USER statements document users in the dictionary by relating users to systems and to other users, assigning users the authority to access secured products and entity types and to perform secured operations, and supporting attribute/entity relationships and documentation entries.
The system generation compiler can be used in conjunction with the DDDL compiler to complete user definitions. For additional information, refer to CA IDMS System Generation Guide.
If the SET OPTIONS statement specifies SECURITY FOR IDD IS ON, the user must be assigned the proper authority to issue USER statements.
Syntax
USER statement
►►─┬─ ADD ─────┬─ USEr name is user-id ───────────────────────────────────────►
├─ MODify ──┤
├─ REPlace ─┤
└─ DELete ──┘
►─┬─────────────────────────────────────────────────────────┬────────────────►
└─┬─ PREpared ─┬─ by user-id ──┬────────────────────────┬─┘
└─ REVised ──┘ └─ PASsword is password ─┘
►─┬────────────────────────────────────────┬─────────────────────────────────►
└─ MAPtype ─┬─ is ─┬─┬─ map-type-name ─┬─┘
└─ = ──┘ └─ NULl ──────────┘
►─┬────────────────────────────────┬─────────────────────────────────────────►
└─ FULl name is full-user-name ──┘
┌──────────────────────────────────────────────────────────────────────────
►─▼─┬────────────────────────────────────────────────────────────────────────►─
└─┬─ INClude ◄ ──┬─ OF ─┬─ SYStem ────┬─ system-name ────────────────────
└─ EXClude ────┘ └─ SUBSYstem ─┘
───────────────────────────────────────────────────────────────────┐
─►────────────────────────────────────────────────────────────────┬──┴────────►
─┬───────────────────────────────────┬─┬──────────────────────┬─┘
└─ Version is ─┬─ version-number ─┬─┘ └─ TEXt is user-text ──┘
├─ HIGhest ────────┤
└─ LOWest ─────────┘
┌─────────────────────────────┐
►─▼─┬─────────────────────────┬─┴────────────────────────────────────────────►
└─ SAMe AS USEr user-id ──┘
┌──────────────────────────────────────────────────────────┐
►─▼─┬──────────────────────────────────────────────────────┬─┴───────────────►
└─ COPy ─┬─ ALL COMment TYPes ──┬─ FROm user user-id ──┘
├─ COMments ───────────┤
├─ DEFinition ─────────┤
├─ ATTributes ─────────┤
├─ USERS ──────────────┤
├─┬─ SYStems ────┬─────┤
│ └─ SUBSYstems ─┘ │
├─ WIThin USEr ────────┤
├─ comment-key ────────┤
└─ relational-key ─────┘
►─┬────────────────────────────┬─────────────────────────────────────────────►
└─ NEW NAMe is new-user-id ──┘
►─┬─────────────────────────────────────────┬────────────────────────────────►
└─ user DEScription is description-text ──┘
►─┬──────────────────────────────┬───────────────────────────────────────────►
└─ PASsword is ─┬─┬─ NULl ─┬─┬─┘
│ └─ '' ───┘ │
└─ password ─┘
┌──────────────────────────────────────────────────────────────────────────
►─▼─┬────────────────────────────────────────────────────────────────────────►─
└─┬─ INClude ◄ ─┬─ AUThority ──┬──────────────────────┬──────────────────
└─ EXClude ───┘ └─ for ─┬─ UPDate ◄ ─┬─┘
├─ ADD ──────┤
├─ MODify ───┤
├─ REPlace ──┤
├─ DELete ───┤
└─ DISplay ──┘
────────────────────────────────────────────────────┐
─►──────────────────────────────────────────────────┬─┴───────────────────────►
┌───────────────────────────┐ │
─── is ─┬───┬─▼─┬─ ALL ─────────────────┬─┴─┬───┬─┘
└ ( ┘ ├─ PASsword ────────────┤ └ ) ┘
├─ CULprit ─────────────┤
├─ OLQ ─────────────────┤
├─ ADS ─────────────────┤
├─ LOAd MODUle ─────────┤
├─ CLAss and ATTribute ─┤
├─ CLAss ───────────────┤
├─ ATTribute ───────────┤
├─ DC ──────────────────┤
├─ DEStination ─────────┤
├─ LINe ────────────────┤
├─ LOGical-terminal ────┤
├─ MAP ─────────────────┤
├─ MESsage ─────────────┤
├─┬─ PANels ──┬─────────┤
│ └─ SCReens ─┘ │
├─ PHYsical-terminal ───┤
├─ QUEue ───────────────┤
├─ TASk ────────────────┤
├─ IDD ─────────────────┤
├─ ELEment ─────────────┤
├─ ENTRy point ─────────┤
├─ FILe ────────────────┤
├─ MODUle ──────────────┤
├─ PROCess ─────────────┤
