HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: Help with user access
Operating System - OpenVMS
1826387
Members
4364
Online
109692
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2007 08:49 AM
02-28-2007 08:49 AM
I have been given the task of administrating Openvms for the next 6 months. I need to give a couple users access to a group. I have no experience with this yet. Can someone please explain how to find the group and grant access? Thanks for any help!
Solved! Go to Solution.
6 REPLIES 6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2007 09:10 AM
02-28-2007 09:10 AM
Re: Help with user access
If there are already other users with access to this group, have a look and see how they have been given that access.
A well setup system will probably have rights IDs for each group, and ACL's allowing access by holders of selected rights IDs.
Find some files that existing group members can access, and do
$ dir/security
then go look at the user record in the UAF, do a
UAF> show 'user' /rights
Check if there are any identifiers that match entries in the file ACLs.
There are other ways to do it, for example, changing the users UICs to match the others in the group, but that is a less modern approach.
JT:
A well setup system will probably have rights IDs for each group, and ACL's allowing access by holders of selected rights IDs.
Find some files that existing group members can access, and do
$ dir/security
then go look at the user record in the UAF, do a
UAF> show 'user' /rights
Check if there are any identifiers that match entries in the file ACLs.
There are other ways to do it, for example, changing the users UICs to match the others in the group, but that is a less modern approach.
JT:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2007 09:18 AM
02-28-2007 09:18 AM
Re: Help with user access
Is there a way to list all the groups?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2007 09:44 AM
02-28-2007 09:44 AM
Re: Help with user access
UAF> sho/rights/user=*
To give you an example of what I am talking about, see the following.
UAF> sho/rights/user=*
Identifier Value Attributes
Identifiers held by FRED :
GROUP_1 %X80010003
Identifiers held by JOE :
GROUP_2 %X80010004
Directory/security disk$user:[group]dummy.dat
[SYSTEM] (RWED,RWED,,)
(IDENTIFIER=[GROUP_1],ACCESS=READ)
(IDENTIFIER=[GROUP_2],ACCESS=READ+WRITE+DELETE+CONTROL)
What this says is that FRED, in group 1 only has read access to this file, but JOE can do pretty much anything.
To give you an example of what I am talking about, see the following.
UAF> sho/rights/user=*
Identifier Value Attributes
Identifiers held by FRED :
GROUP_1 %X80010003
Identifiers held by JOE :
GROUP_2 %X80010004
Directory/security disk$user:[group]dummy.dat
[SYSTEM] (RWED,RWED,,)
(IDENTIFIER=[GROUP_1],ACCESS=READ)
(IDENTIFIER=[GROUP_2],ACCESS=READ+WRITE+DELETE+CONTROL)
What this says is that FRED, in group 1 only has read access to this file, but JOE can do pretty much anything.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2007 10:21 AM
02-28-2007 10:21 AM
Re: Help with user access
Thanks for your help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2007 10:51 AM
02-28-2007 10:51 AM
Solution
See the System Manager's Manual at http://h71000.www7.hp.com/doc/ to begin with. The Doc set an be overwhelming, but dive in. http://www.openvms.org/pages.php?page=Books has some suggested reading.
Welcome to the deep end of the pool. Depending on your location, you may want to consider swimming lessons, some of the people here are available.
Andy
Welcome to the deep end of the pool. Depending on your location, you may want to consider swimming lessons, some of the people here are available.
Andy
If you don't have time to do it right, when will you have time to do it over? Reach me at first_name + "." + last_name at sysmanager net
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2007 03:19 PM
02-28-2007 03:19 PM
Re: Help with user access
Welcome to the world of VMS system management.
From your description of the problem, it sounds like you are using the term group in the Windows meaning. As others have stated, VMS uses identifiers for this purpose.
When you read the VMS documentation, you will see references to UIC (User Identification Code), which is a pair of values, a group and member. The UIC group is different than the general identifier.
You asked how to get a list of all the groups. If you want a list of all the identifiers, you can issue the following command (from privileged account):
$ pipe mcr authorize show /id * /br | search/nowin sys$input "%"
If you want to determine the UIC groups that exist, this is one way to get them.
$ mcr authorize list [*,*]/br ! this creates sysuaf.lis in UIC order.
$ sort sysuaf.lis; /key=(pos:34,siz:8)/nodup sysuaf.grp
The syauaf.grp file will have a single member from each group, listed under the "UIC" heading. The numeric UIC's look like [1,4], this is Group 1, Member 4 and that will generally be the UIC associated with the SYSTEM username.
Member numbers are within a group, so [1,4] is not the same member as [2,4].
Usernames are unique. Each username is assigned a single UIC, however it is possible, to create multiple usernames with the same UIC. Doing so is not recommended, since identifiers are granted to UICs, not to usernames. It may appear that you are granting to a USERNAME, but you are granting to a UIC that has a name that just happens to be the USERNAME by default. The only time you should ever crate more than one USERNAME with the same UIC, is if you want the USERNAMEs to be treated as once from a security point of view.
Hopefully you have an old system you can play with, where you can try things without worrying that you will make a mistake. There is no substitute for hands on doing, at least that is the way I learn most effectively.
From your description of the problem, it sounds like you are using the term group in the Windows meaning. As others have stated, VMS uses identifiers for this purpose.
When you read the VMS documentation, you will see references to UIC (User Identification Code), which is a pair of values, a group and member. The UIC group is different than the general identifier.
You asked how to get a list of all the groups. If you want a list of all the identifiers, you can issue the following command (from privileged account):
$ pipe mcr authorize show /id * /br | search/nowin sys$input "%"
If you want to determine the UIC groups that exist, this is one way to get them.
$ mcr authorize list [*,*]/br ! this creates sysuaf.lis in UIC order.
$ sort sysuaf.lis; /key=(pos:34,siz:8)/nodup sysuaf.grp
The syauaf.grp file will have a single member from each group, listed under the "UIC" heading. The numeric UIC's look like [1,4], this is Group 1, Member 4 and that will generally be the UIC associated with the SYSTEM username.
Member numbers are within a group, so [1,4] is not the same member as [2,4].
Usernames are unique. Each username is assigned a single UIC, however it is possible, to create multiple usernames with the same UIC. Doing so is not recommended, since identifiers are granted to UICs, not to usernames. It may appear that you are granting to a USERNAME, but you are granting to a UIC that has a name that just happens to be the USERNAME by default. The only time you should ever crate more than one USERNAME with the same UIC, is if you want the USERNAMEs to be treated as once from a security point of view.
Hopefully you have an old system you can play with, where you can try things without worrying that you will make a mistake. There is no substitute for hands on doing, at least that is the way I learn most effectively.
it depends
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Support
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP