HPE Community
Operating System - OpenVMS
1752785 Members
5966 Online
108789 Solutions
New Discussion юеВ

Re: read only access using authorize ?

 
Thomas Ritter
Respected Contributor

тАО04-09-2006 04:57 PM

тАО04-09-2006 04:57 PM

read only access using authorize ?

Is it possible to provide read only access for a non-priviledged user to run authorize.
Running $mcr authorize implys read+write access.
Can this be changed ?

Thanks in advance
Tom

0 Kudos
Reply
20 REPLIES 20
Steven Schweda
Honored Contributor

тАО04-09-2006 05:24 PM

тАО04-09-2006 05:24 PM

Re: read only access using authorize ?

I see no easy way. You could, perhaps,
install AUTHORIZE.EXE with more privileges.
(AUTHORIZE HELP Files_Used suggests SYSPRV.)
I assume that this would open up some
horrible security holes.

It might make more sense to write a more
limited program to read the SYSUAF, and then
install that program with the required
privilege(s), subsystem identifier(s), or
whatever.

What problem are you trying to solve?
0 Kudos
Reply
Thomas Ritter
Respected Contributor

тАО04-09-2006 05:28 PM

тАО04-09-2006 05:28 PM

Re: read only access using authorize ?

Steve, the systems are being locked down. A number of groups have work habits whereby they check user records for such items as quotas, last login times and even if the account is enabled. Can be useful.
I like your idea of a simple replacement program which show one complete user listing. But I would like to avoid the work.
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО04-09-2006 05:44 PM

тАО04-09-2006 05:44 PM

Re: read only access using authorize ?

All I know is what's in the
freeware_readme.txt, but perhaps DIX could be
useful:

http://h71000.www7.hp.com/freeware/freeware70/dix/
0 Kudos
Reply
Volker Halle
Honored Contributor

тАО04-09-2006 05:45 PM

тАО04-09-2006 05:45 PM

Re: read only access using authorize ?

Tom,

would creating a SYSUAF.LIS file (UAF> LIST */FULL) from a repeating batch job satisfy the need of looking up some user account information from time to time ?

Volker.
0 Kudos
Reply
Antoniov.
Honored Contributor

тАО04-09-2006 06:43 PM

тАО04-09-2006 06:43 PM

Re: read only access using authorize ?

Thomas,
if your user group need individual information can simply use f$getjpi lex function.
I saw dix, there is a good information about sysuaf inside it.

Antonio
http://it.openvms.org

Antonio Maria Vigliotti
0 Kudos
Reply
Phil.Howell
Honored Contributor

тАО04-09-2006 07:36 PM

тАО04-09-2006 07:36 PM

Re: read only access using authorize ?

The vms_check tool includes a brief UAF listing in HTML table format, I'm sure you could adapt it to include quota information
Phil
http://h71000.www7.hp.com/openvms/journal/v7/vms_check_tool.html
0 Kudos
Reply
Hein van den Heuvel
Honored Contributor

тАО04-09-2006 11:46 PM

тАО04-09-2006 11:46 PM

Re: read only access using authorize ?


Sounds like you have an existing application that you want to disturb as little as possible, whether that application usage of the system makes much sense or not. (It doesn't make much send imho :-).

1) Things like account quota's don't change too often.
2) AUTHORIZE will follow USER mode logicals, but LOGINOUT will (obviously) only follow trusted logicals.

So perhaps a solution is to point a user mode logical for "sysuaf" to a reasonably up to date copy of the sysuaf file. Just copy (convert/share !) the file daily, or whenever significant changes are known to have been made.

hth,
Hein.
0 Kudos
Reply
Joseph Huber_1
Honored Contributor

тАО04-10-2006 12:57 AM

тАО04-10-2006 12:57 AM

Re: read only access using authorize ?

There is the $GETUAI system service, and there is freeware GETUAI utility to get individual fields and users from sysuaf using $GETUAI.

Could the habit of using authorize not be changed to use getuai, which could be installed with privilege without opening a security hole (at least not too wide) ?
http://www.mpp.mpg.de/~huber
0 Kudos
Reply
Jan van den Ende
Honored Contributor

тАО04-10-2006 04:51 AM

тАО04-10-2006 04:51 AM

Re: read only access using authorize ?

Well,

to add to (or just explain) the answer by Joseph:
$GETUAI needs SYSPRV, so that is no immediate answer, but the freeware GETUAI has already nicely implemented it. Installing THAT with sysprv pretty much gives what you want, and perhaps you could/should restrict of THAT by suitable identifiers.

hth

Proost.

Have one on me (maybe in Nashua?).

jpe
Don't rust yours pelled jacker to fine doll missed aches.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.