├─ QFIle ───────────────┤
├─ TABle ───────────────┤
├─ PROgram ─────────────┤
├─ RECord ──────────────┤
├─ REPOrt ──────────────┤
├─ TRAnsaction ─────────┤
├─┬─ SYStem ────┬───────┤
│ └─ SUBSYstem ─┘ │
├─ USEr ────────────────┤
├─ IDMs ────────────────┤
├─ SCHema ──────────────┤
└─ SUBSChema ───────────┘
►─┬──────────────────────────────────────────────────────────────────────────►─
└─┬─ INClude ◄ ─┬─ SIGnon PROfile is module-name ──────────────────────────
└─ EXClude ───┘
─►───────────────────────────────────────────────────────────────┬────────────►
─┬───────────────────────────────────┬─ LANguage is language ──┘
└─ Version is ─┬─ version-number ─┬─┘
├─ HIGhest ────────┤
└─ LOWest ─────────┘
►─┬───────────────────────────────────┬──────────────────────────────────────►
└─ IDD SIGnon is ─┬─ ALLowed ◄ ───┬─┘
└─ NOT ALLowed ─┘
┌────────────────────────────────────────────────────────────────────────┐
►─▼─┬────────────────────────────────────────────────────────────────────┬─┴─►
└─┬─ INClude ◄ ─┬─ ACCess to ─┬─ SYStem ────┬─ system-specification ─┘
└─ EXClude ───┘ └─ SUBSYstem ─┘
(expanded system-specification syntax follows this syntax diagram)
►─┬──────────────────────────────────┬───────────────────────────────────────►
└─┬─ INClude ◄ ─┬─ ACCess to ASF ──┘
└─ EXClude ───┘
►─┬──────────────────────────────────┬───────────────────────────────────────►
└─┬─ INClude ◄ ─┬─ ACCess to IDB ──┘
└─ EXClude ───┘
►─┬──────────────────────────────────────────────┬───────────────────────────►
└─ DEFAult for PUBlic access is ─┬─ ALL ◄ ───┬─┘
├─ NONe ────┤
├─ UPDate ──┤
├─ MODify ──┤
├─ REPlace ─┤
├─ DELete ──┤
└─ DISplay ─┘
┌──────────────────────────────────────────────────────────────────────────
►─▼─┬────────────────────────────────────────────────────────────────────────►─
└─┬─ INClude ◄ ─┬─ ACCess to FILe file-name ─────────────────────────────
└─ EXClude ───┘
──────────────────────────────────────────────────────────────────┐
─►────────────────────────────────────────────────────────────────┬─┴─────────►
─┬───────────────────────────────────┬─┬──────────────────────┬─┘
└─ Version is ─┬─ version-number ─┬─┘ └─ TEXt is user-text ──┘
├─ HIGhest ────────┤
└─ LOWest ─────────┘
┌────────────────────────────────────────────────────────────────────┐
►─▼─┬────────────────────────────────────────────────────────────────┬─┴─────►
└─┬─ INClude ◄ ─┬─ ACCess to SUBSChema subschema-specification ──┘
└─ EXClude ───┘
(expanded subschema-specification syntax follows this syntax diagram)
►─┬────────────────────────────────┬─────────────────────────────────────────►
└─ OLQ ACCess is ─┬─ IDMs sql ─┬─┘
└─ OLQ ◄ ────┘
►─┬──────────────────────────────────────────────────────────────────────────►─
└─┬─ INClude ◄ ─┬─ ACCess to QFIle qfile-name ─────────────────────────────
└─ EXClude ───┘
─►───────────────────────────────────────┬────────────────────────────────────►
─┬───────────────────────────────────┬─┘
└─ Version is ─┬─ version-number ─┬─┘
├─ HIGhest ────────┤
└─ LOWest ─────────┘
►─┬──────────────────────────────────────┬───────────────────────────────────►
└─ OLQ MENu-mode is ─┬─ ALLowed ◄ ───┬─┘
├─ NOT ALLowed ─┤
└─ ONLy ────────┘
►─┬──────────────────────────────────┬───────────────────────────────────────►
└─ olq QFIle is ─┬─ ALLowed ◄ ───┬─┘
├─ NOT ALLowed ─┤
└─ ONLy ────────┘
►─┬───────────────────────────────────────┬──────────────────────────────────►
└─ OLQ QFIle SAVe is ─┬─ ALLowed ◄ ───┬─┘
└─ NOT ALLowed ─┘
►─┬────────────────────────────────┬─────────────────────────────────────────►
└─ olq MRR is ─┬─ ALLowed ◄ ───┬─┘
└─ NOT ALLowed ─┘
►─┬─────────────────────────────────────┬────────────────────────────────────►
└─ olq ─┬─ OPTional ◄ ─┬─ interrupt ──┘
└─ MANdatory ──┘
►─┬─────────────────────────────────┬────────────────────────────────────────►
└─ olq SORt is ─┬─ ALLowed ◄ ───┬─┘
└─ NOT ALLowed ─┘
►─┬───────────────────────────────────────────┬──────────────────────────────►
