Changing User Information

This procedure is used to change the characteristics of a user on the EAGLE using the chg-user command. This procedure can only be performed if you have been assigned the command class “Security Administration.” If the user ID does not exist in the database, the user’s characteristics cannot be changed.

Note:

The pid parameter can be specified for this procedure on all terminals (1 - 40) if the Eagle OA&M IP Security Enhancements feature is on. If this feature is on, the entry YES is shown for terminals 17 through 40 in the SECURE column in the rtrv-trm output. The output of the rtrv-ctrl-feat command also shows if this feature is on or off. If this feature is off, the pid parameter can be specified for this procedure only on terminals 1 through 16. If you wish to use the Eagle OA&M IP Security Enhancements feature, and the feature is not on, performActivating the EAGLE OA&M IP Security Enhancement Controlled Feature to enable and activate this feature.

The chg-user command uses these parameters.

:uid – The ID of a user in the database

:nuid – New user ID – The new ID of the user specified by the uid parameter.

:pid – Password ID (only required if changing the password of a user) – The password of the user specified by the uid parameter.

:all – The user has access to all commands in all command classes.

:dbg – The user has access to all commands in the command class “Debug.”

:link – The user has access to all commands in the command class “Link Maintenance.”

:sys – The user has access to all commands in the command class “System Maintenance.”

:sa – The user has access to all commands in the command class “Security Administration.”

:pu – The user has access to all commands in the command class “Program Update.”

:db – The user has access to all commands in the command class “Database Administration.”

:cc1 - :cc8 – Eight configurable command classes. These parameters specified whether or not the user has access to the commands in the specified configurable command class. The value of these parameters consist of the configurable command class name (1 alphabetic character followed by 2 alphanumeric characters), and either yes or no. The command class name and the yes or no values are separated by a dash. For example, to assign a user the permission to use the commands in configurable command class db1, the cc1=db1-yes parameter would be specified.

To specify any configurable command classes, the Command Class Management feature must be enabled and turned on. Enter the rtrv-ctrl-feat command to verify whether or not the Command Class Management feature is enabled. If the Command Class Management feature is not enabled or turned on, perform Activating Controlled Features to enable and turn on the Command Class Management feature. Up to 32 configurable command classes can be assigned to users. When the Command Class Management feature is enabled and turned on, the configurable command class names are given the names u01 - u32. These command class names, the descriptions of these command classes, and the commands assigned to these command classes can be changed using the Configuring Command Classes.

The chg-user command can assign a maximum of eight configurable command classes to the user each time the chg-user command is performed.

:page – The amount of time, in days, that the specified user’s password can be used before the user must change their password.

If the page parameter is not specified with the ent-user command, the EAGLE uses the value configured for the page parameter specified by the chg-secu-dflt command to determine the age of the user’s password.

:uout – The number of consecutive days that a user ID can remain active on the EAGLE and not be used. When the user ID has not been used for the number of days specified by the uout parameter, that user ID is no longer valid and the EAGLE rejects any attempt to log into the EAGLE with that user ID.

If the uout parameter is not specified with the ent-user command, the EAGLE uses the value configured for the uout parameter specified by the chg-secu-dflt command to determine the number of consecutive days that a user ID can remain active on the EAGLE and not be used

:revoke – Is the specified user ID in service? Any login attempts using a revoked user ID are rejected by the EAGLE. The revoke=yes parameter cannot be specified for a user ID assigned to the security administration command class.

:rstlsl – resets the last successful login date for a user ID to the current date. If the user ID is out of service because the user ID has been idle longer that the value of the uout parameter defined by either the ent-user or chg-secu-dflt commands, this parameter brings that user ID back into service.

This example shows an rtrv-secu-user command output when the Command Class Management feature is enabled and turned on. If the Command Class Management feature is not enabled and activated, the 32 configurable command classes, shown in the following example as fields U01 - U32, are not shown in the rtrv-secu-user command output.

An asterisk (*) displayed after the value in the PAGE or UOUT fields indicates that the system-wide default page or uout parameter values, as configured on the chg-secu-dflt command, is in effect for the user ID.

rlghncxa03w 09-03-01 08:33:48 GMT EAGLE5 40.1.0                                                                
USER ID              AGE PAGE UOUT REV LINK SA  SYS PU  DB  DBG
frodo                750 0    0    NO  YES  YES YES YES YES YES
            
            U01 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
            YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES NO
            
            U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
            YES YES YES YES YES YES YES YES YES YES YES NO  NO  NO  NO  YES
                                                            
USER ID              AGE PAGE UOUT REV LINK SA  SYS PU  DB  DBG
manny                36  60   60   NO  YES  YES YES YES YES YES
            
            U01 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
            NO  NO  NO  NO  YES YES YES YES YES YES YES YES YES YES YES YES
            
            U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
            YES YES YES YES YES YES YES YES YES YES YES NO  NO  NO  NO  YES
                                                                
