good backup prior to you issuing the REMOVE/IDENT command.

Craig A
Robert Gezelter
Honored Contributor

Re: Identifiers

Amaresh,

With all due respect to Craig, I must demur with the suggestion contained in his post to "... restore RIGHTSLIST.DAT from the last good backup ..."

Restoring RIGHTSLIST.DAT in-place will destroy any other changes that have been made to the file in the interim. To verify the precise nature of the RIGHTSLIST definition for ACCESS$USER, restore the RIGHTSLIST.DAT file from the last backup to a scratch location, define the process logical name RIGHTSLIST to point to the restored file, and do a full SHOW command on the identifier.

Once one has that information, one can conform the definition of ACCESS$USER in the active RIGHTSLIST to the contents of the RIGHTSLIST from the backup.

- Bob Gezelter, http://www.rlgsc.com
Craig A
Valued Contributor

Re: Identifiers

100% spot-on Robert. And silly me for not making it crystal clear that you should not restore RIGHTSLIST.DAT to its real location.

Craig A
Swain
Regular Advisor

Re: Identifiers

Thanks a lot Robert, Craig!

It worked.

Regards,
Amaresh
John Gillings
Honored Contributor

Re: Identifiers

It's safer to omit the values and attributes:

$ MCR AUTHIORIZE ADD/IDENT/USER=ACCESS$USER

This will fill in the correct attributes and values for a UIC identifier.

If you have "standard" identifiers (ie: identifier name same as the corresponding username), this is quite safe to do at any time. Worst case is it won't add the identifier because it already exists.

Indeed, you can "repair" your RIGHTSLIST with

$ MCR AUTHIORIZE ADD/IDENT/USER=*

This will scan all users and create any missing identifiers.
A crucible of informative mistakes