└─ culprit OVErrides are ─┬─ ALLowed ◄ ───┬─┘
└─ NOT ALLowed ─┘
►─┬───────────────────────────────────────────────────────────────────┬──────►
│ ┌───────────────────────────────┐ │
└ olq DEFault OPtions are ─ ( ─▼─┬─── HEAder ◄ ──────────────┬─┴─ ) ┘
├─┬─ ECHo ◄ ──┬─────────────┤
│ └─ NO ECHo ─┘ │
├─┬─ ALL ◄ ─┬───────────────┤
│ └─ NONe ──┘ │
├─┬─ NO FILler ◄ ─┬─────────┤
│ └─ FILler ──────┘ │
├─┬─ INTerrupt ◄ ──┬────────┤
│ └─ NO INTerrupt ─┘ │
├─┬─ WHOle ◄ ─┬─────────────┤
│ └─ PARtial ─┘ │
├─┬─ FULl ◄ ─┬──────────────┤
│ └─ SPArse ─┘ │
├─┬─ NO OLQ HEAder ◄ ─┬─────┤
│ └─ OLQ HEAder ──────┘ │
├─┬─ COMments ◄ ──┬─────────┤
│ └─ NO COMments ─┘ │
├─┬─ NO CODe TABle ◄ ─┬─────┤
│ └─ CODe TABle ──────┘ │
├─┬─ NO PATH STAtus ◄ ─┬────┤
│ └─ PATH STAtus ──────┘ │
├─┬─ NO EXTernal PICture ◄ ─┤
│ └─ EXTernal PICture ──────┤
└─┬─ VERbose ◄ ─┬───────────┘
└─ TERse ─────┘
┌───────────────────────────────────────────────────────────────────┐
►─┴─┬───────────────────────────────────────────────────────────────┬─┴──────►
└─┬─ INClude ◄ ─┬─ WIThin USEr user-id ─┬─────────────────────┬─┘
└─ EXClude ───┘ └─ TEXt is user-text ─┘
┌────────────────────────────────────────────────────────────────────────┐
►─▼┬──────────────────────────────────────────────────────────────────────┬┴─►
└─┬─ INClude ◄ ─┬─ class-name is attribute-name ─┬────────────────────┬┘
└─ EXClude ───┘ └ TEXt is user-text ─┘
┌────────────────────────────────────────────────────────────────────────┐
►─▼─┬────────────────────────────────────────────────────────────────────┬─┴─►
└─┬─ INClude ◄ ─┬─ relational-key is user-id ─┬────────────────────┬─┘
└─ EXClude ───┘ └ TEXt is user-text ─┘
┌───────────────────────────────────────────────────────────────┐
►─▼─┬───────────────────────────────────────────────────────────┬─┴──────────►
│ ┌────────────────────┐ │
└─ EDIt ─┬─ COMments ────┬───▼─ edit-instruction ─┴─ QUIT ──┘
├─ DEFinition ──┤
└─ comment-key ─┘
┌──────────────────────────────────────────────────┐
►─▼─┬─────────────────────────────────────────────┬──┴───────────────────────►◄
└─┬─ COMments ─────┬── is ─┬─ NULl ─────────┬─┘
├─ DEFinition ───┤ └─ comment-text ─┘
└─ comment-key ──┘
Expansion of system-specification
►►── system-name ─┬───────────────────────────────────┬───────────────────────► └─ Version is ─┬─ version-number ─┬─┘ ├─ HIGhest ────────┤ └─ LOWest ─────────┘ ►─┬───────────────────────────────────────────┬──────────────────────────────► └─ INStallation code is character-literal ──┘ ►─┬───────────────────────────────────┬──────────────────────────────────────► └─ PRIority is ─┬─ 0 ◄ ───────────┬─┘ └─ user-priority ─┘ ►─┬────────────────────────────────────────────────────────────────────┬─────►◄ │ ┌─────────────────┐ │ └─ SECurity classes is ─┬─ ADD ◄ ──┬─┬ ( ──▼─ security-code ─┴ ) ──┬─┘ └─ DELete ─┘ └─ ALL ───────────────────────┘
Expansion of subschema-specification
►►── subschema-name of SCHema schema-name ────────────────────────────────────► ►─┬───────────────────────────────────┬──────────────────────────────────────► └─ Version is ─┬─ version-number ─┬─┘ ├─ HIGhest ────────┤ └─ LOWest ─────────┘ ►─┬────────────────────────────────────────────────────────────────────┬─────►◄ └─ SIGnon QFile is qfile-name ─┬───────────────────────────────────┬─┘ └─ Version is ─┬─ version-number ─┬─┘ ├─ HIGhest ────────┤ └─ LOWest ─────────┘
DISPLAY/PUNCH USER statement (for a single user)
