You can assign any of the following attributes to a usercode.

ACCESSCODELIST

Contains accesscodes and corresponding passwords for this user.

The accesscodes are used to

The accesscodes are treated in the same way as the passwords associated with usercodes are treated. A user is permitted to log on under an accesscode only if the accesscode is designated for the usercode in the USERDATAFILE. An accesscode that has a corresponding accesscode password can have accesscode password aging functionality.

Assign an accesscode by entering

ACCESSCODELIST = <accesscode>

Assign an accesscode and a corresponding accesscode password (apassword) by entering

ACCESSCODELIST = <accesscode>/<apassword>

A slash (/) separates the accesscode and the accesscode password. To assign multiple accesscodes, enter a string of accesscodes, separated by commas (,). Include any accesscode passwords you want to define. For example,

ACCESSCODELIST = <accesscode>,<accesscode>/<apassword>,<accesscode>

ACCESSCODENEEDED

Determines whether an accesscode is required when the user logs on.

If ACCESSCODENEEDED is TRUE, the user is required to supply an accesscode when logging on.

ACCESSPWAGING

A node of type GROUP that contains accesscode password aging information for all accesscodes in the ACCESSCODELIST.

The fixed items in the ACCESSPWAGING group are

ACDEFVIOLLIMIT

The default value to be set for the ACVIOLLIMIT item when a new accesscode is added to the list of accesscodes that have caused a security violation.

ACLOGONINFO

A node of type GROUP that contains the accesscode logon violation information for accesscodes in the ACCESSCODELIST.

The fixed items in the ACLOGONINFO group are:

ACLOGONVIOLLIMIT of the ACLOGONINFO Group

Specifies the limit of successive logon violations for an accesscode. If the limit is exceeded, the accesscode is suspended. The value is set from the ACDEFVIOLLIMIT attribute when the group entry is created and cleared after a successful logon.

ACPWAGING

Determines whether accesscode password aging is in effect for this usercode.

If the value of ACPWAGING is TRUE, passwords associated with accesscodes for this usercode have a limited usable lifetime, which is specified in days by the value of the ACPWDAYSACTIVE attribute.

ACPWCHGONUSE of the ACCESSPWAGING Group

Forces the user to change the password the next time the accesscode is used for logon. When ACPWCHGONUSE is set, the accesscode password must be changed using MARC before the accesscode can be used. This behaves the same way as an expired accesscode password. ACPWAGING does not need to be set. ACPWCHGONUSE is set to FASLE when the accesscode password is changed.

ACPWDEFDAYSACTIVE

Specifies the default value for the ACPWDAYSACTIVE attribute. This value is used when creating a new group entry for an accesscode.

ACPWDEFDAYSWARN

Specifies the default value for the ACPWDAYSWARN attribute. This value is used when creating a new group entry for an accesscode.

ACPWDAYSACTIVE of the ACCESSPWAGING Group

Specifies the number of days before the user is prevented from using the associated accesscode; that is, the number of days before the password expires. If a value is not specified for the ACPWDAYSACTIVE attribute, the password never expires.

The ACPWAGING attribute must be set for this attribute to have any effect. The value cannot exceed 255 days.

ACPWDAYSWARN of the ACCESSPWAGING Group

Specifies the number of days before accesscode password expiration that the user will receive an expiration warning.

The value of ACPWDAYSACTIVE must be greater than zero and the ACPWAGING attribute must be set for this attribute to have any effect. The value should be less than or equal to the value of ACPWDAYSACTIVE.

ACPWENFORCEEXP of the ACCESSPWAGING Group

This attribute controls the action when the associated accesscode password expires. If the attribute is set, the password associated with the accesscode can only be changed by running MAKEUSER; a new password cannot be assigned through MARC. If the attribute is not set, the password can be changed through MARC.

ACPWNAME of the ACCESSPWAGING Group

The accesscode to which the group attributes apply. This name is the key of the group, and is used to locate the appropriate entry.

ACSAVELOGONVIOL

Determines whether logon violation counts are to be maintained for accesscodes associated with this usercode.

If ACSAVELOGONVIOL is TRUE, the total number of successive logon violations is maintained in ACLOGONVIOCOUNT. The count is cleared after a successful logon.

ACSAVEVIOLCOUNT

Determines whether security violation counts are to be maintained for accesscodes belonging to this usercode.

ACVIOLINFO

A node of type GROUP that contains the accesscode security violation information for accesscodes in the ACCESSCODELIST.

The fixed items in the ACVIOLINFO group are

ACVIOLLIMIT of the ACVIOLINFO Group

Specifies the daily limit of security violation for an accesscode. If the limit is exceeded, the accesscode is suspended. A value of 0 represents no limit.

ANYOTHERCLASSOK

Controls the meaning of CLASSLIST, if CLASSLIST values are assigned for this usercode.

CANDEAUTORECOVER

Specifies the default value for the CANDE AUTORECOVER option.

