HPE Community
Operating System - OpenVMS
1830241 Members
5014 Online
109999 Solutions
New Discussion

Re: Copy user/identifiers

 
owilliams
Frequent Advisor

‎08-13-2007 04:23 AM

‎08-13-2007 04:23 AM

Copy user/identifiers

Is there a way to copy the identifiers of one user to another user without entering them one by one. New to VMS. You guys/gals on this forum are great!!
0 Kudos
Reply
5 REPLIES 5
Hein van den Heuvel
Honored Contributor

‎08-13-2007 05:55 AM

‎08-13-2007 05:55 AM

Re: Copy user/identifiers

The username <-> identifier mapping is maintained in a file called SYS$SYSTEM:RIGHTSLIST.DAT

Note: This can be a system logical RIGHTSLIST. So you should construct the name with
F$PARSE("RIGHTSLIST","SYS$SYSTEM:.DAT")

That file is a normal RMS index file.
So you can convert/merge them. For example:

$CONVERT/MERGE/STAT/EXCEP=rightslist.dups rightlist.a rightslist.b

You can also use DCL Read and write:
$OPEN/READ/WRITE/SHARE=WRITE A rightslsist.new
$OPEN/READ/WRITE/SHARE=WRITE MAIN 'rightslist'
$loop:
$READ A new_record
$IF new_record...
$WRITE rew_record MAIN
$goto loop.

Or you can extract to sequential, and convert back in.

Beware though... this file is/should be in sync with SYSUAF, so go slowly (a record at a time at first) to be sure you have it right, and have a backup plan or two.

Finally... rightlist is always open, so if not applying changs to the live file, then it may be tricky to get the new data in place.

Cheers,
Hein.

0 Kudos
Reply
owilliams
Frequent Advisor

‎08-13-2007 06:22 AM

‎08-13-2007 06:22 AM

Re: Copy user/identifiers

Sounds complicated. Maybe I should better explain what I need. I create 25-30 news users for the VMS cluster each week. I usually use the copy command to copy a template user I created. The problem is I cannot copy the identifiers and usually have to add them to the account. Example:
copy jsmith cjackson/owner="Chris Jackson" -
/uic=[555,5555]/password=password/dir=[dir]

Then the basic account is created and I add identifiers.
grant/identifier group cjackson/attributes=resource

Is there an easier/quicker way to do this?
0 Kudos
Reply
Hoff
Honored Contributor

‎08-13-2007 10:24 AM

‎08-13-2007 10:24 AM

Re: Copy user/identifiers

Why not create a DCL command procedure that prompts for and builds the requisite GRANT commands for the particular user, and then kicks it off?

You could enhance the basic procedure to prompt for what sort of user is involved, allowing you to have and to select which of multiple profiles within the procedure should be applied.

There's an ADDUSER procedure available in SYS$EXAMPLES:, and that can serve as a jumping-off point for creating directories, granting identifiers, registering users with local or site-specific applications, and other such tasks.

Stephen Hoffman
HoffmanLabs LLC
0 Kudos
Reply
Jon Pinkley
Honored Contributor

‎08-13-2007 10:25 AM

‎08-13-2007 10:25 AM

Re: Copy user/identifiers

I am not aware of any standard single command that will copy the identifiers held by one UIC identifer to another. This is something that would normally be done by a command procedure which would probably be written by the system manager.

If you have been adding a lot of new user accounts, or worse, new identifiers with system generated values, and never took care of the problem you described in

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1107988

specifically, a multiple system disk cluster without common security files, then you have more problems than making it easy to copy identifiers from one user to another.

Without knowing any more than you have said, with your wish of copying all identifiers held by one "user" to another, then one solution is to write a command procedure that does the following:

1. Create a SYSUAF list/full for the template user.
2. Open this listing file
3. Read records until you find one that begins with "Identifier "
4. The remaining records will represent the identifiers held. You will need to parse the line and generate an Authorize command.

i.e. For a line like

TEST$SUBSYSTEM %X80010005 RESOURCE SUBSYSTEM

you would need to convert the line into a command similar to:

$ mcr authorize grant/id TEST$SUBSYSTEM /attributes=(RESOURCE,SUBSYSTEM) 'target_uic_identifier'

execute the command, and get the next until no more lines remain.

Then close the uaf_listing file and delete it.

Learning to script things, whether with DCL or other tools like perl, is essential for successfully managing a system.
it depends
0 Kudos
Reply
Phil.Howell
Honored Contributor

‎08-13-2007 12:17 PM

‎08-13-2007 12:17 PM

Re: Copy user/identifiers

the attached dcl procedure was used for applications not users, but you should get the general idea - build a temporary command file and then execute it.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.