►►─┬─ DISplay ─┬─ USEr name is user-id ───────────────────────────────────────► └─ PUNch ───┘ ►─┬──────────────────────────────────────────────────┬───────────────────────► └─ PREpared by user-id ─┬────────────────────────┬─┘ └─ PASsword is password ─┘ ┌─────────────────────────────────────────────────────────┐ ►─▼─┬─────────────────────────────────────────────────────┬─┴────────────────► │ ┌──────────────────────────────────┐ │ ├─ WITh ──────┬──▼──┬─ ALL ───────────────────────┬─┴─┘ ├─ ALSo WITh ─┤ ├─ ALL COMment TYPes ─────────┤ └─ WITHOut ───┘ ├─ ATTributes ────────────────┤ ├─ COMments ──────────────────┤ ├─ DEFinitions ───────────────┤ ├─ DEStinations ──────────────┤ ├─ DETails ───────────────────┤ ├─ ELements ──────────────────┤ ├─ ENTRy points ──────────────┤ ├─ FILes ─────────────────────┤ ├─ HIStory ───────────────────┤ ├─ LINes ─────────────────────┤ ├─ LOGical-terminals ─────────┤ ├─ MAPS ──────────────────────┤ ├─ MODules ─┬─────────┬───────┤ │ └─ ONLy ──┘ │ ├─ NONe ──────────────────────┤ ├─┬─ PANels ──┬───────────────┤ │ └─ SCReens ─┘ │ ├─ PHYsical-terminals ────────┤ ├─ PROCesses ─────────────────┤ ├─ PROgrams ──────────────────┤ ├─ QFIles ────────────────────┤ ├─ QUEues ────────────────────┤ ├─ RECords ───────────────────┤ ├─ REPorts ───────────────────┤ ├─ SAMe AS ───────────────────┤ ├─ SCHemas ───────────────────┤ ├─ SUBSChemas ────────────────┤ ├─┬─ SYStems ────┬────────────┤ │ └─ SUBSYstems ─┘ │ ├─ TABles ────────────────────┤ ├─ TASks ─────────────────────┤ ├─ TRAnsactions ──────────────┤ ├─ USErs ─────────────────────┤ ├─┬─ USEr DEFINED COMments ─┬─┤ │ └─ UDCs ──────────────────┘ │ ├─┬─ USEr DEFINED NESts ─┬────┤ │ └─ UDNs ───────────────┘ │ ├─ WHEre USED ────────────────┤ └─ WITHIn USEr ───────────────┘ ►─┬──────────────────────────────────────────────────────────────────────────►─ └─ TO ─┬─ SYSpch ────────────────────────────────────────────────────────── └─ MODule module-name ─┬───────────────────────────────────┬──────── └─ Version is ─┬─ version-number ─┬─┘ ├─ HIGhest ────────┤ └─ LOWest ─────────┘ ─►──────────────────────────────────────────────────────────────────────────┬─► ─────────────────────────────────────────────────────────────────────────┬┘ ─┬──────────────────────┬┬──────────────────────────────────────────────┬┘ └ LANguage is language ┘└ PREpared by user-id ┬───────────────────────┬┘ └ PASsword is password ─┘ ►─┬──────────────────────┬──┬─────────────────────┬──────────────────────────►◄ └─ VERB ─┬─ DISplay ─┬─┘ └─ AS ─┬─ SYNtax ───┬─┘ ├─ PUNch ───┤ └─ COMments ─┘ ├─ ADD ─────┤ ├─ MODify ──┤ ├─ REPlace ─┤ └─ DELete ──┘
DISPLAY/PUNCH USER statement (for multiple users)
►►─┬─ DISplay ─┬─┬─ ALL ──────────────────────────┬─ USErs ───────────────────► └─ PUNch ───┘ └─┬─ FIRst ─┬─┬─ 1 ◄ ──────────┬─┘ ├─ NEXt ──┤ └─ entity-count ─┘ ├─ LASt ──┤ └─ PRIor ─┘ ►─┬──────────────────────────────────────────────────┬───────────────────────► └─ PREpared by user-id ─┬────────────────────────┬─┘ └─ PASsword is password ─┘ ►─┬─────────────────────────────────┬────────────────────────────────────────► └─ WHEre conditional-expression ──┘ (for complete conditional-expression syntax, see WHERE clause) ►─┬──────────────────┬───────────────────────────────────────────────────────► └─ BY ─┬─ SET ◄ ─┬─┘ └─ AREa ──┘ ►─┬──────────────────────────────────────────────────────────────────────────►─ └─ TO ─┬─ SYSpch ────────────────────────────────────────────────────────── └─ MODule module-name ─┬───────────────────────────────────┬──────── └─ Version is ─┬─ version-number ─┬─┘ ├─ HIGhest ────────┤ └─ LOWest ─────────┘ ─►──────────────────────────────────────────────────────────────────────────┬─► ─────────────────────────────────────────────────────────────────────────┬┘ ─┬──────────────────────┬┬──────────────────────────────────────────────┬┘ └ LANguage is language ┘└ PREpared by user-id ┬───────────────────────┬┘ └ PASsword is password ─┘ ►─┬──────────────────────┬──┬──────────────────────────────────────┬─────────►◄ └─ VERB ─┬─ DISplay ─┬─┘ └─ AS ─┬─ SYNtax ───┬──┬─────────────┬─┘ ├─ PUNch ───┤ └─ COMments ─┘ └─ RECursive ─┘ ├─ ADD ─────┤ ├─ MODify ──┤ ├─ REPlace ─┤ └─ DELete ──┘
Parameters
Identifies a new user to be established in the dictionary, or an existing user to be modified, replaced, deleted, displayed, or punched. User-id must specify a 1- through 32-character alphanumeric value and must be unique in the dictionary.
