Displays reports for selected UAF records on the current
SYS$OUTPUT device.
In the list of "Additional information available" in online help,
the first group of qualifiers selects specific UAF records for
displayed reports.
Following these qualifiers, after "Examples," are additional
qualifiers, some of which have their own parameters and
qualifiers:
o /IDENTIFIER-displays information about an identifier
o /PROXY-displays authorized proxy access for a specified remote
user
o /RIGHTS-displays identifiers held by users
Format
SHOW user-spec
1 – Parameter
user-spec
Specifies the user name or UIC of the requested UAF record. If
you omit the user-spec parameter, the UAF records of all users
are listed. The asterisk (*) and percent sign (%) wildcard
characters are permitted in the user name.
2 – Qualifiers
2.1 /BRIEF
Specifies that a brief report be displayed. In the report, the
Directory field displays one of the following items:
o Disuser-The account has been disabled.
o Expired-The account has expired.
o A device and directory name-The login device and directory for
the account (for example, DOCD$:[SMITH]).
If you omit the /BRIEF qualifier, AUTHORIZE displays a full
report.
2.2 /FULL
Specifies that a full report be displayed, including identifiers
held by the user. Full reports include the details of the limits,
privileges, login flags, and the command interpreter as well as
the identifiers held by the user. The password is not listed.
2.3 /EXACT
Controls whether the SHOW command matches the search string
exactly or treats uppercase and lowercase letters as equivalents.
Enclose the specified string within quotation marks (" "). Use
/EXACT with the /PAGE=SAVE and /SEARCH qualifiers.
2.4 /HIGHLIGHT
/HIGHLIGHT[=keyword]
/NOHIGHLIGHT (default)
Identifies how to display the line that contains a string once it
is found. The following keywords are valid:
BLINK
BOLD (default)
REVERSE
UNDERLINE
Use the /HIGHLIGHT qualifier with the /PAGE=SAVE and /SEARCH
qualifiers.
2.5 /PAGE
/PAGE[=keyword]
/NOPAGE (default)
Controls the information display on a screen. The following
keywords are valid:
CLEAR_SCREEN Clear the screen before displaying the next page.
SCROLL Display a continuous stream of information.
SAVE[=n] Store information and enable the navigational keys
listed in Screen Control Keys. By default, the
command saves 5 pages. The maximum page width is
255 columns.
Table 1 Screen Control Keys
Key or Key
Sequence Action Taken When Key or Key Sequence Is Pressed
DOWN ARROW Scroll the display down one line
KEY
LEFT ARROW Scroll the display one column to the left
KEY
RIGHT ARROW Scroll the display one column to the right
KEY
UP ARROW KEY Scroll the display up one line
Find (E1) Search for a new string in the information being
displayed
Insert Here Move the display to the right by half a screen
(E2)
Remove (E3) Move the display to the left by half a screen
Select (E4) Switch from 80-column displays to 132-column
displays
Prev Screen Return to the previous page
(E5)
Next Screen Display the next page
(E6)
CTRL/Z Return to the UAF> prompt
Help Display AUTHORIZE help text
F16 (Do) Switch from the oldest to the newest page
Ctrl/W Refresh the display
2.6 /SEARCH
/SEARCH=string
Used with the /PAGE=SAVE qualifier to specify a string to find in
the information being displayed. You can dynamically change the
search string by pressing the Find key (E1) while the information
is being displayed.
2.7 /WRAP
/WRAP
/NOWRAP (default)
Used with the /PAGE=SAVE qualifier to limit the number of columns
to the width of the screen and wrap lines that extend beyond the
width of the screen to the next line.
The /NOWRAP qualifier extends lines beyond the width of the
screen. Use the /PAGE=SAVE qualifier and the screen control keys
listed in Screen Control Keys to view the entire screen.
The SHOW command produces reports on user authorization records.
You can select the reports to be displayed, as follows:
o To display a single-user report, specify a user name.
o To display reports for all users in ascending sequence by user
name, specify an asterisk wildcard character (*).
o To display reports for all users with a common UIC, specify
the UIC. Users with the same UIC are listed in the order in
which they were added to the SYSUAF.
You can also use the asterisk wildcard character to specify
all or part of the UIC, as shown in the following examples:
Command Description
SHOW [14,*] Displays a brief report for all users in
/BRIEF group 14, in ascending sequence by member
number.
SHOW [*,6] Displays a brief report for all users with a
/BRIEF member number of 6.
SHOW [*,*] Displays a brief report for all users, in
/BRIEF ascending sequence by UIC.
3 – Examples
1.UAF> SHOW ROBIN
The command in this example displays a full report for the
user ROBIN. The display corresponds to the first example in the
description of the ADD command. Most defaults are in effect.
