Difference between revisions of "AUTHORIZE"

From VSI OpenVMS Wiki
Jump to: navigation, search
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
'''AUTHORIZE''' is  is a system management tool that allows you to control access to the system and to allocate resources to users.
+
'''AUTHORIZE''' is  is a system management tool that allows you to control access to the system and to allocate resources to users. AUTHORIZE.EXE resides in [[SYS$SYSTEM]] and can be invoked with MCR or RUN.
 +
 
 +
=Uses=
 +
AUTHORIZE can be used to:
 +
* create, delete and modify user records
 +
* add, remove, grant and revoke [[Identifier|identifiers]]
 +
* create network proxies
  
 
=Files used by AUTHORIZE=
 
=Files used by AUTHORIZE=
* [[SYSUAF.DAT]] is the user database file. By default, it resides in SYS$SYSTEM, but the system looks for it in the default directory when AUTHORIZE is invoked. The SYSUAF logical name can be defined to point to the current location of SYSUAF.DAT
+
* [[SYSUAF.DAT]] is the user database file. By default, it resides in SYS$SYSTEM, but the system looks for it in the default directory when AUTHORIZE is invoked. The SYSUAF logical name can be defined to point to the current location of the user database file.
 
* [[RIGHTSLIST.DAT]] stores rights identifiers
 
* [[RIGHTSLIST.DAT]] stores rights identifiers
 
* [[NETPROXY.DAT]] and [[NET$PROXY.DAT]] store proxy information
 
* [[NETPROXY.DAT]] and [[NET$PROXY.DAT]] store proxy information
 +
 +
=AUTHORIZE Commands=
 +
* '''COPY old-record new-record''' creates a new user record with all information from the old record except for the fields specified with qualifiers
 +
* '''ADD new-record''' is an alias for COPY DEFAULT new-record: it creates a new user record with all information from the default record except for the fields specified with qualifiers
 +
* '''ADD/ID id-name''' creates a new [[Identifier|rightslist identifier]]
 +
* '''MODIFY record''' allows you to specify new values for certain fields of the record with qualifiers
 +
* '''SHOW record''' allows you to view the record for the specified username or UIC in your terminal. Wilcards are allowed: SHOW *, SHOW [100,*], etc. By default, full information is shown; use /BRIEF to display a brief listing.
 +
* '''LIST record''' allows you to save the record for the specified username or UIC to a file. Wildcards are allowed: SHOW *, SHOW [100,*], etc. By default, brief information is saved; use /BRIEF to save a full listing. Make sure to check the protection settings of the resulting listing file as they may not be secure enough; try not to keep any listings around to avoid compromising the login data.
 +
* '''REMOVE record''' removes the specified record. The user identifier associated with the record is also removed; the directory associated with the record is not removed.
 +
* '''RENAME''' changes the user name of the SYSUAF record (and, if specified, the corresponding identifier) while retaining the characteristics of the old record.
 +
* '''REVOKE id user''' revokes the identifier so the specified user may no longer use it.
 +
* '''GRANT id user''' grants the [[Identifier|rightslist identifier]] to the specified user.
  
 
=See also=
 
=See also=
Line 10: Line 28:
 
* [[Identifier]]
 
* [[Identifier]]
 
* [[ADDUSER.COM]]
 
* [[ADDUSER.COM]]
 +
* {{Template:SysmanI}} on creating records
 +
* {{Template:UtilitiesI}} for use instructions
  
 
[[Category:Utilities]]
 
[[Category:Utilities]]
 +
[[Category:User Management]]

Latest revision as of 08:09, 7 June 2021

AUTHORIZE is is a system management tool that allows you to control access to the system and to allocate resources to users. AUTHORIZE.EXE resides in SYS$SYSTEM and can be invoked with MCR or RUN.

Uses

AUTHORIZE can be used to:

  • create, delete and modify user records
  • add, remove, grant and revoke identifiers
  • create network proxies

Files used by AUTHORIZE

  • SYSUAF.DAT is the user database file. By default, it resides in SYS$SYSTEM, but the system looks for it in the default directory when AUTHORIZE is invoked. The SYSUAF logical name can be defined to point to the current location of the user database file.
  • RIGHTSLIST.DAT stores rights identifiers
  • NETPROXY.DAT and NET$PROXY.DAT store proxy information

AUTHORIZE Commands

  • COPY old-record new-record creates a new user record with all information from the old record except for the fields specified with qualifiers
  • ADD new-record is an alias for COPY DEFAULT new-record: it creates a new user record with all information from the default record except for the fields specified with qualifiers
  • ADD/ID id-name creates a new rightslist identifier
  • MODIFY record allows you to specify new values for certain fields of the record with qualifiers
  • SHOW record allows you to view the record for the specified username or UIC in your terminal. Wilcards are allowed: SHOW *, SHOW [100,*], etc. By default, full information is shown; use /BRIEF to display a brief listing.
  • LIST record allows you to save the record for the specified username or UIC to a file. Wildcards are allowed: SHOW *, SHOW [100,*], etc. By default, brief information is saved; use /BRIEF to save a full listing. Make sure to check the protection settings of the resulting listing file as they may not be secure enough; try not to keep any listings around to avoid compromising the login data.
  • REMOVE record removes the specified record. The user identifier associated with the record is also removed; the directory associated with the record is not removed.
  • RENAME changes the user name of the SYSUAF record (and, if specified, the corresponding identifier) while retaining the characteristics of the old record.
  • REVOKE id user revokes the identifier so the specified user may no longer use it.
  • GRANT id user grants the rightslist identifier to the specified user.

See also