MAPTYPE has no meaning for CA IDMS since Release 12.0. It does not give an error so that migration can run without changes. MAPTYPE is now processed with DCUF SET MAPTYPE or with a PROFILE as specified in the MAPPING FACILITIES manual. For further information, see Advantage ™ CA-IDMS™ Mapping Facility.
Specifies a 1- through 32-character name that clarifies or supplements user-name or supplies the full name for an abbreviated user name.
Establishes (INCLUDE) or removes (EXCLUDE) a documentation relationship between the named user and the requested system or subsystem.
Copies the following options from the definition of the named user: user nests, attributes, systems associated with the user by means of the OF SYSTEM/SUBSYSTEM clause, and comments.
Specifies a new name for the requested user. This clause changes only the name specification; it does not alter or delete any previously defined relationships in which the named user participates. Subsequent references to the user must specify the new name. New-user-id must be a 1- through 32-character value that does not duplicate the name of an existing user.
Establishes, replaces, or deletes a password for the named user. password must be a 1- through 8-character alphanumeric value. Specify PASSWORD IS NULL or PASSWORD IS '' to delete a password. This password must appear whenever the user name appears in an IDD SIGNON statement or in a PREPARED BY or REVISED BY clause.
If the SET OPTIONS statement specifies INDIVIDUAL PASSWORD SECURITY OVERRIDE IS ON and the USER statement is modifying the issuing user's password, neither AUTHORITY FOR UPDATE IS PASSWORD nor AUTHORITY FOR MODIFY IS USER need be specified; the AUTHORITY clause is described below. However, if the SET OPTIONS statement specifies INDIVIDUAL PASSWORD SECURITY OVERRIDE IS OFF, the issuing user must be assigned PASSWORD authority as well as the appropriate USER entity-type authority.
Assigns to (INCLUDE) or removes from (EXCLUDES) the named user the authority to access a secured product or entity type or to perform a secured operation. (Security must have been previously enabled by means of a SET OPTIONS statement SECURITY clause.)
This clause also specifies the verbs that the named user can issue for entities within secured products:
To specify the INCLUDE/EXCLUDE parameter, the PREPARED/REVISED BY clause must identify a user with the AUTHORITY FOR UPDATE IS PASSWORD option. For more information about IDD security, see Securing the Dictionary.
Assigns the user the authority to access all products and entity types and in order to perform all secured operations. AUTHORITY FOR UPDATE IS ALL is required to establish default processing options for a specified dictionary by issuing the SET OPTIONS FOR DICTIONARY statement. This authority is also required to use the FIRST/SECOND/THIRD/FOURTH ALTERNATE PICTURE KEYWORD clause of the SET OPTIONS statement. Finally, AUTHORITY FOR UPDATE IS ALL is required to turn off entity-occurrence security with the REGISTRATION OVERRIDE clause.
The IDD installation procedure establishes one user with the AUTHORITY FOR UPDATE IS ALL attribute. This user is named 'CULL DBA' and assigned the password DBAPASS. After the installation, rename 'CULL DBA' and modify the password. Create a backup by adding another user with AUTHORITY IS ALL; if the new name of the DBA is inadvertently forgotten or lost, the backup user can be used.
Allows the user to assign or change passwords for other users and to issue the AUTHORITY FOR PASSWORD clause for other users. A user with password authority can update the AUTHORITY clause of any user ID, including his own, to any level. Note that if PASSWORD is selected, the keyword UPDATE must be specified in the FOR clause (described above).
