Go to primary content
Oracle® Communications EAGLE Database Administration - System Management User's Guide
Release 46.6
E93319 Revision 1
Go To Table Of Contents
Contents
Previous
Previous 		Next
Next

Adding a User to the System

This procedure is used to add a user to the EAGLE using the ent-user command. This procedure can only be performed if you have been assigned the command class “Security Administration.” If the user ID does not exist in the database, the user’s characteristics cannot be changed.

Note:

This procedure can be performed on all terminals (1 - 40) if the Eagle OA&M IP Security Enhancements feature is on. If this feature is on, the entry YES is shown for terminals 17 through 40 in the SECURE column in the rtrv-trm output. The output of the rtrv-ctrl-feat command also shows if this feature is on or off. If this feature is off, this procedure can be performed only on terminals 1 through 16. If you wish to use the Eagle OA&M IP Security Enhancements feature, and the feature is not on, performActivating the EAGLE OA&M IP Security Enhancement Controlled Feature to enable and turn on this feature.

The ent-user command uses these parameters.

:uid – The user ID to be added to the database

:all – The user has access to all commands in all non-configurable command classes (dbg, link, sys, sa, pu, db).

:dbg – The user has access to all commands in the command class “Debug.”

:link – The user has access to all commands in the command class “Link Maintenance.”

:sys – The user has access to all commands in the command class “System Maintenance.”

:sa – The user has access to all commands in the command class “Security Administration.”

:pu – The user has access to all commands in the command class “Program Update.”

:db – The user has access to all commands in the command class “Database Administration.”

:cc1 - :cc8 – Eight configurable command classes. These parameters specified whether or not the user has access to the commands in the specified configurable command class. The value of these parameters consist of the configurable command class name (1 alphabetic character followed by 2 alphanumeric characters), and either yes or no. The command class name and the yes or no values are separated by a dash. For example, to assign a user the permission to use the commands in configurable command class db1, the cc1=db1-yes parameter would be specified.

To specify any configurable command classes, the Command Class Management feature must be enabled and turned on. Enter the rtrv-ctrl-feat command to verify whether or not the Command Class Management feature is enabled. If the Command Class Management feature is not enabled or turned on, perform Activating Controlled Features to enable and turn on the Command Class Management feature. Up to 32 configurable command classes can be assigned to users. When the Command Class Management feature is enabled and turned on, the configurable command class names are given the names u01 - u32. These command class names, the descriptions of these command classes, and the commands assigned to these command classes can be changed using Configuring Command Classes.

The ent-user command allows up to eight configurable command classes to be assigned to the user. Perform Changing User Information to assign the other 24 configurable command classes to the user, if desired.

:page – The amount of time, in days, that the specified user’s password can be used before the user must change their password.

If the page parameter is not specified with the ent-user command, the EAGLE uses the value configured for the page parameter specified by the chg-secu-dflt command to determine the age of the user’s password.

:uout – The number of consecutive days that a user ID can remain active in the EAGLE and not be used. When the user ID has not been used for the number of days specified by the uout parameter, that user ID is no longer valid and the EAGLE rejects any attempt to log into the EAGLE with that user ID.

If the uout parameter is not specified with the ent-user command, the EAGLE uses the value configured for the uout parameter specified by the chg-secu-dflt command to determine the number of consecutive days that a user ID can remain active on the EAGLE and not be used

:revoke – Is the specified user ID in service? Any login attempts using a revoked user ID are rejected by the EAGLE. The revoke=yes parameter cannot be specified for a user ID assigned to the security administration command class.

The words seas or none cannot be used for user IDs to prevent any conflict with the use of these words in the UID field of the security log. The word none in the UID field of the security log refers to any command that was logged that had no user ID associated with it. The word seas refers to any command logged in the security log that entered the EAGLE on either of the SEAS terminals.

This example shows an rtrv-secu-user command output when the Command Class Management feature is enabled and turned on. If the Command Class Management feature is not enabled and turned on, the 32 configurable command classes, shown in the following example as fields U01 - U32, are not shown in the rtrv-secu-user command output.

An asterisk (*) displayed after the value in the PAGE or UOUT fields indicates that the system-wide default page or uout parameter values, as configured on the chg-secu-dflt command, is in effect for the user ID.

rlghncxa03w 09-03-01 08:33:48 GMT EAGLE5 40.1.0
                                                                
USER ID              AGE PAGE UOUT REV LINK SA  SYS PU  DB  DBG
frodo                750 0    0    NO  YES  YES YES YES YES YES
            
            U01 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
            YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES NO
            
            U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
            YES YES YES YES YES YES YES YES YES YES YES NO  NO  NO  NO  YES
                                                                         
