HP 3000 Manuals HP 3000 Manuals
Managing Accounts, Groups, and Users
Files on the system are organized by group and account with a variety of
users accessing them. Groups, accounts, and users must be created before
files can be created. Once created, they can also be modified or
deleted. The Getting Started (B3813-90003) book for the HP 3000 Series
9X8LX provides instructions for creating the initial accounts and groups
from the MANAGER.SYS account. The tasks described below are the general
instructions and may be performed from any account with the appropriate
capabilities.
To set up and verify an account
* To create a new account, use the NEWACCT command and its options.
You must have system manager capabilities to set up a new account.
You must specify the account name and identify an account manager.
For example, to create an account called PAYROLL for your payroll
department, you would enter the NEWACCT command, an account name,
and the name of the manager for the account. For protection,
specify a password to be entered by all account users.
:NEWACCT PAYROLL,MANAGER;PASS=PAYPASS Return
The new account, PAYROLL, contains one user (MANAGER), who is the
account manager. Also, the account automatically contains one
group, PUB. If you want other groups, you must create them.
The manager for the account can create groups and users within
this account, but not for other accounts.
* To verify the existence of the account, use the LISTACCT command.
For example, enter LISTACCT PAYROLL to display account
characteristics. You can also use the MKACCT Command File to
create accounts. For more information, refer to the section
Creating a Practice Account, later in this chapter.
:LISTACCT PAYROLL Return
* To show the password, use the PASS option:
:LISTACCT PAYROLL;PASS Return
The LISTACCT command also lists the capabilities that have been assigned
to the account.
To set up and verify a group
* To create a new group, log on as account manager to the account
that you want the group to be in. Then use the NEWGROUP command
and its options. Only the system manager or the account manager
for the account can create new groups. You must specify the group
name. If no account name is specified, the account is assumed to
be the account that you are currently in. For example, four
groups can be created in the PAYROLL account, one for each
quarter's payroll. The passwords entered with the following
NEWGROUP commands create group passwords. For security, each of
these passwords should be different. You can also use the MKACCT
Command File to set up groups. For more information, refer to the
section Creating a Practice Account later in this chapter.
In these examples, the groups QTR1, QTR2, QTR3, and QTR4 will be
created in your logon account:
:NEWGROUP QTR1;PASS=PAY1Q Return
:NEWGROUP QTR2;PASS=PAY2Q Return
:NEWGROUP QTR3;PASS=PAY3Q Return
:NEWGROUP QTR4;PASS=PAY4Q Return
* To create the group from another account, include the account
name:
:NEWGROUP QTR1.PAYROLL;PASS=PAY1Q Return
* To verify the existence of the new groups, use the LISTGROUP
command. This listing also identifies the capabilities identified
for each group. For example, to show that the four new groups
exist and that the default characteristics were assigned for each
group, enter the following command:
:LISTGROUP QTR@.PAYROLL;PASS Return
To set up and verify a user
* To set up a new user, use the NEWUSER command and its options. As
with the NEWGROUP command, the system manager or the account
manager for the appropriate account can execute the NEWUSER
command. You must provide the user name. If no account name is
specified, the account is assumed to be the account that you are
currently in. The following example sets up a new user for the
PAYROLL account. An optional user password is included in this
example and a home group, SALES is assigned. The home group is
where a user is automatically logged on to, unless another group
is included in the logon. You can also use the MKACCT Command
File to set up users. For more information, refer to the section
Creating a Practice Account, later in this chapter.
:NEWUSER ROSEN.PAYROLL;PASS=NESOR;HOME=SALES Return
* To verify a new user, use the LISTUSER command. You must be the
system manager or account manager to list the users for the
specified group and account. Other users can list only their own
logon user name.
:LISTUSER ROSEN.PAYROLL;PASS Return
In this example, the account name is included. The account name
is not necessary if this command is entered from the PAYROLL
account.
To modify an account
Use the ALTACCT command to modify an account's capabilities, passwords,
or other account attributes. Only the system manager can modify an
account. The following example modifies the password for the PAYROLL
account.
:ALTACCT PAYROLL;PASS=AUGUST Return
To modify a group
Use the ALTGROUP command to modify a group within an account. The
account manager can modify any group within his or her own account. The
following example modifies the password for the group:
:ALTGROUP QTR4;PASS=AUGUST Return
Only a user with SM capability can modify any group on the system.
To modify a user
Use the ALTUSER command to modify a user's password, capabilities, or
other attributes. Only the system manager or the account manager for the
account can modify any user's attributes. The following example changes
the user's home group, the group to which the user is automatically
logged:
:ALTUSER ROSEN.PAYROLL;HOME=QTR3 Return
To modify capabilities
Use the ;CAP= parameter of the ALTACCT, ALTGROUP, and ALTUSER commands to
change the capabilities of existing accounts, groups, and users.
Capabilities can also be assigned with the ;CAP= parameter of the
NEWACCT, NEWGROUP, and NEWUSER commands. To simplify this process, it is
recommended that you create the accounts, groups, and users that you need
using the default capabilities. If you then decide to increase or
decrease the capability of one or more accounts, groups, or users, you
can use the ALTACCT, ALTGROUP, and ALTUSER commands to make these
changes. You can issue the LISTACCT, LISTGROUP, or LISTUSER command,
followed by the account, group, or user name, to view the current
capabilities.
Refer to the Commands Reference (B3813-90011) manual for a list of
capabilities and their meanings. In addition, this chapter provides a
list of default capabilities that are set automatically when accounts,
groups, and users are created.
To modify capabilities for an account.