Allows the user to access files and subschemas to run CA Culprit reports, change record layouts and file definitions (if the named user is assigned the CULPRIT OVERRIDES ARE ALLOWED option), and to generate DDR reports (if the named user is assigned the CULPRIT OVERRIDES ARE ALLOWED option and is authorized to access subschema IDMSNWKA of schema IDMSNTWK, version 1). This parameter allows the user to perform CA Culprit-related activities when the default processing options for the session include SECURITY FOR CULPRIT IS ON. Note that if CULPRIT is selected, the keyword UPDATE must be specified in the FOR clause (described above).
Allows the user to code USER statement clauses that control access to CA OLQ files and subschema views and assign OLQ command authorities and processing/reporting options when the default processing options for the session include SECURITY FOR OLQ IS ON. If OLQ is specified, the keyword UPDATE must be specified in the FOR clause (described above).
Allows the user to generate CA ADS dialogs when the default processing options for the session include SECURITY FOR ADS IS ON. If the keyword UPDATE is specified in the FOR clause (described above), either MODIFY or REPLACE allows the user to modify CA ADS dialogs.
Allows the user to access load modules when the default processing options for the session include SECURITY FOR LOAD MODULE IS ON.
Allows the user to access classes, attributes, and user-defined entities when the default processing options for the session include SECURITY FOR CLASS AND ATTRIBUTE IS ON. Note that the keywords CLASS and ATTRIBUTE can be issued separately to assign individual authority for classes or attributes (user-defined entities).
Allows the user to access teleprocessing entities (DESTINATION, LINE, LOGICAL-TERMINAL, MAP, MESSAGE, PANEL, PHYSICAL-TERMINAL, QUEUE, and TASK) when the default processing options for the session include SECURITY FOR IDMS-DC IS ON. Note that the keywords DESTINATION, LINE, LOGICAL-TERMINAL, MAP, MESSAGE, PANEL, PHYSICAL-TERMINAL, QUEUE, and TASK can be issued to assign authority for the specified entity type only.
Allows the user to access IDD entities (ELEMENT, ENTRY POINT, FILE, MODULE, PROCESS, PROGRAM, QFILE, RECORD, REPORT, TRANSACTION, SYSTEM, TABLE, and USER) when the default processing options for the session include SECURITY FOR IDD SIGNON and/or IDD IS ON. Note that the keywords ELEMENT, ENTRY POINT, FILE, MODULE, PROCESS, PROGRAM, QFILE, RECORD, REPORT, TRANSACTION, SYSTEM, TABLE, and USER can be issued to assign authority only for the specified entity type.
Allows the user to access CA IDMS entities (SCHEMA, SUBSCHEMA, and DMCL) when the default processing options for the session include SECURITY FOR IDMS IS ON. Note that the keywords SCHEMA, SUBSCHEMA, and DMCL can be issued to assign authority only for the specified entity type.
Associates (INCLUDE) or disassociates (EXCLUDE) a module that has been defined for use as a signon profile. Module-name must reference an existing module. The LANGUAGE parameter is required; language specifies the language of the signon profile; for example, OLQ or DC. All languages, including user-defined languages, can be specified.
When the named user signs onto an application, the commands within the signon profile module are executed automatically. These profiles are not executed when signing onto a DC SYSTEM.
Specifies whether the named user is authorized to sign on to and execute the online or batch DDDL compiler when the SET OPTIONS statement specifies SECURITY FOR IDD IS ON.
Note that the issuing user must be assigned IDD SIGNON authority.
Authorizes the user to sign on to the DDDL compiler. ALLOWED is the default.
Prohibits the user from signing on to the DDDL compiler.
Establishes (INCLUDE) or removes (EXCLUDE) a system access privilege. If this clause is specified in a non CA IDMS environment, the user/system relationship is documentation.
Note: You must have IDMS-DC authority to use this clause.
Specifies an installation code for the named user. This code can be accessed at runtime by user exits or programs to provide additional security. Character-literal must be a 1- through 32-character alphanumeric symbol specified as an absolute expression.
Specifies the dispatching priority for the named user. DC/UCF uses the dispatching priority in combination with task and logical terminal priorities to establish a run-time dispatching priority for tasks initiated by the named user. User-priority must be an integer in the range 0 through 255; the default for ADD operations is 0. A high number indicates a high dispatching priority.
Adds or deletes securityclass codes for the named user; the user can execute only programs and tasks with matching security classes.
Specifies that the named security classes are added to or deleted from the user definition; ADD is the default for ADD operations.
Specifies that the named security classes or all security classes are the object of the ADD or DELETE request. Security-code must be an integer in the range 1 through 255; multiple values must be enclosed in parentheses and separated by blanks.
