SSM Option 2 - Define User Profiles

This option allows you to maintain user profiles. User profiles are kept in the USERS system file under the SYSMAN account.

On selecting Option 2 on the SSM screen, the following screen is displayed.

                 U S E R S    F I L E    M A I N T E N A N C E
--------------------------------------------------------------------------------
User ID >
 0 Description          :
 1 Password (Pwd)       :                               13 Status        :
 2 Pwd Expiration Date  :                               14 Type          :
 3 Pwd Validity Period  :                               15 Messages      :
 4 No of prior pwds     :                               16 Language      :
 5 Allowed Paths        :                               17 Remote Systems:
 6 Disallowed Paths     :                               18 Next Logon Pwd:
 7 Default Account Name :                               19 On Pwd expiry :
 8 Default Logon Proc   :                               20 Ret. Locks    :
 9 Logon Retries        :                               21 Update Locks  :
10 Log Failed Attempts  :                               22 Verb file path:
11 PLIDs                :                               23 Environment   :
12 Profile IDs          :                               24 Pwd definition:

Enter user id.
(or 'CR' to exit, '?' for list, 'D' for default or '*' for current)

There are common features of profiles screens that you can use to create, edit and delete profiles.

The following is an example of the screen displayed for the new user-id entry daveh. The values shown are derived from the DEFAULT profile in the USERS file.

                 U S E R S    F I L E    M A I N T E N A N C E
--------------------------------------------------------------------------------
User ID >daveh     *NEW ITEM*
 0 Description          :
 1 Password (Pwd)       :None                           13 Status        :D
 2 Pwd Expiration Date  :None                           14 Type          :I
 3 Pwd Validity Period  :0                              15 Messages      :Yes
 4 No of prior pwds     :0                              16 Language      :0
 5 Allowed Paths        :None                           17 Remote Systems:None
 6 Disallowed Paths     :None                           18 Next Logon Pwd:None
 7 Default Account Name :None                           19 On Pwd expiry :None
 8 Default Logon Proc   :None                           20 Ret. Locks    :None
 9 Logon Retries        :5                              21 Update Locks  :None
10 Log Failed Attempts  :No                             22 Verb file path:No
11 PLIDs                :None                           23 Environment   :No
12 Profile IDs          :None                           24 Pwd definition:No


Enter option# (0-24) to change; EX to exit; FI to file; FD to delete :

Notes:

  • The Remote Systems option is not applicable to a Reality database on a UNIX host. On UNIX, network user-ids and passwords for remote databases are set up in the USERS-FILE using the UNIX-Connect netadmin utility.
  • The default setting of the Status option is D (disabled). This must be changed to E (enabled) before you can log on under a new user-id.

Choosing a user-id

Because a user-id is an item-id, you can make it quite long. However, keep the following points in mind when assigning user-ids:

You should decide the type of user-ids that will be used on your database. Some suggestions are:

If you issue user-ids to groups rather than individuals, you could use ids such as department name, department number, software application name, job function etc.

USERS file maintenance options

Describes the user.

Prompt:

Description of user:

Enter an alphanumeric string of up to 50 characters.

Assigns, changes or removes a user password.

Prompt:

Enter new password:

then a prompt to verify:

Please re-enter new password:

Characters entered at the password prompt are not echoed.

The password must meet the rules of the user password definition specified by the Pwd definition option (or the DEFAULT user password definition, if none is specified).

Users can change their own passwords by using the PASSWORD command.

Note

Passwords are encrypted in the USERS file.

Specifies the date when the current password becomes invalid.

Prompt:

Password expiration date:

Enter a date in the form: dd mmm yy.

When the user is within five days of the current date, a warning message is displayed at logon time. If the password expires the user may be able to renew it (depending on the On Pwd expiry setting).

On changing their password by using the PASSWORD command, the expiration date is reset by adding the validity period to the current date. The default value (0) means the password never expires.

Specifies the number of days the current user password is valid.

Prompt:

Number of days that the current password is valid:

Enter a number in the range 0 to 366.

When the user is within five days of the current date, a warning message is displayed at logon time. If the password expires the user may be able to renew it (depending on the On Pwd expiry setting).

On changing their password by using the PASSWORD command, the expiration date is reset by adding the validity period to the current date. The default value (0) means the password is always valid.

Specifies the number of new passwords required before the user can reuse a password. Each time the user changes their password, the new password is checked against a list of those previously used. If the new password is found in the list, an error message is displayed.

