Making a New Usercode

A primary responsibility of the security administrator is to define new usercodes and assign values to the standard usercode attributes.

To assign a value of TRUE to an attribute, you only need to enter the attribute name with the usercode. When a new usercode is defined, any attribute not defined for the usercode automatically has a value of FALSE.

When you create a new usercode, do the following:

  • Assign security-sensitive attributes that are appropriate for the usercode.

  • Assign a password to the usercode. Set the FORCEPWCHANGE attribute if you want the user to change their password on first use.

  • Assign any other necessary usercode attributes. Refer to Usercode Attributes for a list of available attributes.

Usercode Attributes Table

Usercode Attributes lists all the attributes that can be assigned to a usercode. Note that attributes described as security-sensitive should be assigned to a restricted number of users.

Table 39. Usercode Attributes

Usercode Attribute

Frequently Used?

Security-Sensitive?

ACCESSCODELIST = <accesscode spec>

No

Yes

ACCESSCODENEEDED

No

Yes

ACCESSPWAGING

No

Yes

ACDEFLOGONLIMIT

No

Yes

ACDEFVIOLLIMIT

No

Yes

ACLOGONINFO

No

Yes

ACLOGONNAME

No

Yes

ACLOGONVIOLCOUNT

No

Yes

ACLOGONVIOLLIMIT

No

Yes

ACPWCHGONUSE

No

Yes

ACPWAGING

No

Yes

ACPWDAYSACTIVE

No

Yes

ACPWDAYSWARN

No

Yes

ACPWDEFDAYSACTIVE

No

Yes

ACPWDEFDAYSWARN

No

Yes

ACPWENFORCEEXP

No

Yes

ACPWNAME

No

Yes

ACSAVELOGONVIOL

No

Yes

ACSAVEVIOLCOUNT

No

Yes

ACSUSPENDED

No

Yes

ACSUSPENDEDCODE

No

Yes

ACSUSPENDTIME

No

Yes

ACVIOLCOUNT

No

Yes

ACVIOLDATE

No

Yes

ACVIOLINFO

No

Yes

ACVIOLLIMIT

No

Yes

ACVIOLNAME

No

Yes

ANYOTHERCLASSOK

No

No

CANDEAUTORECOVER

No

No

CANDECONTCHAR = <continuation character>

No

No

CANDECONTROL

No

No

CANDEDESTNAME = <file name>

No

No

CANDEGETMSG

Yes

No

CANDEQWAIT

No

No

CHANGE

Yes

Yes

CHANGESEC

Yes

Yes

CHARGECODE = <chargecode list>

Yes

No

CHARGEREQ

Yes

No

CLASS = <integer>

No

No

CLASSLIST = <integer>

No

No

COMSCONTROL

No

Yes

COMSONLYLOGON

No

Yes

CONVENTION = <identifier>

No

No

CREATEFILE

Yes

Yes

CREATETIME

No

No

DATAPATH

Yes

No

DAYSACTIVE = <integer>

No

No

DAYSWARNING = <integer>

No

No

DEPTASKACCOUNTING = <accounting spec>

No

No

EMAIL = <text>

Yes

No

ENFORCEEXPIREDPW

No

No

ENFORCEVALIDRANGE

No

No

EXECUTE

Yes

Yes

EXECUTEPATH

Yes

No

FAMILY <identifier> = <family spec>

Yes

No

FAMILYLIST = <group>

No

No

FILEACCOUNTING = <accounting spec>

No

No

FILEGROUP

No

Yes

FORCEPWCHANGE

No

Yes

GETSTATUS

Yes

Yes

GROUPCODE = <name>

No

Yes

GSDIRECTORY

No

Yes

HOMEMENU = <home menu identifier>

No

No

IDC

Yes

Yes

IDENTITY = <text>

Yes

No

KRBPRINCIPALID = <long name>

No

No

LANGUAGE = <identifier>

No

No

LOCALCOPY

Yes

Yes

LOGINSTALL

No

Yes

LOGONVIOLLIMIT

No

Yes

LOGONVIOLCOUNT

No

Yes

LOGOTHERS

Yes

Yes

LOGSELECT

Yes

Yes

MAXOLDPW = <integer>

No

No

MAXPW = <integer>

Yes

No

MENUFILENAME = <file title>

No

No

MFAPROTOCOL

No

Yes

MFAREQUIRED

No

Yes

MFAUSERNAME

No

Yes

MHSACCESS

No

No

MHSNETADMIN

No

Yes

MHSUSERADMIN

No

Yes

MINPW = <integer>

Yes

No

MINPWLEN = <integer>

No

No

MINPWLIFE = <integer>

No

No

NODEFAULTUSE

No

No

NOSTATIONXFER

No

No

NXEDITCOMPILE

No

No

ONETIMEUSER

No

No

OTHERFAMILYINTLIMIT = <real>

No

No

OTHERFAMILYLIMIT = <real>

No

No

PASSWORD = <name>

Yes

No

PASSWORDAGING

No

No

POSIXINITDIR = "<pathname>"

No

Yes

POSIXINITPROGRAM = "<pathname>"

No

Yes

PRINTDEFAULTS = "<printdefaults spec>"

No

No

PRIORITY = <integer>

No

No

PU

Yes

Yes

READ

Yes

Yes

REMOVE

Yes

Yes

SAVELASTAUTHEN

No

No

SAVELASTLOGON

No

No

SAVELOGONVIOL

No

Yes

SAVEMEMORYLIMIT

No

No

SAVEVALIDATEDATE

No

No

SAVEVIOLCOUNT

No

No

SECADMIN

No

Yes

SECURITYMSGUSER

No

Yes

SETSTATUS

Yes

Yes

SHOWFILES

Yes

No

SNMPSECLEVEL

No

No

SNMPAUTHPROTOCOL

No

No

SNMPAUTHKEY

No

Yes

SNMPPRIVPROTOCOL

No

No

SNMPPRIVKEY

No

Yes

SNMPACCTRL

No

No

SSHSERVICES

No

Yes

SUPPLEMENTARYGRPS = <name list>

No

Yes

SUSPENDED

No

No

SUSPENDEDCODE = <integer>

No

No

SUSPENDTIME

No

Yes

SYSADMIN

Yes

Yes

SYSTEMUSER

Yes

Yes

SYSTEMMODIFYTIME

No

No

TEMPFILELIMIT = <real>

No

No

UID = <integer>

No

Yes

UNWRAPRESTRICT

No

Yes

USEDEFAULTCHARGE

Yes

No

USERCLASS = <integer>

No

No

USERDATA

Yes

Yes

USERMODIFYTIME

No

No

VALIDFROM = <date>

No

No

VALIDTIMES = <time list>

No

No

VALIDTO = <date>

No

No

VIOLATIONLIMIT = <integer>

No

No

WRITE

Yes

Yes

Prev  Up  Next
Defining a User with Standard Usercode Attributes  Home  Standard Usercode Attributes