Specifies that the named user has (INCLUDE) or does not have (EXCLUDE) access to the CA IDMS ASF
Specifies that the named CA IDMS or Information Center Management System (ICMS) user has (INCLUDE) or does not have (EXCLUDE) access to the Information Database (IDB).
Assigns a default public access specification to the named user. This feature, for ASF users only, is used to identify the public access level to be established by the user when storing entity-occurrence definitions in the dictionary through ASF. If an option other than ALL is specified, ASF automatically generates the appropriate registration option within the entity definition.
Specifies that the named CA Culprit user has access to the named file. Note that if CA Culprit security is enabled, the requested user must be assigned CULPRIT authority in order to access the named file.
Specifies that the named CA OLQ or CA Culprit user has access to (INCLUDE) or does not have access to (EXCLUDE) the named subschema. Subschema-name must identify a subschema view associated with schema-name. If CA OLQ or CA Culprit product security has been enabled in the SET OPTIONS statement SECURITY clause, the issuing user must be assigned OLQ or CULPRIT authority.
Associates an existing qfile with the named subschema and establishes access privilege to that qfile for the named CA OLQ user. The named qfile is invoked automatically when the user signs on to OLQ and names the associated subschema.
Note: The qfile access privilege does not permit the named user to execute qfiles; the qfile execution privilege is established separately by means of the OLQ QFILE clause described below.
Indicates an CA OLQ user's type of qfile access.
Specifies qfile access using the functionality available with the CA IDMS SQL, providing the CA IDMS SQL is installed. IDMs sql, IDMssql, and IDMS-SQL are synonyms and can be used interchangeably.
More information: For more information on CA IDMS SQL, see the CA IDMS SQL Reference Guide.
Specifies qfile access using the functionality available with CA OLQ. OLQ is the default for OLQ ACCESS.
Specifies that the named CA OLQ user has access to (INCLUDE) or does not have access to (EXCLUDE) the named qfile. Note that the qfile access privilege does not permit the named user to execute qfiles; qfile execution privilege is established separately by means of the OLQ QFILE clause described below.
Specifies whether the named user is authorized to access CA OLQ in menu mode. If the SET OPTIONS statement specifies SECURITY FOR OLQ IS ON, the issuing user must be assigned OLQ authority.
Authorizes the CA OLQ user to access CA OLQ in menu mode. ALLOWED is the default.
Prohibits the CA OLQ user from accessing CA OLQ in menu mode.
Specifies that the CA OLQ user is allowed to access CA OLQ in menu mode only.
Specifies whether the named user is authorized to execute CA OLQ qfiles. If the SET OPTIONS statement specifies SECURITY FOR OLQ IS ON, the issuing user must be assigned OLQ authority.
Authorizes the CA OLQ user to execute qfiles. ALLOWED is the default.
Prohibits the CA OLQ user from executing qfiles.
Specifies that the CA OLQ user is authorized to access CA OLQ only through qfiles.
Specifies whether the named CA OLQ user is authorized to save paths and CA OLQ command groups as qfiles. If the SET OPTIONS statement specifies SECURITY FOR OLQ IS ON, the issuing user must be assigned OLQ authority.
Authorizes the CA OLQ user to save paths and groups of commands as qfiles. ALLOWED is the default.
Prohibits the CA OLQ user from saving paths and groups of commands as qfiles.
Specifies whether the named CA OLQ user is authorized to retrieve multiple record occurrences with a single CA OLQ command. If the SET OPTIONS statement specifies SECURITY FOR OLQ IS ON, the issuing user must be assigned OLQ authority.
Authorizes the CA OLQ user to retrieve multiple record occurrences with a single OLQ command. ALLOWED is the default.
Prohibits the CA OLQ user from retrieving multiple record occurrences with a single CA OLQcommand.
Specifies whether the named CA OLQ user is authorized to select the OLQ NOINTERRUPT option (described below). If the SET OPTIONS statement specifies SECURITY FOR OLQ IS ON, the issuing user must be assigned OLQ authority.
Authorizes the CA OLQ user to select the OLQ NOINTERRUPT option.
Requires that the OLQ INTERRUPT be enabled at all times for the user.
Specifies whether the named CA OLQ user can issue the CA OLQ SORT command. If the SET OPTIONS statement specifies SECURITY FOR OLQ IS ON, the issuing user must be assigned OLQ authority.
Authorizes the CA OLQ user to issue the CA OLQ SORT command. ALLOWED is the default.
Prohibits the CA OLQ user from issuing the CA OLQ SORT command.
Specifies whether the named CA Culprit user is authorized to define file attributes and records. If the SET OPTIONS statement specifies SECURITY FOR CULPRIT IS ON, the issuing user must be assigned CULPRIT authority.
Authorizes the CA Culprit user to code file attributes and REC parameters. ALLOWED is the default.