The value of the CANDE configuration command RECOVERSESSION must be either ALL or REQUESTED for automatic session recovery to be enabled, regardless of the value of the AUTORECOVER option.

CANDECONTCHAR

Specifies the default setting for the CANDE continuation character.

To remove the CANDECONTCHAR attribute, enter –CANDE.

CANDECONTROL

Designates the user as having access to CANDE network control commands.

When a user designated as CANDECONTROL logs on at a terminal, that terminal becomes a CANDE control station for the time the user is logged on.

If a usercode is not marked CANDECONTROL, the user still has access to CANDE control commands if the station where he or she is logged on is a CANDE control station.

A CANDECONTROL user has access to commands that configure and interrogate the configuration of the CANDE data comm network. Because of the power of some CANDE control commands, grant CANDECONTROL status to only highly trusted individuals.

Refer to Controlling System Access for detailed information about CANDE control stations.

CANDEDESTNAME

Specifies the default value for the DESTNAME task attribute for a CANDE session running under the usercode.

CANDEGETMSG

Specifies the default setting for the CANDE option MSG.

Enter

The setting of the CANDE MSG option controls the automatic display of job-related and task-related messages at the user terminal during a CANDE session.

CANDEQWAIT

Specifies the default setting of the CANDE QWAIT option.

If QWAIT is TRUE and an error occurs, the state of the user CANDE queued input is set to waiting; otherwise, it is set to pending.

CHANGE

Determines whether a user has the capabilities associated with the CHANGE attribute. If CHANGE is TRUE, the user can change the titles, including file ownership, of disk files that belong to other users.

The Secure Identification Facility is required to enable this granulated privilege.

CHANGESEC

Determines whether a user has the capabilities associated with the CHANGESEC attribute. If CHANGESEC is TRUE, the user can modify the security file attributes for files that belong to other users.

The Secure Identification Facility is required to enable this granulated privilege.

CHARGECODE

Contains the list of chargecode values that this user can be required to use if CHARGEREQ is TRUE.

The first chargecode in this list is the user default chargecode if USEDEFAULTCHARGE is TRUE. A chargecode list should be provided if the value of either CHARGEREQ or USEDEFAULTCHARGE is TRUE.

CHARGEREQ

Determines whether a chargecode is required when a user logs on.

A valid chargecode is any chargecode in the CHARGECODE list for the user. A user can use the CANDE CHARGE command to change the chargecode associated with his or her usercode.

Refer to

CLASS

Specifies the default queue for jobs initiated under this usercode.

The value of CLASS must be from 0 through 1023, inclusive.

CLASSLIST

Contains various class values that this user either can or cannot use depending on whether ANYOTHERCLASSOK is TRUE or FALSE.

A value of zero in the CLASSLIST represents a CLASS of zero. If the CLASSLIST is absent or empty, the user can use any class value regardless of the value of ANYOTHERCLASSOK. The user can use the class value specified by the CLASS attribute whether or not it is included in CLASSLIST.

COMSCONTROL

Controls the ability to use the COMS Utility window.

If the system security option LIMITCOMSUTIL is

See “Transaction Server Command Access (Control-Capable)” in Access Rights Designated in the COMS Utility for more information.

On systems intended to run at a high level of security, LIMITCOMSUTIL must be set and COMSCONTROL must be TRUE only for trusted individuals who require access to the COMS Utility window.

Even when COMSCONTROL is designated for a usercode, the COMS Utility window must be included in the window list for the usercode in Transaction Server for that usercode to have access to the COMS Utility window.

COMSONLYLOGON

Determines whether the user is permitted to log on from an MCS other than Transaction Server.

If COMSONLYLOGON is TRUE, the user is not permitted to log on from an MCS other than Transaction Server.

The MCS is responsible for enforcing this attribute.

All MCSs specified in the released DATACOMINFO file that have defined terminal interfaces support COMSONLYLOGON, except for SYSTEM/DIAGNOSTICMCS and SYSTEM/ASSISTANT.

CONVENTION

Determines the date, time, and currency conventions of a user if the convention is different from the default convention of the system.

MAKEUSER does not validate this attribute.

CREATEDBYSYSTEM of the FAMILYLIST Group

Enabled by the disk resource control (DRC) system when a family list entry is created by the DRC system.

CREATEFILE

Determines whether a user has the capabilities associated with the CREATEFILE attribute. If CREATEFILE is TRUE, the user can create files under another usercode without replacing any existing files.

This capability does not apply to files created using the Library Maintenance copy operation.

The Secure Identification Facility is required to enable this granulated privilege.

DATAPATH

Specifies the default data path for this user.

DAYSACTIVE

Specifies the number of days a password is to remain active before it expires.

If no value is specified for DAYSACTIVE, or a value of 0 is specified, the password never expires.