USER ID              AGE PAGE UOUT REV LINK SA  SYS PU  DB  DBG
moe                  100 30   60   YES YES  YES YES YES YES YES
            
            U01 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
            YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES NO
            
            U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
            YES YES YES YES YES YES YES YES YES YES YES YES YES NO  NO  NO
                                                                
USER ID              AGE PAGE UOUT REV LINK SA  SYS PU  DB  DBG
jack                 10  30 * 30 * NO  YES  YES YES YES YES YES
          
            U01 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
            YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES
            
            U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
            YES YES YES YES YES YES NO  NO  NO  NO  YES YES YES YES YES NO

Display the user IDs in the database using the rtrv-secu-user command.

This is an example of the possible output.

rlghncxa03w 09-03-01 08:33:48 GMT EAGLE5 40.1.0
                                                         
USER ID              AGE PAGE UOUT REV LINK SA  SYS PU  DB  DBG
frodo                0   60 * 90 * NO  YES  NO  YES NO  YES YES
            
            DB1 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
            YES NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO
            
            U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
            NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO
                                                                
USER ID              AGE PAGE UOUT REV LINK SA  SYS PU  DB  DBG
manny                36  60   60   NO  YES  YES YES YES YES YES
            
            DB1 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
            NO  NO  NO  NO  YES YES YES YES YES YES YES YES YES YES YES YES
            
            U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
            YES YES YES YES YES YES YES YES YES YES YES NO  NO  NO  NO  YES
                                                                
USER ID              AGE PAGE UOUT REV LINK SA  SYS PU  DB  DBG
fred                 750 0    0    NO  YES  YES YES YES YES YES
            
            DB1 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
            NO  YES YES YES YES YES YES YES YES YES YES YES YES YES YES NO
            
            U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
            YES YES YES YES YES YES YES YES YES YES YES YES YES NO  NO  NO
                                                                
USER ID              AGE PAGE UOUT REV LINK SA  SYS PU  DB  DBG
travist              101 60 * 90 * NO  YES  NO  YES NO  NO  YES
            
            DB1 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
            YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES
            
            U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
            YES YES YES YES YES YES NO  NO  NO  NO  YES YES YES YES YES NO

Continue the procedure by performing one of these steps.

If the cc1 through cc8 parameters are not being specified in this procedure, continue the procedure with 4.
If the cc1 through cc8 parameters will be specified in this procedure, continue the procedure by performing one of these steps.
- If configurable command classes are shown in the rtrv-secu-user output, continue the procedure with 3.
- If configurable command classes are not shown in the rtrv-secu-user output, continue the procedure with 2.

Verify that the Command Class Management feature is enabled and activated, by entering the rtrv-ctrl-feat command with the partnum=89005801 parameter.
This is an example of the possible output.
```
rlghncxa03w 06-10-01 21:15:37 GMT EAGLE5 36.0.0
The following features have been permanently enabled:
Feature Name              Partnum    Status  Quantity
Command Class Management  893005801  off     ----
```
Note:
The rtrv-ctrl-feat command output contains other fields that are not used by this procedure. If you wish to see all the fields displayed by the rtrv-ctrl-feat command, see the rtrv-ctrl-feat command description in Commands User's Guide.

If the Command Class Management feature is enabled and turned on (status = on), 3 .

If the Command Class Management feature is not enabled or turned on, perform Activating Controlled Featuresto enable and turn on the Command Class Management feature.

Caution:
If the Command Class Management feature is temporarily enabled, the configurable command classes can be assigned and used only for the amount of time shown in the Trial Period Left column in the rtrv-ctrl-feat output.

Display the descriptions of the configurable command classes in the database by entering the rtrv-cmd command.

This is an example of the possible output.

rlghncxa03w 09-05-01 21:15:37 GMT EAGLE5 41.0.0
CMD                 CLASS
alw-slk             link, u11
ent-user            sa
unhb-slk            link
rtrv-attr-seculog   sa, u31
inh-slk             link, abc
rtrv-meas-sched     link, abc, def
act-lbp             link
act-dlk             link
act-slk             link
rtrv-seculog        sa, abc, def, ghi
act-lpo             link
blk-slk             link, abc, u23, u31
dact-lbp            link
canc-dlk            link
inh-card            sys
canc-lpo            link, u01, u02, u03, u04, u05, u06, u07, u08, u09, u10,
                    u11, u12, u13
canc-slk            link
ublk-slk            link, u01, u02, u03, u04, u05, u06, u07, u08, u09, u10,
                    u11, u12, u13, u14, u15, u16, u17, u18, u19, u20, u21,
                    u22, u23, u24, u25, u26, u27, u28, u29, u30, u31, u32
inh-trm             sys, krb
rept-meas           link
.
.
.
chg-meas            link
tst-dlk             link, krb
tst-slk             link

If the desired configurable command class descriptions are not in the database, perform Configuring Command Classesto configure the desired command classes.