Prohibits the CA Culprit user from coding file attributes and REC parameters.
Specifies the CA OLQ processing control and display options that will be in effect when the named user signs on to CA OLQ. If the SET OPTIONS statement specifies SECURITY FOR OLQ IS ON, the issuing user must be assigned OLQ authority.
Specifies whether CA OLQ report files will contain a header line. This option has no effect on single-record-occurrence retrieval displays. The default for ADD is HEADER.
Specifies whether a user-entered command will be repeated by CA OLQ on the output device. The default for ADD is ECHO.
Specifies whether the default internal field list for all records retrieved during the named user's CA OLQ session will contain all or none of the fields. The default for ADD is ALL.
Specifies whether filler field values will be displayed. The default for ADD is NO FILLER.
Specifies whether the processing interrupt feature for multiple record retrievals will be enabled or disabled. The default for ADD is INTERRUPT.
Note: The OLQ MANDATORY INTERRUPT specification takes precedence over NO INTERRUPT.
Specifies the content of displayed path retrieval report lines. WHOLE displays only those lines containing a retrieved occurrence for every record type in a path definition. PARTIAL displays all lines, whether or not they contain data for every path record type. The default for ADD is WHOLE.
Specifies the format of displayed path retrieval report lines. FULL displays data associated with a record type once for each retrieved occurrence. SPARSE displays data associated with a record type only once, regardless of how many associated record occurrences are retrieved. The default value for ADD is FULL.
Specifies whether the CA OLQ report file contains a header line. This option has no effect on single-record-occurrence retrieval displays. The default for ADD is NO OLQ HEADER.
Specifies whether comments will accompany the output from HELP RECORDS, HELP SUBSCHEMAS, and HELP QFILE requests. The default for ADD is COMMENTS.
Specifies whether CA OLQ will access a code table to encode and decode data. The default for ADD is NO CODE TABLE.
Specifies the conditions under which CA OLQ will retrieve a logical record. NO PATH STATUS requests CA OLQ to retrieve a logical record only when the path status of LR-FOUND is returned. PATH STATUS requests CA OLQ to retrieve a logical record when any DBA-defined path status is returned. The default for ADD is NO PATH STATUS.
Specifies whether CA OLQ will use external pictures for displaying data. The default for ADD is NO EXTERNAL PICTURE.
Controls the amount of information displayed following record and field-level breaks. The default for ADD is VERBOSE.
Associates (INCLUDE) the user with or disassociates (EXCLUDE) the user from the user identified by user-id.
Includes or excludes the specified options when the named user is displayed or punched. Detailed information for each DISPLAY/PUNCH option is under SET OPTIONS Syntax. The options that are listed below present special considerations for this entity type.
Includes the following specifications:
Includes all the users related by the WITHIN USER clause or relational-key clause.
Usage
If you specify REPLACE
If you specify REPLACE, the DDDL compiler initializes to defaults and/or excludes the following:
The following relationships that include the named user or that the user is related to or registered for are not affected:
Additionally, the following definitions are not affected:
If you specify DELETE
If you specify DELETE, the DDDL compiler disassociates the named user from all entity occurrences, unless the user is the last user assigned the REGISTERED FOR ALL option; see PUBLIC ACCESS Clause for further details.
Default public access (ASF)
The default public access for entity occurrences stored by the named user through ASF is assigned as follows:
USER AUTHORITY considerations
Consider the following points regarding user authority:
Example
In the following example, the ADD statement defines user DGS as a user of the systems INVENTORY and STOCK-UPDATE, supplying a full name, a password, and a description. The ACCESS TO SUBSCHEMA clauses assign access to two versions of a subschema and two signon qfiles.
The ACCESS TO SYSTEM clauses allow the user to access the systems INVENTORY and STOCK UPDATE through DC/UCF.
Additional clauses authorize DGS to change the OLQ INTERRUPT option and grant DGS IDMS authority. The OLQ DEFAULT OPTIONS clause specifies display of FILLER fields and PARTIAL lines. The class/attribute clause associates the LIBRARY class with the attribute PRIVATE. The relational-key clause associates user MRS with user DGS.
add user name is dgs
prepared by dba password is 'ice 9'
password is sgd
full name is 'dianna g. smith'
user description is programmer
within user development
of system inventory
of system stock-update
access to subschema invbasea of schema invbase version 2
signon qfile is invon version 2
access to subschema invbasea of schema invbase
signon qfile is invon
access to system inventory
access to system stock-update
optional interrupt
olq default options filler partial
authority for display is idms
authority for update is password
library is private
'other developer' is mrs.
The MODIFY statement changes the password for the user DGS:
modify user dgs
prepared by dgs password is sgd
password is gsd.
|
Copyright © 2014 CA.
All rights reserved.
|
|