USER ID              AGE PAGE UOUT REV LINK SA  SYS PU  DB  DBG
manny                36  60   60   NO  YES  YES YES YES YES YES           
            U01 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
            NO  NO  NO  NO  YES YES YES YES YES YES YES YES YES YES YES YES
            
            U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
            YES YES YES YES YES YES YES YES YES YES YES NO  NO  NO  NO  YES
                                                               
USER ID              AGE PAGE UOUT REV LINK SA  SYS PU  DB  DBG
moe                  100 30   60   YES YES  YES YES YES YES YES
            
            U01 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
            YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES NO
            
            U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
            YES YES YES YES YES YES YES YES YES YES YES YES YES NO  NO  NO
                                                                
USER ID              AGE PAGE UOUT REV LINK SA  SYS PU  DB  DBG
jack                 10  30 * 30 * NO  YES  YES YES YES YES YES
            
            U01 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
            YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES
            
            U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
            YES YES YES YES YES YES NO  NO  NO  NO  YES YES YES YES YES NO

Canceling the RTRV-SECU-USER Command

Because the rtrv-secu-user command used in this procedure can output information for a long period of time, the rtrv-secu-user command can be canceled and the output to the terminal stopped. There are three ways that the rtrv-secu-user command can be canceled.

  • Press the F9 function key on the keyboard at the terminal where the rtrv-secu-user command was entered.
  • Enter the canc-cmd without the trm parameter at the terminal where the rtrv-secu-user command was entered.
  • Enter the canc-cmd:trm=<xx>, where <xx> is the terminal where the rtrv-secu-user command was entered, from another terminal other that the terminal where the rtrv-secu-user command was entered. To enter the canc-cmd:trm=<xx> command, the terminal must allow Security Administration commands to be entered from it and the user must be allowed to enter Security Administration commands. The terminal’s permissions can be verified with the rtrv-secu-trm command. The user’s permissions can be verified with the rtrv-user or rtrv-secu-user commands.

For more information about the canc-cmd command, go to Commands User's Guide.

  1. Verify whether or not the user ID you wish to add to the database is in the database by entering the rtrv-secu-user command and specifying the desired user ID with the uid parameter.

    For this example, enter this command.

    rtrv-secu-user:uid=frodo

    If the user ID being added to the database is displayed in the rtrv-secu-user output, the user ID cannot be used in this procedure. The attributes of the user ID shown in the rtrv-secu-user output can be changed in the Changing User Information.

    If the user ID being added to the database is not in the database, the error message E2199 is displayed. 

    E2199 Cmd Rej: The specified user identification is not defined
    Continue the procedure by performing one of these steps.
    • If the cc1 through cc8 parameters are not being specified in this procedure, continue the procedure with 4.
    • If the cc1 through cc8 parameters will be specified in this procedure, continue the procedure by performing one of these steps.
      • If configurable command classes are shown in the rtrv-secu-user output, continue the procedure with 3.
      • If configurable command classes are not shown in the rtrv-secu-user output, continue the procedure with 2.
  2. Verify that the Command Class Management feature is enabled and turned on, by entering the rtrv-ctrl-feat command with the partnum=893005801 parameter.

    This is an example of the possible output.

    rlghncxa03w 06-10-01 21:15:37 GMT EAGLE5 36.0.0
The following features have been permanently enabled:
Feature Name              Partnum    Status  Quantity
Command Class Management  893005801  off     ----

    Note:

    The rtrv-ctrl-feat command output contains other fields that are not used by this procedure. If you wish to see all the fields displayed by the rtrv-ctrl-feat command, see the rtrv-ctrl-feat command description in Commands User's Guide.

    If the Command Class Management feature is enabled and turned on (status = on), continue the procedure with 3.

    If the Command Class Management feature is not enabled or turned on, perform Activating Controlled Featuresto enable and turn on the Command Class Management feature.

    Caution:

    If the Command Class Management feature is temporarily enabled, the configurable command classes can be assigned and used only for the amount of time shown in the Trial Period Left column in the rtrv-ctrl-feat output.
  3. Display the descriptions of the configurable command classes in the database by entering the rtrv-cmd command.

    This is an example of the possible output. 

    rlghncxa03w 09-05-01 21:15:37 GMT EAGLE5 41.0.0
CMD                 CLASS
alw-slk             link, u11
ent-user            sa
unhb-slk            link
rtrv-attr-seculog   sa, u31
inh-slk             link, abc
rtrv-meas-sched     link, abc, def
act-lbp             link
act-dlk             link
act-slk             link
rtrv-seculog        sa, abc, def, ghi
act-lpo             link
blk-slk             link, abc, u23, u31
dact-lbp            link
canc-dlk            link
inh-card            sys
canc-lpo            link, u01, u02, u03, u04, u05, u06, u07, u08, u09, u10,
                    u11, u12, u13
canc-slk            link
ublk-slk            link, u01, u02, u03, u04, u05, u06, u07, u08, u09, u10,
                    u11, u12, u13, u14, u15, u16, u17, u18, u19, u20, u21,
                    u22, u23, u24, u25, u26, u27, u28, u29, u30, u31, u32
inh-trm             sys, krb
rept-meas           link
.
.
.
chg-meas            link
tst-dlk             link, krb
tst-slk             link

    If the desired configurable command class descriptions are not in the database, perform Configuring Command Classes to configure the desired command classes.