If a value is specified for DAYSACTIVE,

The value of DAYSACTIVE

For a simplified method of assigning values to all the attributes associated with password aging, refer to the System Software Utilities Operations Reference Manual.

DAYSWARNING

Specifies the number of days before password expiration that a warning message is first issued to the user.

To be effective, the value of

DEPTASKACCOUNTING

Associates the usercode with one of the following levels of dependent task resource usage accounting.

On a system with the security option ANONACCOUNTING set to the value NOTOK,

EMAIL

Contains an email address that could be used by a mail program to send email for this user. The attribute is a text-value attribute and no validation is performed to ensure that it contains a valid email address.

ENFORCEEXPIREDPW

Setting ENFORCEEXPIREDPW

ENFORCEVALIDRANGE

Determines whether the valid date and time ranges for the usercode are enforced.

EXECUTE

Determines whether a user has the capabilities associated with the EXECUTE attribute. If EXECUTE is TRUE, the user can run code files that belong to other users regardless of the security attributes associated with the files.

The Secure Identification Facility is required to enable this granulated privilege.

EXECUTEPATH

Specifies the default execute path for this user.

FAMILY

Specifies the default family substitution for this user.

FAMILYINTEGRAL of the FAMILYLIST Group

Contains a real number that reflects the user current permanent files on the family.

The value of FAMILYINTEGRAL is maintained by the master control program (MCP) and is measured in disk megabyte days. A disk megabyte day is the number of megabytes of storage in use (that is, the value of FAMILYINUSE) multiplied by the number of days the storage is in use.

If FAMILYINUSE is positive, FAMILYINTEGRAL increases each day. FAMILYINTEGRAL never decreases unless explicitly altered. FAMILYTIMESTAMP is updated when FAMILYINTEGRAL is updated.

FAMILYINTLIMIT of the FAMILYLIST Group

Contains the user disk integral limit for the family.

The integral limit is measured in disk megabyte days. A negative value is treated as unlimited.

FAMILYINUSE of the FAMILYLIST Group

Contains the current number of megabytes of disk storage assigned to permanent files owned by the user on the family.

The MCP maintains this value as a real number.

FAMILYLIMIT of the FAMILYLIST Group

Defines the maximum number of disk megabytes that the user is permitted to have assigned to permanent files on the family at any one time.

A negative value is treated as unlimited.

FAMILYLIST

A node of type GROUP that contains

The fixed items in FAMILYLIST are as follows:

The LOGGER utility provides a number of capabilities for reporting on DRC limit items and in-use items. The utility can also maintain limit items.

FAMILYNAME of the FAMILYLIST Group

Specifies the name of the family.

This name is the entry key, and must be left-justified and zero-filled.

FAMILYNAMESIZE of the FAMILYLIST Group

A field that contains the size of the family name in characters, not including the FAMILYNAMESIZE field itself.

The field is maintained by the DRC system and is not directly accessible by means of USERDATA intrinsics.

FAMILYTIMESTAMP of the FAMILYLIST Group

Contains the date and time, in TIME(6) format, of the last update to the value of FAMILYINTEGRAL.

If FAMILYTIMESTAMP is updated, FAMILYINTEGRAL must also be updated.

FILEACCOUNTING

Associates the usercode with one of the following levels of accounting for file resource usage.

FILEGROUP

Specifies the default group value assigned to files created by the user.

FORCEPWCHANGE

Forces the user to change the password the next time the usercode is used for logon. When FORCEPWCHANGE is set, the password must be changed using MARC before the usercode can be used. This behaves the same way as an expired password. PASSWORDAGING does not need to be set. FORCEPWCHANGE is set to FALSE when the password is changed. The MINPWLIFE value is ignored when the password is changed.

GETSTATUS

Determines whether a user has the capabilities associated with the GETSTATUS privilege. If GETSTATUS is set, a user can use the GETSTATUS intrinsic to retrieve information about jobs, tasks, the status of peripherals, the status of the operating system and mainframe configuration. However, such a user cannot use GETSTATUS directory and volume requests where privileged-user status is required.

The Secure Identification Facility is required to enable this granulated privilege.

GROUPCODE

Names the primary group specification for the user.

A group identifies a set of users. Group codes control access rights for files, signals and semaphores.

GSDIRECTORY

This privilege provides users with the capability to see other users private directories and filenames. Users also have access to restricted GETSTATUS directory and volume requests that normally require privileged-user status.

The Secure Identification Facility is required to enable this granulated privilege.

HOMEMENU

Determines the MARC “home” menu for the usercode if it is different from the home menu designated for the specified MENUFILENAME or the default menu file for the system.

IDC

Determines whether a user has the capabilities associated with the IDC attribute. If IDC is set, a user can update the current datacominfo file through DATACOMSUPPORT entrypoints, which are used by the SYSTEM/IDC utility.

The Secure Identification Facility is required to enable this granulated privilege.