Prompt:

Number of prior passwords that may not be used (0=no limit) :

Enter the required number of previously used passwords.

Specifies the locations from which a user can access the database. Locations are specified using Physical Location Identifiers (PLIds).

Prompt:

Valid PLIDs for access paths (separated by ','; A=Add; D=Delete)

Enter a PLId or PLIds. Multiple PLIds must be separated by commas. If a path already exists, a message is displayed containing the current PLId(s). To add or delete a PLId, enter A or D, as appropriate, and type the PLId.

If there is no network profile with the PLId you have entered, you will be prompted:

'PLID' is not a PLID in the NETWORK file. Accept as is? (Y/N) :

Enter Y or N as required. Allowed locations with no associated network profile use the default profile.

Specifies locations (PLIds) from which a user is denied access to the database.

Prompt:

Invalid PLIDs for access paths (separated by ','; A=Add; D=Delete)

Enter a PLId or PLIds. Multiple PLIds must be separated by commas. If a path already exists, a message is displayed containing the current PLId(s). To add or delete a PLId, enter A or D, as appropriate, and type the PLId.

If there is no network profile with the PLId you have entered, you will be prompted:

'PLID' is not a PLID in the NETWORK file. Accept as is? (Y/N) :

Enter Y or N as required. Allowed locations with no associated network profile use the default profile.

Specifies the name of the account to which the user logs on automatically.

Prompt:

Default account name to logon to :

Enter an account name.

Note

If the account specified does not currently exist, you are asked to confirm the entry before it is accepted. If a default account is specified here, the user is automatically logged-on to it after entering his or her user-id and password, provided that either the user-id has a password (which then overrides any account password) or the account has no password. In any other case the account, and account password, if any, are prompted for.

Specifies the User Logon Program. This runs when the user first logs on to the database and must exist in the initial account onto which the user is logged. It must normally be a Proc, but you can allow any valid TCL command to be used by setting the LOGON.PROGS environment option.

If the User Logon Program is run, the Account Logon Program is normally not executed unless called by the User Logon Program (this behaviour can be changed by setting the ACCOUNT.LOGON environment option).

Prompt:

Default logon Proc to execute :

Enter the item-id of the User Logon Program to be executed.

Specifies the number of unsuccessful logon attempts before a user is locked out of the database. When a user is locked out, the Status field (option 13) is set to F - the user-id must then be re-enabled by the system administrator.

Prompt:

Number of failed logon attempts before being locked out :

Enter a number in the range 0 to 32000. A value of 0 (zero) specifies infinite retries.

Specifies whether to log failed logon attempts for security purposes. If enabled, each failed logon attempt is logged in the file SECURITY.EVENTS in the SYSMAN account.

Prompt:

Log the failed logon attempts ? (Y/N) :

Enter:

Y Log failed logon attempts.

N Do not log failed logon attempts.

Specifies the location or locations (PLIds or partial PLIds) that correspond to security profile-id(s) entered at option 12.

Prompt:

PLIDs for security profiles (separated by ','; A=Add; D=Delete)
:

Enter a PLId or PLIds. Multiple PLIds must be separated by commas. If a security profile already exists, a message is displayed containing the current PLId(s). To add or delete a PLId, enter A or D, as appropriate, and type the PLId.

Specifies security profile-ids. Each id is an item-id in the SECURITY file. Each id corresponds one for one to the PLIds in option 11. However, one more profile-id than the number of PLIds in option 11 can be entered. This extra id (the last one in the list) is assigned to any PLId that does not match the specified PLIds.

Prompt:

Security profiles for PLIDs (separated by ','; A=Add; D=Delete)
:

Enter a profile-id or profile-ids. Multiple ids must be separated by commas. If a security profile-id already exists, a message is displayed containing the current profile-id(s). To add or delete a profile-id, enter A or D, as appropriate, and type the id.

If the profile specified does not currently exist, you are asked to confirm the entry before it is accepted. Note that a user cannot log on if their security profile does not exist, but that if you do not specify a profile-id, the DEFAULT security profile is assigned.

Specifies whether the user is allowed to log on to the database.

Prompt:

User status (E=Enabled; D=Disabled) :

Enter E or D.