To define special capabilities for an account, use the ;CAP= parameter of
the ALTACCT command. Note that to add any capabilities to the default
list, you must enter all of the capabilities--the new ones and the
defaults. Separate the capabilities in the command string with commas.
In the following example, the process handling (PH) capability is added
to the standard default capabilities for the account PAYROLL.
:ALTACCT PAYROLL;CAP=AL,AM,BA,GL,IA,ND,SF,PH Return
To modify capabilities for a group.
To define special capabilities for a group, use the ;CAP= parameter of
the ALTGROUP command. To add any capabilities to the default list, you
must enter all of the capabilities--the new ones and the defaults.
Separate the capabilities in the list with commas. Remember that the
capabilities of a group cannot exceed the capabilities of the account in
which this group resides. In the following example, the process handling
(PH) capability is added to the standard default capabilities for the
group CURRENT.
:ALTGROUP CURRENT.PAYROLL;CAP=BA,IA,PH Return
To modify capabilities for a user.
To define special capabilities for a user, use the ;CAP= parameter of the
ALTUSER command. Note that to add any capabilities to the default list
you must enter all of the capabilities--the new ones and the defaults.
Separate the capabilities in the list with commas. Remember that the
capabilities of a user cannot exceed the capabilities of the account in
which this user resides. In the following example, the process handling
(PH) capability is added to the standard default capabilities for the
user CLERK.
:ALTUSER CLERK.PAYROLL;CAP=BA,IA,ND,PH,SF Return
To modify file access
To change the file access for all files residing in an existing account
or group, use the ACCESS= parameter of the ALTACCT or ALTGROUP commands.
This option limits the access of particular types of users to files
within the specified group or account. Six types of file access are
defined:
R Read access allows users to read files.
L Lock access permits a user to lock a file in order to prevent
concurrent access to a file.
A Append access allows a user to add or append information to a
file, but prohibits a user from altering information already
written.
W Write access allows a user to add, delete, or change information
in files and allows a user to delete files. It also implicitly
allows lock and append access.
S Save access allows a user to declare files within a group as
permanent. (This pertains only to the group level.)
X Execute access allows a user to execute or run program files.
User types are identified by the following codes:
ANY Any user on the system.
AC Member of this account only.
GU Member of this group only.
AL Account librarian user only.
GL Group librarian user only.
Refer to the Commands Reference (B3813-90011) for further definition of
file access. In addition, this chapter provides a list of the default
file access set automatically when accounts and groups are created.
To modify file access for an account.
To modify access to the files within an account, use the ACCESS=
parameter of the ALTACCT command. This parameter specifies the file
access granted to specific types of users for the files in the account.
To signify the beginning of this option list, open the parentheses and
list the access codes for the first user type. Separate these codes with
commas. Enter a colon to signify the end of the first code list, and
specify the user type to be allowed this level of access to any file
within the account. If more that one set of codes is necessary, enter a
semicolon to signify the end of the first set. Repeat the access code
and user type specifications for the second set, and so on. When the
access codes for the user types have been completed, close the
parentheses.
:ALTACCT PAYROLL;ACCESS=(R,A,L,W,X:AC;R,X:ANY) Return
In the preceding example, all account users (:AC) are allowed to read
(R), append (A), lock (L), write (W), and execute (X) any file in this
account PAYROLL. This command also allows any user on the system (:ANY)
to read (R) and execute (X) any file in this account.
To modify file access for a group.
To modify the access to the files in a group, use the ACCESS= parameter
of the ALTGROUP command. This parameter specifies lists of file access
permissions for specific types of users.
To signify the beginning of this option list, open the parentheses and
list the access codes for the first user type. Separate these codes with
commas. Enter a colon to signify the end of the first code list, and
specify the user type to be allowed this level of access to any files
within this group. If more that one set of codes is necessary, enter a
semicolon to signify the end of the first set. Repeat the access code
and user type specifications for the second set, and so on. When the
access code specification has been completed, close the parentheses.
:ALTGROUP CURRENT.PAYROLL;ACCESS=(R,W,X:GU) Return
In the preceding example, group users (GU) are allowed to read (R), write
(W), and execute (X) any file in the group CURRENT.
To delete an account
Only the system manager can delete an account from the system. The
PURGEACCT command removes the specified account, its users, its groups,
and its files from your system. It is a good practice to store the files
in an account to a backup medium before deleting an account from the
system. The following example deletes an account called PAYROLL--along
with its users, its groups, and its files--from the system:
:PURGEACCT PAYROLL Return
The following prompt appears:
ACCOUNT PAYROLL TO BE PURGED? (YES/NO)_
If you wish to continue with the deletion of the account, acknowledge
with a YES and press Return. If not, respond with NO and press Return.
To delete a group
Only the system manager or the account manager can delete a group from
the system. The PURGEGROUP command removes the group and all files
belonging to it from your system. It is a good practice to store the
files in the group to tape before you remove the group. The following
example removes the first quarter's group from the PAYROLL account:
:PURGEGROUP QTR1 Return
The following prompt appears:
GROUP QTR1 TO BE PURGED? (YES/NO)_
If you wish to continue with the deletion of the group, acknowledge with
a YES and press Return. If not, then respond with NO and press Return.
To delete a user
Only the system manager or the account manager can delete a user from an
account. The PURGEUSER command removes the specified user from the
account. When the command is issued from a session, you are prompted to
verify the action. The following example removes the user ROSEN from the
PAYROLL account:
:PURGEUSER ROSEN Return
The following prompt appears:
USER ROSEN TO BE PURGED? (YES/NO)_
If you wish to continue with the deletion of the user, acknowledge with a
YES and press Return. If not, respond with NO and press Return.