IDENTITY

Specifies a string of text that further identifies the usercode and can include

KRBPRINCIPALID

Specifies the user Kerberos principal identity.

When first established by the security administrator, this usercode attribute enables the user to register with the Kerberos authentication server on the network, unless the security administrator has already registered the principal ID.

If the administrator has already registered the principal ID, the administrator must provide this identity and the chosen Kerberos password to the user (the user may then choose to change this password). If the administrator has not done so, the user is allowed to provide his own password during the Kerberos registration phase.

The KRBPRINCIPALID attribute has no other purpose or usage. Creation of this attribute does not create a mapping from a Kerberos principal to a usercode. Refer to “Establishing a Mapping from a Kerberos Identity to a Usercode” in Identifying Kerberos Users for more information.

LANGUAGE

Determines the language for the usercode when the language is different from the system default language.

Language names cannot begin with a number.

LOCALCOPY

Determines whether a user has the capabilities associated with the LOCALCOPY attribute. If LOCALCOPY is TRUE, the user can copy files and directories that belong to another user on a local host by using Library Maintenance.

This privilege

LOGINSTALL

Determines whether a usercode has the capabilities associated with the LOGINSTALL attribute. If LOGINSTALL is TRUE, the usercode is able to create log installation records using MCSLOGGER.

The Secure Identification Facility is required to enable this granulated privilege.

LOGONVIOLLIMIT

Specifies the maximum number of successive logon violations. If LOGONVIOLLIMIT is exceeded, the usercode is suspended.

If LOGONVIOLLIMIT is 0, the usercode is not suspended. SAVELOGONVIOL must be TRUE for the usercode to be suspended. If the value of the security option SUSPENDDELAY is greater than 0, the usercode is automatically reactivated after the specified number of minutes.

The value of LOGONVIOLLIMIT can range from 1 to 255. To enhance security, a value between 3 and 5 is recommended.

LOGOTHERS

Determines whether the usercode has the capabilities associated with the LOGOTHERS attribute. If LOGOTHERS is TRUE, the usercode can create log records normally associated with privileged user status. Refer to the System Log Programming Reference Manual for an explanation of the major types.

The Secure Identification Facility is required to enable this granulated privilege.

LOGSELECT

Permits selective auditing of processes running under this usercode.

The integer entered with LOGSELECT indicates the kind of action to be logged for the usercode.

Logged actions can include all actions that

LOGSELECT applies to actions that are logged for a usercode. An integer value from 0 to 15, inclusive, can be assigned to LOGSELECT. LOGSELECT Values 0–7 and LOGSELECT Values 8–15 list the actions logged for the values of LOGSELECT as follows.

You can also calculate the value for LOGSELECT as follows.

Add together the values of the actions you want logged and assign the sum to LOGSELECT. For example, to log failed actions and security violations for a usercode, add 2 (failed actions) and 8 (security violations) and assign the sum, 10, to LOGSELECT.

Two factors control the events logged for a usercode:

The events designated by the value of LOGSELECT are logged in addition to those events designated with the LOGGING system command, which are logged for all users and activities.

LOGSELECT enables you to save system resources by designating logging of activities for specific users you want to audit because of

This approach is more efficient than logging the same information for all users. For more information about the LOGGING system command, refer to Accountability.

MAXOLDPW

Specifies the maximum number of recently used passwords to be maintained for the user. The system will maintain up to a maximum of 15 used passwords for each user.

MAXOLDPW is effective only when the system does not generate passwords—that is, when the value of PASSWORDMGMT is MINIMAL—and password aging is active.

MENUFILENAME

Determines the default MARC menu file name, if the menu file name is different from the default for the system.

The named menu file must be located on the same disk family as the MARC code file.

MFAPROTOCOL

Contains the protocol used for multi-factor authentication. Valid protocols are EMAIL, DUOPUSH, DUOPHONE, and DUOPULL.

MFAPROTOCOL is ignored unless MFAREQUIRED is set and the MFA security option is enabled.

MFAREQUIRED

Determines if a second authentication factor is required when a user logs on.

If MFAREQUIRED is TRUE and the MFA security option is enabled, a second authentication factor is requested using the protocol specified in the MFAPROTOCOL attribute.

MFAUSERNAME

Specifies a string of text that identifies the usercode.

If the MFAUSERNAME is not set, the MCP usercode of the authenticating user is used to authenticate the user in the Duo Portal.

MHSACCESS

Determines whether an ACCESSCODE is used to differentiate mail user files stored under the appropriate usercode directory.

MHSNETADMIN

Determines the mail network administrator for the X.400 mail system.

MHSUSERADMIN

Determines the mail user administrator for the X.400 mail system.

MINPW and MAXPW

Specify the minimum and maximum numbers of passwords for this user.

If a given usercode has more than one password,

MAXPW equals zero by default.

If MAXPW equals zero,

If MAXPW is greater than zero and no password currently exists, a user can

The password specified at that time becomes the user password.

