HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
cancel
Showing results for 
Search instead for 
Did you mean: 

Identifiers

 
FOX MULDER_2
Frequent Advisor

Identifiers

Each time I try to add I get this error :
UAF> grant /id payroll fox
%UAF-E-GRANTUSR, user identifier FOX does not exist; PAYROLL could not be granted
-SYSTEM-F-NOSUCHID, unknown rights identifier
UAF> sh /id payroll
Name Value Attributes
PAYROLL %X80080011
UAF>

Anyway to overcome this ?
13 REPLIES
Steven Schweda
Honored Contributor

Re: Identifiers

> [...] user identifier FOX does not exist
> [...]

> PAYROLL %X80080011

What about FOX?
Hein van den Heuvel
Honored Contributor

Re: Identifiers

Are you looking at the right SYSUAF.DAT?
Either in SYS$SYSTEM, or as pointed to by the system, exec mode logical sysuaf?
Authorize will happiliy follow an erroneous process logical name for sysuaf... but loginout will not.

Does user FOX exist in the real SYSUAF?
The first error message suggests it does not exist in the curent SYSUAF.
The second error message is a little misleading in that it points to the rights indentifier even if an unknown user identifier was the root cause.

Hein.


Bill Hall
Honored Contributor

Re: Identifiers

We certainly don't know what has been done to the user account "FOX", but

$mcr authorize add/identifier/user=fox
or
$mcr authorize add/identifier/user=[n,n]

might fix it.

Bill
Bill Hall
labadie_1
Honored Contributor

Re: Identifiers

Have you tried
UAF> grant/id fox payroll

??
Jan van den Ende
Honored Contributor

Re: Identifiers

Gerard Labadie wrote

>>>
Have you tried
UAF> grant/id fox payroll

??
<<<

but already given by Fox

>>>
UAF> sh /id payroll
Name Value Attributes
PAYROLL %X80080011
<<<

So, Gerard, that will CERTAINLY generate an error!

Fox, re-read the answers by Hein & Bill.

Look at the initial message:

>>>
user identifier FOX does not exist;
<<<

The reason is a little bit of internals:

Only interger identifiers can be granted to UIC identifiers.

_NORMALLY_, a UIC identifier is associated with a username, and vise versa.

However, if you create a username with a UIC that ALREDY has accompanying identifier, that value can not be added.

And NOW we get into the gory details: because no identifier with the username value exists, of course no integer identifier can be granted to it.

And although usually in juman parlance you Grant an identifier to a userNAME, you actually grant it to the (equally-named_ UIC identifer. But for that to be possible, that UIC ident must exist....

btw, it is also possible for a UIC ident to have ANOTHER associated (user-)name.

A quick check is
UAF> show

If it displat ONLY a numeric UIC, no associated identifier is defined.
If the numeric UIC has an associated name, THAT name is also shown. And if that is NOT equal to the username, then you have a situation that somehow has become out of identifier <-> username alignment.

hth

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
Jan van den Ende
Honored Contributor

Re: Identifiers

Fox,

from your Forum Profile:


I have assigned points to 125 of 196 responses to my questions.

Some date back to 2006!

Maybe you can find some time to do some assigning?

http://forums1.itrc.hp.com/service/forums/helptips.do?#33

Mind, I do NOT say you necessarily need to give lots of points. It is fully up to _YOU_ to decide how many. If you consider an answer is not deserving any points, you can also assign 0 ( = zero ) points, and then that answer will no longer be counted as unassigned.
Consider, that every poster took at least the trouble of posting for you!

To easily find your streams with unassigned points, click your own name somewhere.
This will bring up your profile.
Near the bottom of that page, under the caption "My Question(s)" you will find "questions or topics with unassigned points " Clicking that will give all, and only, your questions that still have unassigned postings.
If you have closed some of those streams, you must "Reopen" them to "Submit points". (After which you can "Close" again)

Do not forget to explicitly activate "Submit points", or your effort gets lost again!!

Thanks on behalf of your Forum colleagues.

PS. - nothing personal in this. I try to post it to everyone with this kind of assignment ratio in this forum. If you have received a posting like this before - please do not take offence - none is intended!

PPS. - Zero points for this.

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
labadie_1
Honored Contributor

Re: Identifiers

Jan

May be l should have put a smiley...
Jon Pinkley
Honored Contributor

Re: Identifiers

FOX MULDER,

Please see the thread "unable to grant identifer" from Aug 7, 2007

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1151194

Where all the gory details are discussed.

If uaf do a UAF> show user fox !(or whatever the real username is)

Look at the section to the right of where the UIC: is displayed. That will either show an alpha string, which is what identifiers get granted to, or it will display a repeat of the numeric (octal)
UIC, in which case the identifier has been removed.

But this is all discussed in much greater detail in the referenced thread.

Jon
it depends
FOX MULDER_2
Frequent Advisor

Re: Identifiers

UAF> grant/id fox payroll
%UAF-E-GRANTERR, unable to grant identifier FOX to PAYROLL
-SYSTEM-F-NOSUCHID, unknown rights identifier

User Fox does exists.


Any way out ?
FOX MULDER_2
Frequent Advisor

Re: Identifiers

Yes...Bill
Got fixed

you are correct...

Very logically you need to add the user to the rights DB and then grant the identifiers.

Thanks
Hein van den Heuvel
Honored Contributor

Re: Identifiers

>> Any way out ?

You need to do a "UAF> show user fox" and carefuly verify, notably the data behind "UIC:"
Does it show an identifier?

Also try "UAF> show /ident fox"
You may also check: "UAF> SHOW/IDENTIFIER/valu=uic:[x,y]"
for a good value, and for the fox-value.

Carefully study the prior replies and pointers.
If still stuck post some UAF> SHOW data here.

hth,
Hein.
Jon Pinkley
Honored Contributor

Re: Identifiers

Be well aware that identifiers are not granted to a username. Even though the UIC valued "user identifier" often has the same name as the username, that isn't a guarantee.

Here's a short version of an example that shows this is the case, see the attachment for the full version if you are interested.

UAF> grant/id jons_cms fox ! this isn't granting to username FOX
%UAF-I-GRANTMSG, identifier JONS_CMS granted to FOX
UAF> show fox ! this is showing the username FOX

Username: FOX Owner:
Account: ITRC UIC: [50,1] ([MULDER])
CLI: DCL Tables: DCLTABLES
---stuff removed for brevity---
Authorized Privileges:
NETMBX TMPMBX
Default Privileges:
NETMBX TMPMBX
UAF> ! note it doesn't have anything granted to it
UAF> show mulder

Username: MULDER Owner:
Account: UIC: [50,2] ([FOX]) <-- This is what the JONS_CMS id was granted to.
CLI: DCL Tables: DCLTABLES
---stuff removed for brevity---
Authorized Privileges:
NETMBX TMPMBX
Default Privileges:
NETMBX TMPMBX
Identifier Value Attributes
JONS_CMS %X8001000D
UAF> ! The USERNAME(s) with UIC value [50,2] will get JONS_CMS on the next login

See attachment for complete logs showing complete steps leading to this (non-standard) condition.

So the bottom line for least confusion, and better access control, do the following:

Don't create multiple USERNAMEs with the same UIC (unless you really want all usernames with the same UIC to be considered identical from a security perspective).

Let UAF create the UIC valued user identifiers that have the same text as the USERNAME. This makes things like file ownership much less confusing than the example I gave.
it depends
FOX MULDER_2
Frequent Advisor

Re: Identifiers

Thanks to all..

The problem is solved