Adding User Accounts

If both a Table of Contents and Search form are not displayed in separate frames along with this one, you may wish to redisplay this book in a frameset, beginning with the first page.

HP OpenVMS System Manager's Manual, Volume 1:...

Managing User Accounts

Understanding the User Authorization File

Maintaining User Accounts

Adding User Accounts

The following sections explain how to use two different methods for adding user accounts:

The Authorize utility (AUTHORIZE)

A command procedure

Adding a User Account with AUTHORIZE

Once you analyze the purpose of a user account and decide which attributes and resources it requires, you can use the Authorize utility (AUTHORIZE) to create the account.

How to Perform This Task

Give yourself the SYSPRV privilege:
```
$ SET PROCESS/PRIVILEGE=SYSPRV
```

Enter the following commands to set your default device and directory to SYS$SYSTEM and invoke AUTHORIZE:
```
$ SET DEFAULT SYS$SYSTEM
$ RUN AUTHORIZE
UAF> 
```

Use the AUTHORIZE command ADD to specify attributes in the UAF fields as shown in the following example:

UAF> ADD JONES/PASSWORD=LPB57WM/UIC=[014,1] -
_UAF> /DEVICE=DISK$USER/DIRECTORY=[JONES] -
_UAF> /LGICMD=DISK$USER:[NEWPROD]GRPLOGIN -
_UAF> /OWNER="ROBERT JONES"/ACCOUNT=DOC

Choosing Qualifiers

This section lists the qualifiers that you can use when setting up an account with AUTHORIZE. Qualifiers Used with AUTHORIZE lists the qualifiers under the account attribute that they affect. See Setting Limits on System Resources for a detailed description of each qualifier. For a complete list of AUTHORIZE qualifiers, see the OpenVMS System Management Utilities Reference Manual .

Table 6 Qualifiers Used with AUTHORIZE
Limits and Quotas¹

/ASTLM
/FILLM
/PRCLM

/BIOLM
/JTQUOTA
/TQELM

/BYTLM
/MAXACCTJOBS
/WSDEFAULT

/CPUTIME
/MAXDETACH
/WSEXTENT

/DIOLM
/MAXJOBS
/WSQUOTA

/ENQLM
/PGFLQUOTA

Priority²

/PRIORITY

Privileges

/DEFPRIVILEGES
/PRIVILEGES

Login Access Controls ³

/ACCESS
/FLAGS⁴
/PRIMEDAYS

/DIALUP
/INTERACTIVE
/REMOTE

/EXPIRATION
/LOCAL

**Table 6** **Qualifiers Used with AUTHORIZE**
Limits and Quotas¹
/ASTLM	/FILLM	/PRCLM
/BIOLM	/JTQUOTA	/TQELM
/BYTLM	/MAXACCTJOBS	/WSDEFAULT
/CPUTIME	/MAXDETACH	/WSEXTENT
/DIOLM	/MAXJOBS	/WSQUOTA
/ENQLM	/PGFLQUOTA
Priority²
/PRIORITY
Privileges
/DEFPRIVILEGES	/PRIVILEGES
Login Access Controls ³
/ACCESS	/FLAGS⁴	/PRIMEDAYS
/DIALUP	/INTERACTIVE	/REMOTE
/EXPIRATION	/LOCAL

Adding a User Account with a Command Procedure

As an alternative to using the Authorize utility, you can use a command procedure to create user accounts. The ADDUSER.COM procedure, which is located in the SYS$EXAMPLES directory, is an example of such a procedure; it supplies prompts and several default values for creating the new account.

You can modify ADDUSER.COM as appropriate for the needs of your system. To run ADDUSER.COM, log in to the SYSTEM account and enter the following command:

$ @SYS$EXAMPLES:ADDUSER.COM

ADDUSER.COM prompts you to enter values in a number of UAF record fields. If you press Return without specifying a value for a field, ADDUSER supplies the following default values:

UAF Field Default Value

User name
No default; must supply

Owner
No default; must supply

Password
User name specified

UIC group number
200

UIC member number
No default; must supply number

Account name
Optional

Privileges
TMPMBX,NETMBX

Login directory
User name specified

Login device
$DISK1

Disk quota
1000

Overdraft quota
100

UAF Field	Default Value
User name	No default; must supply
Owner	No default; must supply
Password	User name specified
UIC group number	200
UIC member number	No default; must supply number
Account name	Optional
Privileges	TMPMBX,NETMBX
Login directory	User name specified
Login device	$DISK1
Disk quota	1000
Overdraft quota	100

The UIC must be unique for the system. For example, each account in the UIC group 200 must have a unique member number. You can list the UICs currently assigned to users by entering a question mark ( ? ) after the UIC member number prompt. The account is not created until you have answered all of the questions in the procedure. The procedure has the following final prompt:

Is everything satisfactory with the account [YES]?

If you press Return, the account is created and remains in SYSUAF.DAT as specified. If you enter NO, the account is removed.

If you press Ctrl/Y before, during, or directly after the system displays the characteristics of the account (that is, before you respond to the "satisfactory?" prompt), the account, or portions of it, will still be added.

Make sure users log in to their accounts promptly to change the password.

Footnotes

1 Default values are adequate in most cases.

2 Default values are usually adequate for accounts not running real-time processes.

3 By default, users are allowed to log in at any hour of any day. To override the setting of a particular day, use the DCL command SET DAY. Use this command if a holiday occurs on a day that would normally be treated as a primary day and you want it treated as a secondary day. See Restricting the Use of Accounts for a discussion of using these fields to restrict login times and functions.

4 Not all FLAGS fit into this category.

( Number takes you back )

Understanding the User Authorization File

Maintaining User Accounts