This method of defining a password is not permitted

An alternative method for defining the first password, or to change, add, or delete passwords, is to run MAKEUSER with the appropriate options.

If MAXPW is greater than zero and a password or passwords currently exist, a user can change, add, or delete passwords—within the limits set by MINPW and MAXPW—by using the CANDE command PASSWORD.

Creation of a usercode without a password is not advisable. A user might inadvertently enter a string that would become his or her password, and not know what this new password is. Further, a security risk exists because the first user who logs on under the usercode can define the password, regardless of whether he or she is the intended user of the usercode.

MINPW can have a value of either zero (0) or one (1).

If MINPW is greater than zero and the number of defined passwords is equal to or greater than the value of MINPW, an attempt to remove passwords so that the number of passwords is less than the value of MINPW results in an error.

When you assign MINPW or MAXPW a value greater than zero, MAKEUSER does not require that you enter a password during the MAKEUSER session. The user can define the password at the time he or she logs on.

If you intend a usercode to have an associated password—that is, MAXPW or MINPW or both are greater than zero—it is strongly recommended for security reasons that you assign the password during the MAKEUSER session.

The one exception to this recommendation is when password generation is in effect. In this situation, you can enter an asterisk (*), and the system immediately generates and displays the password, and enters it into the USERDATAFILE.

MINPWLEN

Specifies the minimum number of characters required in a password.

MINPWLEN is valid only

The longer the password, the greater security it provides. However, long and unpronounceable passwords can be difficult to remember.

If MINPWLEN is not specified, the password length can be as short as 1 character.

MINPWLEN can have a value from 1 to 15. To enhance security, a value of 9 is recommended.

MINPWLIFE

Specifies the minimum number of days between password changes.

MINPWLIFE is effective only if the following conditions are both true:

If MINPWLIFE is not specified, passwords can be changed as frequently as needed. The values for MINPWLIFE can be from 1 to 15.

If the FORCEPWCHANGE attribute is set, the MINPWLIFE value is ignored when the password is changed.

NODEFAULTUSE

Specifies whether the usercode can be used without authentication.

An application that wants to use an unauthenticated usercode must check this attribute before using the usercode.

If the usercode is assigned as the default usercode to a station or a program (defined by the COMS Utility), session establishment or program initiation fails if the usercode has NODEFAULTUSE set. Similarly, in System Assistant, if the usercode specified in a USING clause of a RUN or START statement has NODEFAULTUSE set, the RUN or START statement fails.

NOSTATIONXFER

Determines whether a user is allowed to transfer control from CANDE to an MCS on a remote host. If NOSTATIONXFER is set to TRUE, the user is not allowed to use the CANDE CONNECT command to transfer control to an MCS on a remote host.

The MCS is responsible for enforcing this attribute, and so it may not be supported by an MCS other than CANDE. Transaction Server will not enforce the attribute.

NXEDITCOMPILE

Determines whether the user is allowed to initiate program compilations directly from Programmer's Workbench. If the Programmer's Workbench option COMPILES is set to USERDATA, only users with the NXEDITCOMPILE attribute set can initiate compiles directly from Programmer's Workbench.

ONETIMEUSER

Determines whether the user can log on to MARC only once.

If ONETIMEUSER is TRUE,

Logging on and logging off through CANDE or through batch processes has no effect on the status of a ONETIMEUSER usercode.

A ONETIMEUSER can log on to more than one terminal and the usercode remains valid until the users logs off from MARC at any of the terminals.

When the user logs off any of the terminals, the usercode immediately becomes invalid. Any actions involving usercode checking, such as file access, that the ONETIMEUSER attempts at the other terminals will fail.

If a halt/load occurs during a ONETIMEUSER session, the user can log on again after system functions are reestablished. The usercode is suspended only when MARC log-off occurs.

OTHERFAMILYINTLIMIT

Specifies the default value in disk megabyte days that the DRC system assigns to the FAMILYINTLIMIT when it creates a new entry in the family list.

A negative value is treated as unlimited.

OTHERFAMILYLIMIT

Specifies in disk megabytes the default value that is assigned to the FAMILYLIMIT when the DRC system creates a new entry in the family list.

A negative value is treated as unlimited.

PASSWORD

Limits the use of a usercode to those individuals who know the password.

A usercode can have multiple passwords, any one of which permits access to the system.

When running MAKEUSER to assign a password on a password-generating system,

If the system is not password-generating, this option is not available.

If you have your own password generator and you want to integrate it into a system with either the Secure Access Control Module security-enhancement software or the Password Management Facility security feature package, refer to the Security Software Developers Kit (SDK).

PASSWORDAGING

Determines whether password aging is in effect for this usercode.

If the value of PASSWORDAGING is TRUE,

For a simplified method of assigning values to all the attributes associated with password aging, see the System Software Utilities Operations Reference Manual.