Username: ROBIN Owner: JOSEPH ROBIN
Account: VMS UIC: [14,6] ([INV,ROBIN])
CLI: DCL Tables: DCLTABLES
Default: SYS$USER:[ROBIN]
LGICMD:
Login Flags:
Primary days: Mon Tue Wed Thu Fri
Secondary days: Sat Sun
No access restrictions
Expiration: (none) Pwdminimum: 6 Login Fails: 0
Pwdlifetime: (none) Pwdchange: 15-JAN-2000 14:08
Last Login: (none) (interactive), (none) (non-interactive)
Maxjobs: 0 Fillm: 300 Bytlm: 32768
Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0
Maxdetach: 0 BIOlm: 40 JTquota: 4096
Prclm: 2 DIOlm: 40 WSdef: 256
Prio: 4 ASTlm: 40 WSquo: 512
Queprio: 0 TQElm: 10 WSextent: 1024
CPU: (none) Enqlm: 200 Pgflquo: 32768
Authorized Privileges:
TMPMBX NETMBX
Default Privileges:
TMPMBX NETMBX
Identifier Value Attributes
CLASS_CA101 %X80010032 NORESOURCE NODYNAMIC
CLASS_PY102 %X80010049 NORESOURCE NODYNAMIC
NOTE
The quotas Pbytlm and Queprio are placeholders only.
2.UAF> SHOW [360,*] /BRIEF
The command in this example displays a brief report for every
user with a group UIC of 360.
Owner Username UIC Account Privs Pri Default Directory
JOHN JAMES JAMES [360,201] USER Normal 4 DOCD$:[JAMES]
SUZY JONES JONES [360,203] DOC Devour 4 DOCD$:[JONES]
CLIFF BROWN BROWN [360,021] DOC All 4 disuser
JOY CARTER CARTER [360,005] DOCSEC Group 4 expired
3.UAF> SHOW WELCH
This command displays a full report for the restricted user
WELCH. This display corresponds to the second example in the
description of the ADD command.
Username: WELCH Owner: ROB WELCH
Account: INV UIC: [14,51] ([14,51])
CLI: DCL Tables: DCLTABLES
Default: SYS$USER:[WELCH]
LGICMD: SECUREIN
Login Flags: Restricted Diswelcome Disnewmail ExtAuth
Primary days: Mon Tue Wed Thu Fri
Secondary days: Sat Sun
Primary 000000000011111111112222 Secondary 000000000011111111112222
Day Hours 012345678901234567890123 Day Hours 012345678901234567890123
Network: ----- No access ------ ##### Full access ######
Batch: #########--------####### ---------#########------
Local: #########--------####### ---------#########------
Dialup: ##### Full access ###### ----- No access ------
Remote: #########--------####### ---------#########------
Expiration: (none) Pwdminimum: 6 Login Fails: 0
Pwdlifetime: (none) Pwdchange: (pre-expired)
Last Login: (none) (interactive), (none) (non-interactive)
Maxjobs: 0 Fillm: 300 Bytlm: 32768
Maxacctjobs: 0 Shrfillm: 0 Pbytlm: 0
Maxdetach: 0 BIOlm: 40 JTquota: 4096
Prclm: 2 DIOlm: 40 WSdef: 256
Prio: 4 ASTlm: 40 WSquo: 512
Queprio: 4 TQElm: 10 WSextent: 1024
CPU: (none) Enqlm: 200 Pgflquo: 32768
Authorized Privileges:
TMPMBX NETMBX
Default Privileges:
TMPMBX NETMBX
Note that WELCH is a captive user who does not receive
announcements of new mail or the welcome message when logging
in. His login command file, SECUREIN.COM, is presumably a
captive command file that controls all of his operations.
(Such a command file never exits, but performs operations
for its user and logs him out when appropriate.) The CAPTIVE
flag prevents WELCH from escaping control of the command file
by using Ctrl/Y or other means. Furthermore, he is restricted
to logging in between the hours of 5:00 P.M. and 8:59 A.M. on
weekdays and 9:00 A.M. and 5:59 P.M. on weekends. Although he
is allowed to use dial-up lines at all times during the week,
he is not allowed to log in over the network. On weekends, he
is further restricted so that he cannot dial in at any time or
use the DCL command SET HOST between the hours of 6:00 P.M. and
8:59 A.M.
4 /IDENTIFIER
Displays information about an identifier, such as its name,
value, attributes, and holders, on the current SYS$OUTPUT device.
Format
SHOW/IDENTIFIER [id-name]
4.1 – Parameter
id-name
Specifies an identifier name. The identifier name is a string of
1 to 31 alphanumeric characters. The name can contain underscores
and dollar signs. It must contain at least one nonnumeric
character. If you omit the identifier name, you must specify
/USER or /VALUE.
4.2 – Qualifiers
4.2.1 /BRIEF
Specifies a brief listing in which only the identifier name,
value, and attributes are displayed. The default format is
/BRIEF.
4.2.2 /FULL
Specifies a full listing in which the names of the identifier's
holders are displayed along with the identifier's name, value,
and attributes.
