Account Definition Items

Account Definition Items, created by the CREATE-ACCOUNT command, appear only in the SYSTEM Dictionary. An Account Definition item is a D-pointer that references the location of the Master Dictionary for the account it defines. The Account Definition item supplies the account name and password, sets the privilege level for the account, and defines a number of options for the account.

Item-ID. The item-ID of an Account Definition item is the name of the account. It serves as the user’s logon ID or user-ID.

Attributes. Account Definition items can have 13 attributes. Attributes 4 and 11 are reserved and are therefore empty.

  1. Definition Code. A D indicates a File Definition item.

  2. Base. The base frame ID is a positive integer indicating the starting location of the file. This value is assigned automatically by the CREATE-FILE processor. SYS3 privileges are required to modify this attribute; however, modification is not recommended.

  3. Modulo. The modulo is a positive integer that indicates the number of groups occupied by the Master Dictionary for the account. It is supplied as a parameter by the user during file creation. To change the modulo, edit Attribute 13 to resize a file during a file-save and restore. SYS3 privileges are required to modify this attribute; however, modification is not recommended.

  4. Reserved.

  5. Retrieval Codes. An optional list of file-access locks associated with the account. The format of retrieval codes is user-defined. If a file containing a retrieval lock is accessed by the user, the code in Attribute 5 of the File Definition item and Attribute 5 of the Account Definition item will be compared. If multiple values are specified, any single value will be matched. See Managing Files for more information on file security.

  6. Update Codes. An optional list of file-update locks associated with the account. The format of the update code is user-defined. If the user attempts to modify a file containing an update lock, the code in Attribute 6 of the File Definition item and Account Definition item will be compared. If multiple values are specified, any single value will be matched. The mvBASIC OPEN statement will fail if the lock codes do not match, as it is assumed that if you can open a file, you might try to write to it. See Managing Files for more information on file security.

  7. Password. A user password that is stored in encrypted format. The user password is established when the account is created. If no password is defined, Attribute 7 is null. To change a password, use the PASSWORD command, available only in the SYSPROG account.

  8. Privilege Level. A code indicating the system privilege level for the account. If this attribute is null, the lowest privilege level (SYS0) applies. Each level includes the privileges on lower levels.

    9. SYS0

    Level 0 is the lowest level. Users cannot create files or copy items between files (CREATE-FILE and COPY). Creation and modification of items using the Editor is permitted in all files except the Master Dictionary.

    SYS1

    Level 1 permits updating of the Master Dictionary and the use of magnetic tape or floppy disk.

    SYS2

    Level 2 permits use of the DEBUG, DUMP, file-save and file-restore, and other processors.

    SYS3

    Level 3 is the highest privilege level. It provides access to all files regardless of retrieval and update locks. It is required for use of the TANDEM command. The SYSPROG account has SYS3 privileges.

  9. Account Options. One or more codes that enable various options for the account.

    10. B

    Disables the BREAK key for this account.

    O

    Automatically logs off user when a security violation occurs. Security violations are recorded in the SECURITY-LOG file.

    Q

    Makes the use of single and double quotes in INFO/ACCESS statements optional.

    R

    Enables the RESTART option, which causes the Logon Proc to be executed when the user exits the debugger using the END command.

    T

    Prevents the user from accessing TCL directly, providing a Proc named account-name@TCL exists in the user’s Master Dictionary or a Proc named @TCL exists in the ERRMSG file.

    U

    Specifies that the Accounting History file, a file that maintains a log of user logon times and the number of pages sent to the printer, is to be updated whenever the user logs off.

  10. Width. A positive integer indicating the maximum column width of the item-ID column. Used by INFO/ACCESS processor.

  11. Reserved.

  12. User Process Code. A list of user process numbers that are permitted to log onto the account. Individual process numbers are separated by value marks. If null, all processes can log onto the account. Process 0, associated with the system console, can be used to log onto any account regardless of the list of user processes permitted.

  13. Reallocation. A positive integer that specifies a new modulo for the Master Dictionary. This value must be enclosed in parentheses. The reallocation of the Master Dictionary occurs during a file-restore.

    14. NOTE

    Updates to the Account Definition item should be made by the system administrator only when no one else is logged on to the system.

The following example shows an Account Definition item:

STAFF

001 D

002 6572

003 7

004

005 CD]CE

006 D]F]G

007 F6600F09

008 SYS1

009 QU

010 10

This item for the account named STAFF specifies an encrypted password, file retrieval and update codes, SYS1 privileges, and two account options: the use of quotes is optional (Q), and the Accounting History file records the time of logon (U).

Account Synonym Items

Account synonyms are Q-pointers to Account Definition items that allow individual user-IDs to be set up for the same account. They can be created with the Editor.

Item-ID. An Account Synonym item is a pointer to an Account Definition item. The item-ID is a another name for an account that already exists.

Attributes. Account Synonyms usually have 10 attributes. Only Attributes 1 and 2 differ from those in Account Definition items.

  1. Definition Code. A Q indicates a Synonym Definition item or Q-pointer.

  2. Account. The name of the Account Definition item, which is a D-pointer in the SYSTEM Dictionary.

The remaining attributes are the same as described for the Account Definition item, except that the reallocation parameter (line 13) is ignored. If the Account Synonym does not specify values for these attributes, the retrieval and update codes are the values specified in the Account Definition item, the password is null, and a SYS0 privilege-level is assumed.

The following example shows an Account Synonym item:

JOHN

001 Q

002 STAFF

003

004

005 CD

006 D

007 100CB706

008 SYS1

009 OU

010 10

The user-ID, JOHN, is set up as a Q-pointer to the STAFF account. It establishes a password and SYS1 privileges, and specifies its own file retrieval and update codes.

See Also

Dictionary Items

Verb Definition Items

File Definition Items

Attribute Definition Items