You can also use the MAKEUSER ACCESS statement and specify the AGINGANOMALIES option.

The example program can also implement password aging for privileged users by programmatically giving PASSWORDAGING the value TRUE and assigning values to DATESTAMP, DAYSACTIVE, and DAYSWARNING for their usercodes.

POSIXINITDIR

Specifies default values for the CURRENTDIRECTORY task attribute.

The CURRENTDIRECTORY task attribute specifies the directory to be used as a starting point for relative pathnames when the file SEARCHRULE file attribute has the value POSIX. A task CURRENTDIRECTORY value is set to the task POSIXINITDIR attribute value when the task is started if it is not explicitly set or inherited from the parent task.

POSIXINITPROGRAM

Specifies the name of the POSIX initial program for the user. This value is used by the POSIX getpwuid() and getpwname() functions.

PRINTDEFAULTS

Specifies default values for the PRINTDEFAULTS task attribute.

This usercode attribute enables you to control various aspects of the printing of a user files. The values assigned here can affect the destination of the user print jobs, how many copies are printed, and other printing-related activities.

These values are used by Work Flow Language (WFL) jobs and by MARC and CANDE sessions running under the usercode. When a program is run from a MARC or CANDE session, it inherits these values as the values for the PRINTDEFAULTS task attribute.

If no value is assigned, the value of PRINTDEFAULTS is assumed to be null. The list of values is enclosed in quotation marks (").

For example:

PRINTDEFAULTS = "PRINTCOPIES=2,AFTER="""16:00""","
   "DESTINATION="""LP5""",SAVEPRINTFILE=FALSE"

This example specifies that

Quotation marks in the string must appear as triple quotation marks (""") and if the string is broken over more than one line, each line must begin and end with quotation marks.

The user always has the option of assigning different values to the PRINTDEFAULTS task attribute.

The values used by the printing subsystem are the union of the values designated by the

If the usercode attribute and the task attribute assign different values to the same printing specification, the task attribute value overrides the usercode attribute value.

PRIORITY

Specifies the default value for the PRIORITY task attribute.

The system assigns this value to tasks and jobs run under this usercode.

PU

Determines whether a usercode has privileged status associated with it.

If PU is TRUE, the usercode is designated as privileged and can access any file on the system. Privileged users can also use MCP procedures such as GETSTATUS and SETSTATUS.

No security checking is performed for privileged users.

Grant privileged status only to trusted individuals who require unrestricted file access and other rights associated with the status.

READ

Determines whether a user has the capabilities associated with the READ attribute. If READ is TRUE, the user has read access to files belonging to other users regardless of the security attributes for that file.

The Secure Identification Facility is required to enable this granulated privilege.

REMOVE

Determines whether a user has the capabilities associated with the REMOVE attribute. If REMOVE is TRUE, the user can remove files that belong to other users. This capability includes closing and purging files.

The Secure Identification Facility is required to enable this granulated privilege.

SAVELASTAUTHEN

Determines whether the system maintains in the USERDATAFILE the time of the most recent usercode/password validation procedure performed by an agent other than an MCS.

For example, the SAVELASTAUTHEN attribute is used when MYSELF.USERCODE is replaced in a program. If SAVELASTAUTHEN is TRUE, the system updates LASTAUTHENTIME whenever an agent other than an MCS performs a usercode/password validation procedure.

The current value can be displayed by an MCS during the next log-on or upon a user request.

SAVELASTLOGON

Determines whether the system maintains the time and station of the most recent successful validation of the usercode during log on in the USERDATAFILE.

If SAVELASTLOGON is TRUE, the system

The time and station of the last log on can be displayed by an MCS during the next log on or upon request.

SAVELOGONVIOL

Determines whether logon violation counts are to be maintained for this usercode.

If SAVELOGONVIOL is TRUE, the total number of successive logon violations is maintained in LOGONVIOLCOUNT. The count is cleared after a successful logon.

If both the SAVELOGONVIOL and SAVEVIOLCOUNT attributes are set, logon violations are only tallied in the LOGONVIOLCOUNT attribute; other violations are tallied in the VIOLATIONCOUNT attribute.

SAVEMEMORYLIMIT

Specifies the maximum amount of save memory in words that a job or task can use under this usercode.

SAVEVALIDATEDATE

Determines whether the system maintains the date of the most recent successful validation of the usercode in the USERDATAFILE.

If SAVEVALIDATEDATE is TRUE, the system updates VALIDATEDATE whenever the usercode is validated. The attribute is updated regardless of whether the caller has requested password validation or not.

SAVEVIOLCOUNT

Determines whether the total number of security violations caused by the user is automatically maintained in the USERDATAFILE on a daily basis.

If SAVEVIOLCOUNT is TRUE,

If both the SAVELOGONVIOL and SAVEVIOLCOUNT attributes are set, logon violations are only tallied in the LOGONVIOLCOUNT attribute; other violations are tallied in the VIOLATIONCOUNT attribute.