Note

The default setting is D (disabled). This must be changed to E (enabled) before you can log on under a new user-id. Also, the software assigns status F automatically when the user's logon is disabled because of too many logon attempts (as specified by the Logon Retries option). The user just sees a message saying that the logon attempt has failed, whatever the reason for failure.

Specifies whether the user can operate in Interactive mode, Server mode, or both.

Prompt:

User type code (I=Interactive mode; S=Server mode; '*'=both) :

Enter:

I Interactive mode. Allows connections for the purpose of terminal input/output only.

S Server mode. Allows connections for inter-process communication only. With S mode defined, a user can be started by a client user (for example, a DataBasic program or ODBC client), but not from a terminal.

* Both interactive and server mode.

Allows you to suppress messages at the current cursor position. To display a message on line 25, see NETWORK File Maintenance (option 11).

Prompt:

Enable receipt of messages ? (Y/N) :

Enter:

Y Display messages at current cursor position.

N Suppress messages at current cursor position.

Specifies the language to be assigned to the user at logon. Languages are defined in the system language table.

Prompt:

Language number to use :

Enter a number in the range 0 to 255. The default (0) is for English.

Allows you to specify remote databases to which the user can connect using remote logon or remote file access.

Note

This option applies only to Reality on Windows hosts. On UNIX, such databases are specified in the USERS-FILE.

Prompt:

System names (A=Add; D=Delete):
A backslash ('\') will null all the fields.

If some remote databases are already defined, a list of current system names and network IDs is appended to the prompt.

To add a remote database:

  1. Enter A.

    You are prompted:

    System name to add:

  2. Enter the name of the required remote database routing entry (this must be created with the netadmin utility).

    You are prompted:

    Enter the corresponding network id :
Enter the corresponding network password :
Please re-enter the new password to verify :

  3. Enter the database user-id to be used by the user to access the remote database.

  4. Enter the associated password for the network user-id.

  5. Enter the same password again.

    The current values of remote database details are updated and you are returned to the USERS FILE MAINTENANCE screen.

Note

If a network password is prefixed with a plus + character it is automatically encrypted (minus the + character) when stored.

To delete a remote database:

  1. Enter D.

    You are prompted:

    System name to delete :

  2. Enter the name of the remote database.

    The current values of remote database details are updated and you are returned to the USERS FILE MAINTENANCE screen.

Specifies whether or not the user must renew (change) their password the next time they logon.

Prompt:

Renew password at next logon? (Y/N):

Enter Y or N.

Specifies what must happen when the user's password expires: either the user is allowed to renew their password, or they are locked out.

Prompt:

Password expiry action Inhibit or Renew? (I/R):
Must be a 'I' or an 'R'.

If Pwd Expiration Date is not set, this is appended to the prompt:

Password expiry action is only valid with an Expiration Date.

Enter R to renew or I to lock out.

Allows you to specify keys to access files protected with retrieval lock codes. If not specified, the account's keys are used to determine file access.

Prompt:

File Retrieval Keys (separated by ','; A=Add; D=Delete)

Enter a key or multiple keys separated by commas. To add a key, enter A then enter the key at the prompt. To delete a key, enter D then enter the key at the prompt.

Allows you to specify keys to update files that are protected with update lock codes. If not specified, the account's keys are used to determine file update.

Prompt:

File Update Keys (separated by ','; A=Add; D=Delete)

As for Option 20.

Assigns an additional file containing commands executable by this user even when not included in account's MD.

Prompt:

Alternate verbs file path:

Enter a file-specifier as defined in the Conventions (if file-specifier is omitted, the MD is used).

Specifies the operating environment to be set at logon for this user. Environments are defined by using SSM Option 4 - Define Environment Settings or the DEFINE-ENVIRONMENT command. If not set, the user uses the default environment.

Prompt:

Required environment:

Enter one of the following:

  • The name of the required environment.
  • \ to clear this option. The user will use the DEFAULT environment.
  • RETURN to continue to use the current environment.

The user can change their operating environment with the SET-ENVIRONMENT TCL command.

Note

The Environment Control option in the user's security profile allows you to specify the action to be taken if the operating environment specified for the user cannot be found or is invalid.

Specifies the user's password definition.

Prompt:

Enter password definition name
:
A backslash ('\') will null the field.
Current value is: definition-id

Enter the item-id of the required user password definition. If no definition is specified the DEFAULT user password definition item is assumed.

To display a help message, enter ? at any prompt. To leave a field unchanged press RETURN. To null a field enter a backslash (\).