Note:

A user ID cannot be changed while the user is logged on, except when the revoke=yes parameter is specified with the chg-user command. It is assumed that if the user is being revoked, the intent is to immediately deny the user access to the EAGLE. In this case, the user will be logged off when the database is updated.

Verify that the user is not logged on the EAGLE using the rept-stat-user command.

If the user is logged on to the EAGLE, the chg-user command will log the user off the EAGLE when the command is executed. Notify the user to log off the EAGLE. This is an example of the possible output.

rlghncxa03w 09-05-01 09:12:15 GMT  EAGLE5 41.0.0
REPT-STAT-USER COMPLTD
USER ID          TERM #  IDLE SINCE         COMMAND             STATE
fred                3    09-04-19 05:06:43  rept-stat-user      PROCESSING
frodo              13    09-04-20 08:12:23  chg-db              IDLE
manny               1    09-04-27 04:37:56  ent-dlk             IDLE
travist             7    09-04-30 10:06:22  rtrv-meas           IDLE

Change the user’s characteristics using the chg-user command.
The nuid parameter changes the user ID of a user. This parameter is optional and if not specified, the user ID is not changed. The user ID must contain 1 alpha character and up to 15 alphanumeric characters. The first character of a user ID must be an alpha character. Even though a period is not an alphanumeric character, one of the 15 alphanumeric characters can be a period.

The pid parameter specifies whether the password is to be changed. If no is selected, the password is not changed. If yes is entered, you will be prompted for a new password for the user. Enter the new password for the user. You do not need to know the old password with this command. The password must meet the requirements defined by the chg-secu-dflt command. Display the password requirements by entering the rtrv-secu-dflt command.

This is an example of the possible output.
```
rlghncxa03w 10-07-01 16:02:05 GMT  EAGLE5 42.0.0
SECURITY DEFAULTS
-----------------
MINLEN          8
ALPHA           1
NUM             1
PUNC            1
```
The rtrv-secu-dflt command output contains other fields that are not used by this procedure. If you wish to see all the fields displayed by the rtrv-secu-dflt command, refer to the rtrv-secu-dflt command description in Commands User's Guide.

The password can contain from one to twelve characters. For this example, the password must contain at least eight characters, no more than twelve, with at least one alpha character (a-z), at least one numeric character (0-9), and at least one punctuation character (any printable character that is not an alphabetic character, a numeric character, the space bar). The password requirements are shown in these fields in the rtrv-secu-dflt command output.
- MINLEN – the minimum length of the password
- ALPHA – the minimum number of alpha characters
- NUM – the minimum number of numeric characters
- PUNC – the minimum number of punctuation characters
The password is not case sensitive. For security reasons, the password is never displayed on the terminal.

At the prompt verify password, enter the new password again. This pid parameter is optional and the default value is no.

The other parameters assign command class permissions to the user ID. If yes is selected for any of these parameters, the user will have access to that class of commands. If no is entered, the user will not have access to that class of commands. These parameters are optional and if not specified, the values are not changed.

For this example, the user ID manny is being changed to bilbo, and the PU, DB, DBG, and DB1 command class values are changed. Enter this command.

chg-user:uid=manny:nuid=bilbo:pu=no:db=no:dbg=no:db1=yes

When this command has successfully completed, this message should appear.
```
rlghncxa03w 06-10-01 09:12:36 GMT  EAGLE5 36.0.0
CHG-USER: MASP A - COMPLTD
```

Verify the changes using the rtrv-secu-user command and specifying the user ID used in 5 with the uid parameter.

If the user ID was changed in 5 , specify the new user ID. For this example, enter this command.

rtrv-secu-user:uid=bilbo

This is an example of the possible output.

rlghncxa03w 09-03-01 08:33:48 GMT EAGLE5 40.1.0
                                                                
USER ID              AGE PAGE UOUT REV LINK SA  SYS PU  DB  DBG
bilbo                36  60   60   NO  YES  YES YES NO  NO  NO
            
            DB1 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
            YES NO  NO  NO  YES YES YES YES YES YES YES YES YES YES YES YES
            
            U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
            YES YES YES YES YES YES YES YES YES YES YES NO  NO  NO  NO  YES

Back up the new changes using the chg-db:action=backup:dest=fixed command.

These messages should appear, the active Maintenance and Administration Subsystem Processor (MASP) appears first.

BACKUP (FIXED) : MASP A - Backup starts on active MASP.
BACKUP (FIXED) : MASP A - Backup on active MASP to fixed disk complete.
BACKUP (FIXED) : MASP A - Backup starts on standby MASP.
BACKUP (FIXED) : MASP A - Backup on standby MASP to fixed disk complete.

Figure 4-8 Changing User Information

Sheet 1 of 3

Sheet 2 of 3

Sheet 3 of 3