Anyone who knows the logon name and password of an account can log on to that account. If several users will be using the account, it may be desirable to assign to each user a unique user-ID that he or she will use to log on to that account. User-IDs assign a specific password, retrieval and update codes, and a set of privileges to each user, which apply to files not only within the account they log on to but also to files in any other account to which they may have access.
It may be the case, for example, that some of the files in an account are used by all users who log on to the account, while other files are more confidential and need a more restricted access. By creating a unique user-ID for each user of an account, you can control very precisely what type of access users have to each file in an account, as well as which parts of the system are available to each user.
Use of unique user-IDs can give a more accurate idea of the use of system resources, as the Accounting History file (ACC) keeps track of system usage for each user. Also, the LISTU report will be more informative, as individual user names are listed rather than the names of the accounts to which they are logged.
User-IDs are actually Q-pointer synonyms for the Account Definition item in the SYSTEM Dictionary. See file management documentation for more information about Q-pointers.
User-IDs are created from the SYSPROG account. Each user-ID is created as a separate item in the SYSTEM Dictionary (see the example in Creating New Accounts). After you create the user-ID, you can use the PASSWORD command to give the user a unique logon password.
Here’s an example of how to create a user-ID for a user named Julie, who will log on to the STAFF account.
First, type:
ED SYSTEM JULIE NEW ITEM TOP . |
At the dot type I to get into Insert mode, then start entering data for the user’s profile. When the item is complete it should look like this:
001 Q 002 STAFF 003 004 005 006 007 008 SYS1 009 UQ 010 10 |
The contents of each line of a user-ID record are:
Line 1 |
The Q in line 1 indicates that the item is a file synonym, or Q-pointer. All user-IDs are Q-pointers. |
|
Line 2 |
This line contains the name of the account the user logs on to. |
|
Line 3-7 |
Lines 3 through 7 in this example contain null values. Lines 5 and 6 are used to hold the retrieval and update codes, respectively. Retrieval and update codes may be assigned to Lines 5 and 6 during the CREATE-ACCOUNT procedure or using the Editor. It is recommended that you modify the retrieval and update codes only when no one else is logged on the system. Line 7 is used to hold the encrypted password. Note that the password is left null here because you do not set it using the Editor. To assign a password, use the PASSWORD command (see mvBase System Security in the mvBase System Administration Manual) after you have created the user-ID. |
|
Line 8 |
This line contains the user’s system privilege level. |
|
Line 9 |
This line can contain any of the following codes: |
|
B |
Disables the BREAK key when the user logs on. |
|
O |
Automatically logs the user off whenever a security violation is logged in the SECURITY-LOG file (see mvBase System Security in the mvBase System Administration Manual). |
|
Q |
Makes optional the use of single or double quotes in INFO/ACCESS statements. |
|
R |
Causes the Logon Proc to re-execute whenever the user types END at the debugger prompt (!). |
|
T |
Prohibits direct access to TCL (see mvBase System Security in the mvBase System Administration Manual). |
|
U |
Updates the ACC file whenever the user logs on and off. |
|
Line 10 |
This line indicates the maximum width of the item-ID column used by INFO/ACCESS. |
|
Line 11 |
This line is null. |
|
Line 12 |
This line contains an optional list of process numbers (see mvBase System Security in the mvBase System Administration Manual). If no process number is entered, the account is accessible from all processes. |
|
Line 13 |
This line is null in most cases. Line 13 is only used with account D-pointers and is not a synonym of account Q-pointers. When planning file reallocation, enter the new modulo (it will remain after the reallocation). |
|
NOTE |
All blank lines must be null; they may not contain a blank space. There are two ways to create a blank line from Insert mode: you can append an attribute mark to the preceding line by entering CTRL+^, or you can insert a character (for example, x) on the line and then replace the character, using the R command, with null (for example, by performing .R/x//). |
The user-ID created in the example does not include process codes, so lines 11 and 12 need not be created even as null-valued lines. Line 13 also does not need to be created, except as mentioned above.
The table below shows the structure of the SYSTEM Dictionary items that define accounts and user-IDs on the system. The contents of user-ID items are almost the same as those of Account Definition items. The only differences are in the contents of Attributes 1, 2, and 3.
For more information about Account Definition items and user-ID items, see mvBase Database Architecture.
Attribute # |
Account Definition Items |
User-ID Items |
001 |
D |
Q |
002 |
location (base frame ID) |
user’s account |
003 |
modulo |
(must be null) |
004 |
(must be null) |
(must be null) |
005 |
retrieval codes |
retrieval codes |
006 |
update codes |
update codes |
007 |
password |
password |
008 |
privilege level |
privilege level |
009 |
user codes |
user codes |
010 |
item-ID width |
item-ID width |
011 |
(must be null) |
(must be null) |
012 |
process code |
process code |
013 |
file reallocation |
(must be null) |
See Also
Creating and Deleting Accounts