SECADMIN

Determines whether the user is capable of exercising full control over the USERDATAFILE, including creation, deletion, and modification of all usercodes.

If SECADMIN is TRUE

For a list of these security-relevant actions, refer to Security Configuration.

You can assign SECADMIN to as many usercodes as you want.

For the SECADMIN designation to have any effect, the system SECADMIN option must be TRUE. The value of this option is set and interrogated with the ??SECAD system primitive command.

If the system SECADMIN option is FALSE or if no usercode is marked SECADMIN, any privileged usercode or any usercode with the value of TRUE for the USERDATA attribute can create or modify a USERDATAFILE.

If only one usercode has the SECADMIN option set to TRUE and no users have a value of TRUE for the USERDATA attribute, the ability to create or modify a USERDATAFILE is lost if the password associated with that usercode is lost. In this situation, you must cold-start the system to regain the ability to create or modify the USERDATAFILE.

Because of this requirement, it is recommended that

Of these two methods, only the second provides the ability to attribute actions taken under a SECADMIN usercode to a particular individual. Therefore, the second method is preferable to the shared usercode method.

SECURITYMSGUSER

Determines whether a user is allowed to log on to Locum Realtime Monitor and whether a user receives Transaction Server security messages when logged-on at a security station.

For additional information, refer to the Locum RealTime Monitor Help Guide, and the Transaction Server for ClearPath MCP Operations Guide.

SETSTATUS

Determines whether a user has the capabilities associated with the SETSTATUS privilege. If SETSTATUS is set, a user can use the SETSTATUS intrinsic to retrieve information about jobs, tasks, the status of peripherals, the status of the operating system and mainframe configuration. However, such a user cannot use SETSTATUS directory and volume requests where privileged-user status is required.

The Secure Identification Facility is required to enable this granulated privilege.

SHOWFILES

Determines the visibility of nonprivate file names to users who are nonprivileged.

Visibility of file names does not imply that access is permitted to those files. Nonprivileged users are unable to access PUBLIC SECURED files, and GUARDED files can have guard files that deny access.

SNMPSECLEVEL

Determines the security level supported for this user. Valid values are SNMPNANP,SNMPANP, SNMPAP.

For more information on the available SNMP usercode attributes, refer to the SNMP Agent Implementation and Operations Guide.

SNMPAUTHPROTOCOL

Determines the protocol used for communication with authentication. Valid values are HMAC-MD5, HMAC-SHA-1, and HMAC-SHA2-256. You must set SNMPAUTHPROTOCOL before you set SNMPAUTHKEY and SNMPPRIVKEY.

SNMPAUTHKEY

Retains the localized key that is generated from the authentication passphrase provided by the user. MAKEUSER and Security Center convert a user-provided passphrase using the specified authentication protocol and save the key in the SNMPAUTHKEY user attribute. The passphrase that the user provides is not saved. You must set the SNMPAUTHPROTOCOL attribute before setting the SNMPAUTHKEY attribute. MAKEUSER does not update the SNMPAUTHKEY attribute if SNMPAUTHPROTOCOL is modified after this field is set.

SNMPPRIVPROTOCOL

Determines the protocol used for encryption. Valid values are DES-CBC and AES128-CFB.

SNMPPRIVKEY

Retains the localized key generated from privacy passphrase provided by the user. MAKEUSER and Security Center convert a user-provided passphrase using the specified authentication protocol and save the key in the SNMPAUTHKEY user attribute. The passphrase that the user provides is not saved. You must set the SNMPAUTHPROTOCOL attribute before setting the SNMPPRIVKEY attribute. MAKEUSER does not update the SNMPPRIVKEY attribute if SNMPAUTHPROTOCOL is modified after this field is set.

SNMPACCTRL

Determines the access control for the user. Valid values are RO (Read Only) and RW (Read Write).

SSHSERVICES

Contains a list of SSH services allowed for the user.

There are four valid services:

MAKEUSER and USERDATA do not validate the names in the list.

Note that the only command supported for an EXEC request is uname.

SUPPLEMENTARYGRPS

Specifies the list of alternate groups of which the user is a member.

Supplementary groups

Currently, supplementary groups are used to control access rights for files, signals, and semaphores.

A usercode can be assigned more than 16 supplementary groups; however only the first 16 group names are used for the SUPPLEMENTARYGRPS task attribute of any process started by that usercode.

You can change the order of the group names within the list using the standard list operators.

SUSPENDED

Determines whether a usercode is valid.

If SUSPENDED is TRUE, the usercode is not valid and cannot be used to log on to the system.

SUSPENDEDCODE

Indicates why a usercode was suspended with a value of 0 through 100 that is set by the system.

Currently-defined values are as follows.

Individual installations can use other values and assigned meanings.

