Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

obj_type=KC_USER

This operation relates to a UTM application user ID and its queue.

In the identification area you must specify the name of the user ID (field kc_name8 of the union kc_id_area). In the data area you must pass the data structure kc_user_str with the new values of the properties.


Possible modifications

  • Lock or release a user ID.

    Neither users nor clients can then sign on to the application under a locked user ID. User IDs with administration privileges cannot be locked.

    Field name   

    Meaning

    state='N'

    The user ID is to be disabled.
    If the user is signed on to the application at the time at which the user ID is disabled, the user is not disconnected. The lock does not take effect until the user or client next attempts to sign on to the application under this user ID.
    Read and write accesses to the queue of a locked user ID are possible.

    state='Y'

    The user ID is to be released, i.e. there is a lock in existence which is to be cancelled.

    Period of validity / transaction management: type GPD ("KC_MODIFY_OBJECT - Modify object properties and application parameters")

  • Change the key set assigned to the user ID. Specify the following in the kc_user_str data structure:

    Field name    

    Meaning

    kset[8]

    In kset you specify the name of an existing key set that sets the access rights of the user ID in the application. The name of a key set can be up to 8 characters long.

    The user or client program can only access a service protected by means of a lock code or an access list if:

    • the key set of the user ID and

    • the key set of the LTERM partner by means of which the terminal user or the client program connects to the application

    contain a key/access code that corresponds either to the lock code of the service or to at least one key of the access list of the service.

    If you want to cancel the assignment that has applied up to now, enter blanks.

    Period of validity / transaction management: type GPD ("KC_MODIFY_OBJECT - Modify object properties and application parameters")

  • Change or delete the password for a user ID.

    When changing a password, you must take account of the level of complexity and minimum password length defined when the user ID was created. You can ascertain the level of complexity and minimum length using KC_GET_OBJECT (object type KC_USER). UTM reports the settings in the fields protect_pw_compl and protect_pw16_lth of the data structure kc_user_str. The levels of complexity and the criteria which must be fulfilled by a password of a certain level of complexity are described in chapter "kc_user_str, kc_user_fix_str, kc_user_dyn1_str and kc_user_dyn2_str user IDs".

    You can only delete passwords if:

    • the minimum password length defined when the user ID was created (protect_pw16_lth) is equal to '0' and

    • no particular level of complexity is defined for the user (protect_pw_compl='0').

    If a password with a limited period of validity has been defined for a user ID (protect_pw_time!='0', chapter "kc_user_str, kc_user_fix_str, kc_user_dyn1_str and kc_user_dyn2_str user IDs"), you cannot use the old password as the new password when changing the password.

    In applications generated with SIGNON GRACE=Y, you can choose one of the following options when changing the password (protect_pw_time_left):

    • the generated period of validity is to apply to the new password (from the time the change is implemented) or

    • the password is to become invalid immediately and must be changed immediately the next time the user signs on.

    If a password with a limited period of validity is deleted, no period of validity applies. If a new password is issued subsequently, the period of validity again takes effect.

    When changing a password, you must specify both the new password and the password type. Specify the following in the data structure kc_user_str:

    Field name

    Meaning

    password16

    Specify the new password for this user ID in the password16 field. You must also specify in the password_type field how UTM is to interpret the value specified in password16.
    In the protect_pw_time_left field you can prevent a password with a limited period of validity from becoming invalid immediately in applications generated with SIGNON GRACE=Y. If the password is invalid, it is necessary to assign a new password at sign-on.
    The password can be up to 16 characters long.
    The union kc_pw is available for passing the password (see "obj_type=KC_USER").

    You can specify the password either as a character string or as a sequence of hexadecimal characters.

    On Unix, Linux and Windows systems, a hexadecimal specification is only permitted if an already encrypted password is passed, i.e. the field pw_encrypted contains the value 'Y' or 'A'.

    In the case of a hexadecimal password, each half byte is represented as a character. If you specify a password which consists of less than 16 characters, password16 must be padded to the right with blanks
    (password_type= 'C'), or with the hexadecimal value for blanks (password_type='X').

    In order to delete a password, specify only blanks in password16 or specify ‘N' in password_type

    password_type

    In password_type you must specify how the password in password16 is to be interpreted.The following values are possible:

    • 'C':The password in password16 is to be interpreted as character string.

    • 'X': The password in password16 is to be interpreted as hexadecimal string. On Unix, Linux and Windows systems, this is only permitted if an already encrypted password is passed (pw_encrypted ='Y' or 'A').

