HPE Community
Operating System - OpenVMS
1819899 Members
2456 Online
109607 Solutions
New Discussion юеВ

Identifiers

 
SOLVED
Go to solution
Swain
Regular Advisor

тАО07-22-2009 11:31 PM

тАО07-22-2009 11:31 PM

Identifiers

I deleted one identifier mistakenly.

how can I retrieve the same without informing users?

UAF> remove/id
_id_name: Access$user
%UAF-I-RDBREMMSG, identifier ACCESS$USER value %X8001004F removed from rights database

It's urgent.

Thanks,
Amaresh
0 Kudos
10 REPLIES 10
Jeremy Begg
Trusted Contributor

тАО07-22-2009 11:42 PM

тАО07-22-2009 11:42 PM

Solution

Re: Identifiers

I usually find honesty is the best policy in such cases ... but your environment may differ!

Try this:

$ mcr authorize add/ident access$user /value=id:%x1004f

Note that identifiers often have attributes such as RESOURCE or DYNAMIC. If you know this identifier had one or more attributes you should specify them on the command line, e.g.

$ mcr authorize add/ident access$user /value=id:%x1004f /attr=resource

Regards,
Jeremy Begg
0 Kudos
Swain
Regular Advisor

тАО07-22-2009 11:54 PM

тАО07-22-2009 11:54 PM

Re: Identifiers

I tried adding the same identifier with same value...

UAF> ADD /IDENTIFIER/ATTRIBUTES=(RESOURCE)/VALUE=IDENTIFIER:%X8001004F ACCESS$USER
%UAF-E-BADVALUE, error in value specification \-2147418033\


but got error
0 Kudos
Swain
Regular Advisor

тАО07-22-2009 11:57 PM

тАО07-22-2009 11:57 PM

Re: Identifiers

done..

I had to omit 800 in %X8001004F

Thanks a lot!!
0 Kudos
Swain
Regular Advisor

тАО07-23-2009 12:00 AM

тАО07-23-2009 12:00 AM

Re: Identifiers

one more query..

where do the identifiers store?
can we check the rights database?
can we add usernames to a particular identifier without GRANT command?
e.g. in this particular case, how can I add the users previously holding this ACCESS$USER id?

Thanks,
Amaresh
0 Kudos
Craig A
Valued Contributor

тАО07-23-2009 12:04 AM

тАО07-23-2009 12:04 AM

Re: Identifiers

You need to restore RIGHTSLIST.DAT from the last good backup prior to you issuing the REMOVE/IDENT command.

Craig A
0 Kudos
Robert Gezelter
Honored Contributor

тАО07-23-2009 03:35 AM

тАО07-23-2009 03:35 AM

Re: Identifiers

Amaresh,

With all due respect to Craig, I must demur with the suggestion contained in his post to "... restore RIGHTSLIST.DAT from the last good backup ..."

Restoring RIGHTSLIST.DAT in-place will destroy any other changes that have been made to the file in the interim. To verify the precise nature of the RIGHTSLIST definition for ACCESS$USER, restore the RIGHTSLIST.DAT file from the last backup to a scratch location, define the process logical name RIGHTSLIST to point to the restored file, and do a full SHOW command on the identifier.

Once one has that information, one can conform the definition of ACCESS$USER in the active RIGHTSLIST to the contents of the RIGHTSLIST from the backup.

- Bob Gezelter, http://www.rlgsc.com
0 Kudos
Craig A
Valued Contributor

тАО07-23-2009 04:31 AM

тАО07-23-2009 04:31 AM

Re: Identifiers

100% spot-on Robert. And silly me for not making it crystal clear that you should not restore RIGHTSLIST.DAT to its real location.

Craig A
0 Kudos
Swain
Regular Advisor

тАО07-23-2009 04:57 AM

тАО07-23-2009 04:57 AM

Re: Identifiers

Thanks a lot Robert, Craig!

It worked.

Regards,
Amaresh
0 Kudos
John Gillings
Honored Contributor

тАО07-23-2009 09:30 PM

тАО07-23-2009 09:30 PM

Re: Identifiers

It's safer to omit the values and attributes:

$ MCR AUTHIORIZE ADD/IDENT/USER=ACCESS$USER

This will fill in the correct attributes and values for a UIC identifier.

If you have "standard" identifiers (ie: identifier name same as the corresponding username), this is quite safe to do at any time. Worst case is it won't add the identifier because it already exists.

Indeed, you can "repair" your RIGHTSLIST with

$ MCR AUTHIORIZE ADD/IDENT/USER=*

This will scan all users and create any missing identifiers.
A crucible of informative mistakes
0 Kudos
Hoff
Honored Contributor

тАО07-24-2009 03:29 AM

тАО07-24-2009 03:29 AM

Re: Identifiers

Um, AUTHIORIZE? John meant AUTHORIZE.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.