![]() |
![]() |
|
|
![]() |
![]() |
Task Reference: HP 3000 Series 9X8LX Computer Systems > Chapter 2 Performing Tasks Using MPE/iX Commands![]() Managing Accounts, Groups, and Users |
|
Files on the system are organized by group and account with a variety of users accessing them. Groups, accounts, and users must be created before files can be created. Once created, they can also be modified or deleted. The Getting Started (B3813-90003) book for the HP 3000 Series 9X8LX provides instructions for creating the initial accounts and groups from the MANAGER.SYS account. The tasks described below are the general instructions and may be performed from any account with the appropriate capabilities.
The LISTACCT command also lists the capabilities that have been assigned to the account.
Use the ALTACCT command to modify an account's capabilities, passwords, or other account attributes. Only the system manager can modify an account. The following example modifies the password for the PAYROLL account.
Use the ALTGROUP command to modify a group within an account. The account manager can modify any group within his or her own account. The following example modifies the password for the group:
Only a user with SM capability can modify any group on the system. Use the ALTUSER command to modify a user's password, capabilities, or other attributes. Only the system manager or the account manager for the account can modify any user's attributes. The following example changes the user's home group, the group to which the user is automatically logged:
Use the ;CAP= parameter of the ALTACCT, ALTGROUP, and ALTUSER commands to change the capabilities of existing accounts, groups, and users. Capabilities can also be assigned with the ;CAP= parameter of the NEWACCT, NEWGROUP, and NEWUSER commands. To simplify this process, it is recommended that you create the accounts, groups, and users that you need using the default capabilities. If you then decide to increase or decrease the capability of one or more accounts, groups, or users, you can use the ALTACCT, ALTGROUP, and ALTUSER commands to make these changes. You can issue the LISTACCT, LISTGROUP, or LISTUSER command, followed by the account, group, or user name, to view the current capabilities. Refer to the Commands Reference (B3813-90011) manual for a list of capabilities and their meanings. In addition, this chapter provides a list of default capabilities that are set automatically when accounts, groups, and users are created. To define special capabilities for an account, use the ;CAP= parameter of the ALTACCT command. Note that to add any capabilities to the default list, you must enter all of the capabilities--the new ones and the defaults. Separate the capabilities in the command string with commas. In the following example, the process handling (PH) capability is added to the standard default capabilities for the account PAYROLL.
To define special capabilities for a group, use the ;CAP= parameter of the ALTGROUP command. To add any capabilities to the default list, you must enter all of the capabilities--the new ones and the defaults. Separate the capabilities in the list with commas. Remember that the capabilities of a group cannot exceed the capabilities of the account in which this group resides. In the following example, the process handling (PH) capability is added to the standard default capabilities for the group CURRENT.
To define special capabilities for a user, use the ;CAP= parameter of the ALTUSER command. Note that to add any capabilities to the default list you must enter all of the capabilities--the new ones and the defaults. Separate the capabilities in the list with commas. Remember that the capabilities of a user cannot exceed the capabilities of the account in which this user resides. In the following example, the process handling (PH) capability is added to the standard default capabilities for the user CLERK.
To change the file access for all files residing in an existing account or group, use the ACCESS= parameter of the ALTACCT or ALTGROUP commands. This option limits the access of particular types of users to files within the specified group or account. Six types of file access are defined:
User types are identified by the following codes:
Refer to the Commands Reference (B3813-90011) for further definition of file access. In addition, this chapter provides a list of the default file access set automatically when accounts and groups are created. To modify access to the files within an account, use the ACCESS= parameter of the ALTACCT command. This parameter specifies the file access granted to specific types of users for the files in the account. To signify the beginning of this option list, open the parentheses and list the access codes for the first user type. Separate these codes with commas. Enter a colon to signify the end of the first code list, and specify the user type to be allowed this level of access to any file within the account. If more that one set of codes is necessary, enter a semicolon to signify the end of the first set. Repeat the access code and user type specifications for the second set, and so on. When the access codes for the user types have been completed, close the parentheses.
In the preceding example, all account users (:AC) are allowed to read (R), append (A), lock (L), write (W), and execute (X) any file in this account PAYROLL. This command also allows any user on the system (:ANY) to read (R) and execute (X) any file in this account. To modify the access to the files in a group, use the ACCESS= parameter of the ALTGROUP command. This parameter specifies lists of file access permissions for specific types of users. To signify the beginning of this option list, open the parentheses and list the access codes for the first user type. Separate these codes with commas. Enter a colon to signify the end of the first code list, and specify the user type to be allowed this level of access to any files within this group. If more that one set of codes is necessary, enter a semicolon to signify the end of the first set. Repeat the access code and user type specifications for the second set, and so on. When the access code specification has been completed, close the parentheses.
In the preceding example, group users (GU) are allowed to read (R), write (W), and execute (X) any file in the group CURRENT. Only the system manager can delete an account from the system. The PURGEACCT command removes the specified account, its users, its groups, and its files from your system. It is a good practice to store the files in an account to a backup medium before deleting an account from the system. The following example deletes an account called PAYROLL -- along with its users, its groups, and its files -- from the system:
The following prompt appears:
If you wish to continue with the deletion of the account, acknowledge with a YES and press Return. If not, respond with NO and press Return. Only the system manager or the account manager can delete a group from the system. The PURGEGROUP command removes the group and all files belonging to it from your system. It is a good practice to store the files in the group to tape before you remove the group. The following example removes the first quarter's group from the PAYROLL account:
The following prompt appears:
If you wish to continue with the deletion of the group, acknowledge with a YES and press Return. If not, then respond with NO and press Return. Only the system manager or the account manager can delete a user from an account. The PURGEUSER command removes the specified user from the account. When the command is issued from a session, you are prompted to verify the action. The following example removes the user ROSEN from the PAYROLL account:
The following prompt appears:
If you wish to continue with the deletion of the user, acknowledge with a YES and press Return. If not, respond with NO and press Return. |
![]() |
||
![]() |
![]() |
![]() |
|||||||||
|