command is used in conjunction with the ADD command. This helps to minimize the possibility of typing errors. In the ADD command line, setting the DISUSER flag prevents the user from logging in until all the account parameters are set up. In the MODIFY command line, the DISUSER flag is disabled (by specifying NODISUSER) to allow access to the account. The EXTAUTH flag causes the system to consider the user as authenticated by an external user name and password, not by the SYSUAF user name and password. The record that results from these commands and an explanation of the restrictions the record imposes appear in the description of the SHOW command. 2 /IDENTIFIER ! Adds only an identifier to the rights database. It does not add a ! user account. Adds an identifier to the rights database, RIGHTSLIST.DAT. The ADD/IDENTIFIER command does not add a user account to the authorization file, SYSUAF. The ADD/ADD_IDENTIFIER command, however, adds a user account to the authorization file, SYSUAF, and also adds an identifier to the rights database, RIGHTSLIST.DAT. Format ADD/IDENTIFIER [id-name] 3 Parameter id-name Specifies the name of the identifier to be added to the rights database. If you omit the name, you must specify the /USER qualifier. The identifier name is a string of 1 to 32 alphanumeric characters. The name can contain underscores and dollar signs. It must contain at least one nonnumeric character. 3 Qualifiers /ATTRIBUTES /ATTRIBUTES=(keyword[,...]) Specifies attributes to be associated with the new identifier. The following keywords are valid: DYNAMIC Allows unprivileged holders of the identifier to remove and to restore the identifier from the process rights list by using the DCL command SET RIGHTS_LIST. HOLDER_ Prevents people from getting a list of users who HIDDEN hold an identifier, unless they own the identifier themselves. NAME_HIDDEN Allows holders of an identifier to have it translated, either from binary to ASCII or from ASCII to binary, but prevents unauthorized users from translating the identifier. NOACCESS Makes any access rights of the identifier null and void. If a user is granted an identifier with the No Access attribute, that identifier has no effect on the user's access rights to objects. This attribute is a modifier for an identifier with the Resource or Subsystem attribute. RESOURCE Allows holders of an identifier to charge disk space to the identifier. Used only for file objects. SUBSYSTEM Allows holders of the identifier to create and maintain protected subsystems by assigning the Subsystem ACE to the application images in the subsystem. Used only for file objects. By default, none of these attributes is associated with the new identifier. /USER /USER=user-spec Scans the UAF record for the specified user and creates the corresponding identifier. Specify user-spec by user name or UIC. You can use the asterisk wildcard to specify multiple user names or UICs. Full use of the asterisk and percent wildcards is permitted for user names; UICs must be in the form [*,*], [n,*], [*,n], or [n,n]. A wildcard user name specification (*) creates identifiers alphabetically by user name; a wildcard UIC specification ([*,*]) creates them in numerical order by UIC. /VALUE /VALUE=value-specifier Specifies the value to be attached to the identifier. The following formats are valid for the value-specifier: IDENTIFIER:n An integer value in the range of 65,536 to 268,435,455. You can also specify the value in hexadecimal (precede the value with %X) or octal (precede the value with %O). The system displays this type of identifier in hexadecimal. To differentiate general identifiers from UIC identifiers, the system adds %X80000000 to the value you specify. GID:n GID is the POSIX group identifier. It is an integer value in the range 0 to 16,777,215 (%XFFFFFF). The system will add %XA400.0000 to the value you specify and then enter this new value into the system RIGHTSLIST as an identifier. UIC:uic A UIC value in standard UIC format consists of a member name and, optionally, a group name enclosed in brackets. For example, [360,031]. In numeric UICs, the group number is an octal number in the range of 1 to 37776; the member number is an octal number in the range of 0 to 177776. You can omit leading zeros when you are specifying group and member numbers. Regardless of the UIC format you use, the system translates a UIC to a 32-bit numeric value. Alphanumeric UICs are not allowed. Typically, system managers add identifiers as UIC values to represent system users; the system applies identifiers in integer format to system resources. 3 Examples 1.UAF> ADD/IDENTIFIER/VALUE=UIC:[300,011] INVENTORY %UAF-I-RDBADDMSGU, identifier INVENTORY value: [000300,000011] added to RIGHTSLIST.DAT The command in this example adds an identifier named INVENTORY to the rights database. By default, the identifier is not marked as a resource. 2.UAF> ADD/IDENTIFIER/ATTRIBUTES=(RESOURCE) - _/VALUE=IDENTIFIER:%X80011 PAYROLL %UAF-I-RDBADDMSGU, identifier PAYROLL value: %X80080011 added to RIGHTSLIST.DAT This command adds the identifier PAYROLL and marks it as a resource. To differentiate identifiers with integer values from identifiers with UIC values, %X80000000 is added to the specified code. 2 /PROXY Adds an entry to the network proxy authorization files, NETPROXY.DAT and NET$PROXY.DAT, and signals DECnet to update its volatile database. Proxy additions take effect immediately on all nodes in a cluster that share the proxy database. Format ADD/PROXY node::remote-user local-user[,...] 3 Parameters node Specifies a DECnet node name. If you provide a wildcard character (*), the specified remote user on all nodes is served by the account defined as local-user. remote-user Specifies the user name of a user at a remote node. If you specify an asterisk, all users at the specified node are served by the local user. For systems that are not OpenVMS and that implement DECnet, specifies the UIC of a user at a remote node. You can specify a wildcard character (*) in the group and member fields of the UIC. local-user Specifies the user names of 1 to 16 users on the local node. If you specify an asterisk, a local-user name equal to remote-user name will be used. 3 Positional_Quals. /DEFAULT Establishes the specified user name as the default proxy account. The remote user can request proxy access to an authorized account other than the default proxy account by specifying the name of the proxy account in the access control string of the network operation. 3 Examples 1.UAF> ADD/PROXY SAMPLE::WALTER ROBIN/DEFAULT %UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT Specifies that user WALTER on remote node SAMPLE has proxy access to user ROBIN's account on local node AXEL. Through proxy login, WALTER receives the default privileges of user ROBIN when he accesses node AXEL remotely. 2.UAF> ADD/PROXY MISHA::* MARCO/DEFAULT, OSCAR %UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT Specifies that any user on the remote node MISHA can, by default, use the MARCO account on the local node for DECnet tasks such as remote file access. Remote users can also access the OSCAR proxy account by specifying the user name OSCAR in the access control string. 3.UAF> ADD/PROXY MISHA::MARCO */DEFAULT %UAF-I-NAFADDMSG, record successfully added to NETPROXY.DAT Specifies that user MARCO on the remote node MISHA can use only the MARCO account on the local node for remote file access. 4.UAF> ADD/PROXY TAO::MARTIN MARTIN/D,SALES_READER %UAF-I-NAFADDMSG, proxy from TAO:.TWA.RAN::MARTIN to MARTIN added %UAF-I-NAFADDMSG, proxy from TAO:.TWA.RAN::MARTIN to SALES_READER added Adds a proxy from TAO::MARTIN to the local accounts MARTIN (the default) and SALES_READER on a system running DECnet-Plus.