Returns an encoded security profile for the specified user.
Format
SYS$CREATE_USER_PROFILE usrnam ,[itmlst] ,[flags] ,usrpro
,usrprolen ,[contxt]
C Prototype
int sys$create_user_profile (void *usrnam, void *itmlst,
unsigned int flags, void *usrpro,
unsigned int *usrprolen, unsigned
int *contxt);
1 – Arguments
usrnam
OpenVMS usage:char_string
type: character-coded text string
access: read only
mechanism: by descriptor
Name of the user whose security profile is to be returned. The
usrnam argument is the address of a descriptor pointing to a text
string containing the user name. The user name string can contain
a maximum of 12 alphanumeric characters.
For more information about user names, see the VSI OpenVMS Guide
to System Security.
itmlst
OpenVMS usage:item_list_3
type: longword (unsigned)
access: read only
mechanism: by reference
Item list specifying the portions of the user's security profile
to be replaced or augmented.
To view the general format of an item descriptor and the fields
description, see the VSI OpenVMS System Services Reference Manual.
flags
OpenVMS usage:mask_longword
type: longword (unsigned)
access: read only
mechanism: by value
The flags argument is used to control the behavior of the
$CREATE_USER_PROFILE service. This argument does not accept ISS$
mask values; therefore, continue to use the CHP$ mask values for
this argument.
The following table describes each flag:
Symbol Description
CHP$M_ By default, $CREATE_USER_PROFILE initializes
DEFCLASS the security profile with the user's maximum
authorized classification. When this flag is set,
the service initializes the security profile from
the user's default classification instead. This
flag is Reserved to VSI.
CHP$M_DEFPRIV By default, $CREATE_USER_PROFILE initializes
the security profile with the user's authorized
privilege mask. When this flag is set, the
service initializes the security profile from
the user's default privilege mask instead.
CHP$M_ Instructs the service not to access the user
NOACCESS authorization file (SYSUAF.DAT) or rights
database (RIGHTSLIST.DAT) to build the security
profile. This flag can be used as an optimization
when all the information necessary to build the
security profile is known to the caller.
usrpro
OpenVMS usage:char_string
type: opaque byte stream
access: write only
mechanism: by reference
Buffer to receive the security profile. The usrpro argument is
the address of a buffer to receive the encoded security profile.
If an address of 0 is specified, $CREATE_USER_PROFILE returns the
size of the buffer needed in the usrprolen argument.
usrprolen
OpenVMS usage:word
type: word (unsigned)
access: read/write
mechanism: by reference
Word to receive the full size of the security profile. On input,
the usrprolen argument specifies the length of the buffer pointed
to by the usrpro argument. The usrprolen argument is the address
of a word to which $CREATE_USER_PROFILE writes the actual length
of the security profile. If the caller specifies a usrpro address
of 0, $CREATE_USER_PROFILE returns the anticipated size, in
bytes, of the buffer needed to hold the user's security profile
in the usrprolen argument.
contxt
OpenVMS usage:longword
type: longword (unsigned)
access: modify
mechanism: by reference
Longword used to maintain authorization file context. The contxt
argument is the address of a longword to receive a $GETUAI
context value. On the initial call, this longword should contain
the value -1. On subsequent calls, the value of the contxt
argument from the previous call should be passed back in.
Using the contxt argument keeps the UAF open across all calls,
thereby improving the performance of the system on subsequent
calls. To close the UAF, you must run down the image.
The resulting context value from a $CREATE_USER_PROFILE call can
also be used as the input contxt argument to the $GETUAI system
service, and vice versa.