    • 'N': No password. Nothing may be specified in password16. An existing password will be deleted.

    • 'R' : A random password is created.

    • The administrator has to define explicitly a new password before the user generated in this way is able to sign on.

    If you want to delete the password of a user ID, pass 'N' in password_type.
    In this case, nothing further need be specified in password

    pw_encrypted

    This field must be set to the value 'Y' or 'A' if the password is passed in encrypted format. This may occur, for example, if the encrypted password results from a K159 message of a standby application.

    • 'N'': The password is passed in unencrypted format (default).

    • 'Y'/'A': The password is passed in encrypted format. No complexity check is carried out.

    Period of validity / transaction management: type GPD ("KC_MODIFY_OBJECT - Modify object properties and application parameters")

    Field name                     

    Meaning

    protect_pw_time_left

    This only applies to applications generated with SIGNON GRACE=Y and for user IDs whose passwords are generated with a limited period of validity.

    In protect_pw_time_left, you can specify whether the generated period of validity is to apply to the new password:

    If you enter protect_pw_time_left='-1' (right or left-justified) the generated period of validity applies to the new password (from the time it was implemented).
    protect_pw_time_left='-1' only has effect together with password16 and
    password_type. protect_pw_time_left='-1' without a password is ignored.

    If you make no entries for protect_pw_time_left the password immediately becomes invalid, because the period of validity is expired. The user must change the password at the next sign-on.

    A value other than '-1' is rejected.

  • You can change write, read and delete authorization for a USER queue. Specify the following in the kc_user_str data structure:

    Field name           

    Meaning

    q_read_acl[8]

    In q_read_acl you specify the name of an existing key set by means of which the queue is protected against other users who want to access the queue to read and delete messages.

    You can remove the protection by specifying blanks. In this case, all users can read and delete messages from this queue.

    q_write_acl[8]

    In q_write_acl you specify the name of an existing key set by means of which the queue is protected against other users who want write access to it.

    You can remove the protection by specifying blanks. In this case, all users can write messages to this queue.

    Another user (!=us_name) can have read (delete) or write access to the USER queue when both the key set of the user’s user ID and the key set of the LTERM partner by means of which the user is signed on contain at least one key code of the q_read_acl or q_write_acl key set.

    Period of validity / transaction management: type GPD ("KC_MODIFY_OBJECT - Modify object properties and application parameters")

  • Only on BS2000 systems:
    Assign a new start format to the user ID.

    You can assign a specific start format to each user ID. This start format is automatically output after each successful sign-on if no service is currently open for this user ID. In order to modify the start format, you must always specify both the format name and the format attribute.

    The precondition for assigning a start format is that a formatting system has been generated (KDCDEF statement FORMSYS). If the start format is a #format, a sign-on service must also be generated.

    Field name              

    Meaning

    format_attr

    Format identifier of the new start format:

    'A'

    for the format attribute ATTR. The format name at the KDCS program interface is +format_name.

    'N'

    for the format attribute NOATTR. The format name at the KDCS program interface is *format_name.

    'E'

    for the format attribute EXTEND. The format name at the KDCS program interface is #format_name.

    The meanings of the format attributes are described in chapter "kc_user_str, kc_user_fix_str, kc_user_dyn1_str and kc_user_dyn2_str user IDs".

    format_name[7]

    Name of the start format. The name can be up to 7 characters long and may contain only alphanumeric characters.

    If you want to delete the start format of a user ID, you must specify blanks in format_attr and format_name.

    Period of validity / transaction management: type GPD ("KC_MODIFY_OBJECT - Modify object properties and application parameters")

  • Enable or disable the BCAM trace for this user ID.

    To allow USER-specific enabling:

    The BCAM trace must not be generally enabled for all connections, i.e. the trace is either completely disabled or only explicitly enabled for certain selected LTERM and LPAP partners or USERs.

    Specify the following in the data structure kc_user_str:

    Field name            

    Meaning

    bcam_trace='Y'

    The BCAM trace is explicitly enabled for this USER. This is only possible

    • if the BCAM trace is disabled for all connections (see kc_diag_and_account_par_str) or

    • if the BCAM trace has already been enabled for individual USERs.

    bcam_trace='N'

    The BCAM trace is disabled for this USER.

    Period of validity / transaction management: type GIR ("KC_MODIFY_OBJECT - Modify object properties and application parameters")

    Some modifications can also be performed using KDCUSER ("KDCUSER - Change user properties") or KDCDIAG ("Switch diagnostic aids on and off").

Powered by Atlassian Confluence and Scroll Viewport.