USERCODE, ACCESSCODE, CHARGE, and GROUPCODE are closely related task attributes that help to specify the identity and privileges of a process.

The USERCODE task attribute stores a value that is intended to identify the user who initiated the process. In actual practice, more than one user of the system can use the same usercode, but only if all the users agree to do so. This is because you must know the password associated with a usercode to use the usercode, and only the owner of the usercode can tell you the password.

Usercodes are created by the security administrator for the system, usually by using the MAKEUSER utility. The security administrator can associate a variety of usercode attributes with each usercode. Some of these usercode attributes confer various types of special security privileges, as described under Process Security Classes later in this section.

Other usercode attributes interact with the values of various task attributes. Some of these usercode attributes provide default values for the corresponding task attributes. Other usercode attributes define a range of permitted values for a task attribute, or specify whether the task attribute must have a value. The following are these usercode attributes and the task attributes that are related to them:

The values supplied by usercode attributes are propagated to their corresponding task attributes in the following ways:

For details about the effects of usercode attributes on task attributes, refer to the task attribute descriptions in this guide.

The ACCESSCODE task attribute serves as a form of secondary identification, in addition to the usercode. This identification is relevant only when a process attempts to use a file that is guarded by a guard file; refer to Nonprivileged Status later in this section for further details.

The CHARGE task attribute serves as a form of group identification for billing purposes. Thus, all the people working in a particular department might have usercodes with the same CHARGECODE usercode attribute. The system records the CHARGE attribute of each process in the system log. This makes it possible for site personnel to write billing programs that analyze the system usage on a charge code by charge code basis. For further information about billing programs, refer to the System Administration Guide.

The GROUPCODE and SUPPLEMENTARYGRPS task attributes provide another form of group identification. The GROUPCODE attribute identifies the primary group to which a process belongs, and the SUPPLEMENTARYGRPS attribute identifies one or more secondary groups. The group identification can affect the ability of a process to access files that have the GROUP file attribute set. For further information about group usage, refer to the POSIX User's Guide.

You can override the propagation of most usercode attributes to task attributes by explicitly assigning task attributes to the process in question. However, the system enforces some consistency checks to ensure that the USERCODE, ACCESSCODE, and CHARGE attribute values are consistent with each other. For details about these consistency checks, refer to the descriptions of these attributes.

A process can change its own usercode while it is running by making an assignment to the USERCODE attribute. Such an assignment must specify the password as well as the usercode. The system verifies the correctness of the usercode and password before making the usercode assignment.