  4. After you enter the ent-user command, you will be prompted for a password for the user that is being added.

    The password must meet the requirements defined by the chg-secu-dflt command. Once you enter the ent-user command, you will not be able to enter any other commands until the user ID and password combination has been accepted by the EAGLE. The password requirements must be verified before the ent-user command is executed. Display the password requirements by entering the rtrv-secu-dflt command. This is an example of the possible output. 

    rlghncxa03w 10-07-01 16:02:05 GMT  EAGLE5 42.0.0
SECURITY DEFAULTS
-----------------
MINLEN          8
ALPHA           1
NUM             1
PUNC            1

    The rtrv-secu-dflt command output contains other fields that are not used by this procedure. If you wish to see all the fields displayed by the rtrv-secu-dflt command, refer to the rtrv-secu-dflt command description in Commands User's Guide.

    The password can contain from one to twelve characters. For this example, the password must contain at lease eight characters, no more than twelve, with at least one alpha character (a-z), at least one numeric character (0-9), and at least one punctuation character (any printable character that is not an alphabetic character, a numeric character, the space bar). The password requirements are shown in these fields in the rtrv-secu-dflt command output.

    • MINLEN – the minimum length of the password
    • ALPHA – the minimum number of alpha characters
    • NUM – the minimum number of numeric characters
    • PUNC – the minimum number of punctuation characters

    The password is not case sensitive. For security reasons, the password is never displayed on the terminal.

  5. Add the new user ID to the database using the ent-user command.

    The user ID must contain 1 alpha character and up to 15 alphanumeric characters. The first character of a user ID must be an alpha character. Even though a period is not an alphanumeric character, one of the 15 alphanumeric characters can be a period.

    The other parameters assign command class permissions to the user ID. If yes is entered for any of these parameters, the user will have access to that class of commands. If no is entered, the user will not have access to that class of commands. These parameters are optional and if not specified, the user is not assigned to that command class. The user is assigned to the Basic command class whether any of these other parameters are specified. Refer to Commands User's Guide for a list of commands permitted with each command class. For this example, the user IDfrodo is being added with access to these command classes: link maintenance, system maintenance, database administration, and debug.

    The frodo user ID will use the values for the page and uout parameters configured with the chg-secu-dflt command. For this example, enter this command.

    ent-user:uid=frodo:link=yes:sys=yes:db=yes:dbg=yes:cc1=db1-yes

    This message should appear. 

    rlghncxa03w 06-10-01  09:12:36 GMT  EAGLE5 36.0.0
ENT-USER: MASP A - COMPLTD
  6. You are prompted for a password for the user that is being added.

    Enter the new password. Make sure that the password meets the password requirements displayed in the output of the rtrv-secu-dflt command, executed in 4 .

  7. At the prompt verify password, re-enter the password that was entered in 6 again.
  8. When the command executed message appears, the execution of the command has been completed, and the user ID and password has been added to the database.
  9. Verify the changes using the rtrv-secu-user command with the user ID specified in 5 .

    For this example, enter this command.

    rtrv-secu-user:uid=frodo

    This is an example of the possible output. 

    rlghncxa03w 09-03-01 08:33:48 GMT EAGLE5 40.1.0
                                                                
USER ID              AGE PAGE UOUT REV LINK SA  SYS PU  DB  DBG
frodo                0   60 * 90 * NO  YES  NO  YES NO  YES YES
            
            DB1 U02 U03 U04 U05 U06 U07 U08 U09 U10 U11 U12 U13 U14 U15 U16
            YES NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO
            
            U17 U18 U19 U20 U21 U22 U23 U24 U25 U26 U27 U28 U29 U30 U31 U32
            NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO  NO
  10. Back up the new changes using the chg-db:action=backup:dest=fixed command.

    These messages should appear, the active Maintenance and Administration Subsystem Processor (MASP) appears first.

    BACKUP (FIXED) : MASP A - Backup starts on active MASP.
BACKUP (FIXED) : MASP A - Backup on active MASP to fixed disk complete.
BACKUP (FIXED) : MASP A - Backup starts on standby MASP.
BACKUP (FIXED) : MASP A - Backup on standby MASP to fixed disk complete.

Figure 4-6 Adding a User to the System



Sheet 1 of 2



Sheet 2 of 2

Previous
Previous 		Next
Next
Go To Table Of Contents
Contents