SYSADMIN

Determines whether a user can successfully enter system commands from a remote terminal. SYSADMIN has the same privileges as SYSTEMUSER plus the ability to restrict use of certain ODT commands through the use of the SYSADMIN COMMAND ODT command.

If SYSADMIN is TRUE

A user who is not privileged does not gain any special file-access privileges by being made a system administrator with SYSADMIN status.

File related system commands executed by a nonprivileged SYSADMIN user act in a fashion consistent with the nonprivileged status of that user.

For example, when a nonprivileged SYSADMIN user enters the PD (Print Directory) system command, the system displays only the names of files under that user's usercode directory and names of public files belonging to other usercodes for which the SHOWFILES attribute is TRUE.

SYSTEMUSER

Determines whether a user can successfully enter system commands from a remote terminal.

If SYSTEMUSER is TRUE,

A user who is not privileged does not gain any special file-access privileges by being made a SYSTEMUSER.

File related system commands executed by a nonprivileged SYSTEMUSER user act in a fashion consistent with the nonprivileged status of that user.

For example, when a nonprivileged SYSTEMUSER enters the PD (Print Directory) system command, the system displays only the names of files under that user usercode directory and of public files belonging to other usercodes for which the SHOWFILES attribute is TRUE.

When a system receives a system command from a remote host, it determines whether the command came from a usercode defined as SYSTEMUSER. A remote user whose usercode is marked with the SYSTEMUSER attribute has the same ODT capabilities as the ODT operator on the local system.

The Secure Identification Facility is required for a SYSTEMUSER to get programmatic access to DCKEYIN, SETSTATUS, and GETSTATUS. The other privileges are available regardless of whether the Secure Identification Facility is licensed.

TEMPFILELIMIT

Contains the maximum number of disk megabytes that are permitted to be allocated at one time to temporary files owned by a job or task of the user.

UID

Specifies the user id number assigned to a given usercode. The valid UID values are within the range 100 through 65535.

In some POSIX applications, the UID can be used to programmatically specify the usercode. When you specify the usercode using the UID, it is important to remember that no usercodes should have the same UID.

UNWRAPRESTRICT

Enables users to specify that hazardous files are not marked restricted during an UNWRAP operation.

USEDEFAULTCHARGE

Determines whether the usercode has a default CHARGECODE.

If the value of USEDEFAULTCHARGE is TRUE, the first CHARGECODE in the user CHARGECODE list is used as the default CHARGECODE. The default CHARGECODE is used unless the user specifies another CHARGECODE.

The USEDEFAULTCHARGE designation is interpreted in conjunction with the CHARGEREQ designation.

USEDEFAULTCHARGE Summary outlines the ways in which the two designations interact.

USERCLASS

USERCLASS is assigned an integer in the range of 0 through 15.

This attribute is provided for use by the installation. Use it for any purpose you choose.

USERDATA

Determines whether a user has the capabilities associated with the USERDATA attribute.

If USERDATA is TRUE, the user can

The Secure Identification Facility is required to enable this granulated privilege.

VALIDFROM, VALIDTO, and VALIDTIMES

Specify the dates and times when the usercode is valid.

Any combination of these attributes enforces some restriction on the validity of the usercode, if the value of ENFORCEVALIDRANGE is TRUE.

If both date and time ranges are defined, the usercode is valid

If only the

The value of VALIDFROM must be before or the same as VALIDTO; otherwise, validation of the usercode fails if ENFORCEVALIDRANGE is set. If both dates are the same, the usercode is valid only for that one day, during the periods specified in VALIDTIMES covering that day of the week.

Many ON or OFF times can be assigned to VALIDTIMES. At least one ON and one OFF time must be assigned. The usercode is valid during the periods defined by consecutive ON and OFF times, as they are found in the chronologically ordered time list. The times need not be entered in order, but they are stored in order.

If neither date nor time ranges are defined when ENFORCEVALIDRANGE is TRUE, no date or time restrictions are placed on the validity of the usercode.

Example

To make a usercode valid on weekdays only between the hours of 8 a.m. and 5:30 p.m., set the VALIDTIMES attribute to the following:

VALIDTIMES=MONDAY - FRIDAY 08:00 ON, MONDAY - FRIDAY 17:30 OFF

VIOLATIONLIMIT

Specifies the maximum number of daily security violations. If VIOLATIONLIMIT is exceeded, the usercode is suspended.

If VIOLATIONLIMIT is 0, the usercode is not suspended. SAVEVIOLCOUNT must be TRUE for the usercode to be suspended.

The value of VIOLATIONLIMIT can be from 1 to 255. To enhance security, a value between 5 and 10 is recommended.

WRITE

Determines whether a user has the capabilities associated with the WRITE attribute. If WRITE is TRUE, the user has write access to files belonging to other users regardless of the security attributes specified for the file.

A usercode with this privilege can modify all nonsecurity related file attributes for files that are not owned.

The Secure Identification Facility is required to enable this granulated privilege.