Manualshelf

Technical data

ManualsBrandsCompaq ManualsPrinterLA36
201202203204205206207208209210
Managing User Accounts
7.5 Preparing to Add User Accounts
Table 75 (Cont.) Account Types
Account Type Characteristics
Limited Access This account provides controlled login to the system and, in some cases, has only a
subset of user software available. Limited-access accounts ensure that the system
login command procedure (SYLOGIN.COM) and the process login command procedure
(specified by the /LGICMD qualifier in the UAF), as well as any command procedures
they call, are executed. (See the OpenVMS Guide to System Security for information
about writing limited access account command procedures.) The two types of limited
accounts are: restricted and captive.
Restricted Used for network objects like Mail, for network proxy accounts, or for
implementing user authentication systems like smart cards.
Captive Limited by function; that is, only those who perform a particular
function can use it (for example, an inventory system). Anyone whose
job entails inventory control can access your system, but that person
cannot access other subsystems or the base software. You might also
use a captive account to run batch operations during unsupervised
periods or to run applications programs with information you want to
keep private.
7.5.2 Performing Additional Tasks
When adding a user account, you must perform the following steps:
1. Select a user name and password.
2. Select a user identification code (UIC).
3. Decide where the account’s files will reside (which device and directory).
4. Use the System Management utility (SYSMAN) to add a disk quota entry
for this UIC, if disk quotas are in effect. You can do this only after you have
created the users account with the Authorize utility.
5. Create a default directory on the appropriate volume, using the following
DCL command format:
CREATE/DIRECTORY directory-spec/OWNER_UIC=uic
6. Determine the security needs of the account (that is, the level of file
protection, privileges, and access control).
7. Establish any login/logout command procedures.
These tasks are described in detail in the sections that follow. When you have
completed the tasks for preparing to add a user account, you are ready to add the
account by following one of the methods described in Section 7.6.
7.5.2.1 Selecting a User Name and Password
To determine a user name and password, use naming conventions that take into
consideration the nature of the account. For example, some installations use the
name of the person who will use the account.
Captive accounts, on the other hand, often use a name that describes the function
of the account. Thus, an interactive or restricted account for Robert Jones might
have a user name of JONES, while a captive account for an inventory system
might be called INV103289, which gives some indication of the function of the
account but is not easy to guess. Remember to assign unique user names.
Managing User Accounts 713