4.2.3 /USER
/USER=user-spec
Specifies one or more users whose identifiers are to be
displayed. The user-spec can be a user name or a UIC. You can
use the asterisk wildcard character (*) to specify multiple
UICs or all user names. UICs must be in the form [*,*], [n,*],
[*,n], or [n,n]. A wildcard user name specification (*)
displays identifiers alphabetically by user name; a wildcard
UIC specification ([*,*]) displays them numerically by UIC.
4.2.4 /VALUE
/VALUE=value-specifier
Specifies the value of the identifier to be listed. The following
formats are valid for the value-specifier:
IDENTIFIER:n An integer value in the range of 65,536 to
268,435,455. You can also specify the value
in hexadecimal (precede the value with %X) or
octal (precede the value with %O).
To differentiate general identifiers from UIC
identifiers, %X80000000 is added to the value
you specify.
GID:n GID is the POSIX group identifier. It is an
integer value in the range 0 to 16,777,215
(%XFFFFFF). The system will add %XA400.0000
to the value you specify and then enter this
new value into the system RIGHTSLIST as an
identifier.
UIC:uic A UIC value in the standard UIC format.
4.3 – Examples
1.UAF> SHOW/IDENTIFIER/FULL INVENTORY
This command would produce output similar to the following
example:
Name Value Attributes
INVENTORY %X80010006 NORESOURCE NODYNAMIC
Holder Attributes
ANDERSON NORESOURCE NODYNAMIC
BROWN NORESOURCE NODYNAMIC
CRAMER NORESOURCE NODYNAMIC
2.UAF> SHOW/IDENTIFIER/USER=ANDERSON
This command displays the identifier associated with the user
ANDERSON, as follows:
Name Value Attributes
ANDERSON [000300,000015] NORESOURCE NODYNAMIC
The identifier is shown, along with its value and attributes.
Note, however, that this is the same result you would produce
had you specified ANDERSON's UIC with the following forms of
the command:
UAF> SHOW/IDENTIFIER/USER=[300,015]
UAF> SHOW/IDENTIFIER/VALUE=UIC:[300,015]
5 /PROXY
Displays all authorized proxy access for the specified remote
user.
Format
SHOW/PROXY node::remote-user
5.1 – Parameters
node
Specifies the name of a network node in the network proxy
authorization file. The asterisk wildcard character (*) is
permitted in the node specification.
remote-user
Specifies the user name or UIC of a user on a remote node. The
asterisk wildcard character (*) is permitted in the remote-user
specification.
5.2 – Examples
1.UAF> SHOW/PROXY SAMPLE::[200,100]
Default proxies are flagged with an *
SAMPLE::[200,100]
MARCO * PROXY2
PROXY3
The command in this example displays all authorized proxy
access for the user on node SAMPLE with a UIC of [200,100].
The default proxy account can be changed from MARCO to PROXY2
or PROXY3 with the MODIFY/PROXY command.
2.UAF> SHOW/PROXY *::*
Default proxies are flagged with (D)
TAO:.TWA.RANCH::MARTINEZ
MARTINEZ (D) SALES_READER
UAF> show/proxy/old *::*
Default proxies are flagged with (D)
RANCH::MARTINEZ
MARTINEZ (D) SALES_READER
The command in this example displays information about local
authorized proxy access on a system running DECnet-Plus. The
first command draws information from the file NET$PROXY.DAT.
By including the /OLD qualifier on the SHOW/PROXY command,
AUTHORIZE displays information from the file NETPROXY.DAT.
6 /RIGHTS
Displays the identifiers held by the specified identifiers or, if
/USER is specified, all identifiers held by the specified users.
Format
SHOW/RIGHTS [id-name]
6.1 – Parameter
id-name
Specifies the name of the identifier associated with the user.
If you omit the identifier name, you must specify the /USER
qualifier.
6.2 – Qualifier
6.2.1 /USER
/USER=user-spec
Specifies one or more users whose identifiers are to be listed.
The user-spec can be a user name or a UIC. You can use the
asterisk wildcard character (*) to specify multiple UICs or all
user names. UICs must be in the form [*,*], [n,*], [*,n], or
[n,n]. A wildcard user name specification (*) or wildcard UIC
specification ([*,*]) displays all identifiers held by users.
The wildcard user name specification displays holders' user names
alphabetically; the wildcard UIC specification displays them in
the numerical order of their UICs.
6.3 – Example
UAF> SHOW/RIGHTS ANDERSON
This command displays all identifiers held by the user
ANDERSON. For example:
Name Value Attributes
INVENTORY %X80010006 NORESOURCE NODYNAMIC
PAYROLL %X80010022 NORESOURCE NODYNAMIC
Note that the following formats of the command produce the same
result:
SHOW/RIGHTS/USER=ANDERSON
SHOW/RIGHTS/USER=[300,015]