INSERT USER and UPDATE USER Commands
The INSERT USER and UPDATE USER commands add or update a user in the IBM® Connect:Direct® Authorization file. The commands have the following format and parameters. The required parameters and keywords are in bold. (The NAME parameter is required only for INSERT USER.) Default values for parameters and subparameters are underlined.
| Label | Command | Parameters |
|---|---|---|
| (optional) | INSert USER | UPDate USER | USERID = (nodename, user ID) |
| NAME ='username' | ||
| ADD TYPE = Y | N | ||
| ALTER TYPE = Y | N | ||
| READ TYPE = Y | N | ||
| REMOVE TYPE = Y | N | ||
| ADD USER = Y | N | ||
| ALTER USER = Y | N | ||
| READ USER = Y | N | ||
| REMOVE USER = Y | N | ||
| CASE = Y | N | ||
| CDEL = Y | N Note: Valid only in the Interactive
user interface.
|
||
| CDELOFF = Y | N Note: Valid only in the
Interactive user interface.
|
||
| CHange = Y | N Note: The setting
for this parameter overrides the setting specified for the GEN.CHG.PROCESS
parameter.
|
||
| COPY = Y | N | ||
| DELPR = Y | N Note: The setting
for this parameter overrides the setting specified for the GEN.DEL.PROCESS
parameter.
|
||
| EVENTCMD = Y | N | ||
| FLUSH = Y | N Note: The setting
for this parameter overrides the setting specified for the GEN.FLS.PROCESS
parameter.
|
||
| GEN.CHG.PROCESS = Y | N Note: Valid only
in the Interactive user interface.
|
||
| GEN.DEL.PROCESS = Y | N Note: Valid only
in the Interactive user interface.
|
||
| GEN.FLS.PROCESS = Y | N Note: Valid only
in the Interactive user interface.
|
||
| GEN.SEL.PROCESS = Y | N Note: Valid only
in the Interactive user interface.
|
||
| GEN.SEL.STATISTICS = Y | N Note: Valid
only in the Interactive user interface.
|
||
| GVIEW = Y | N Note: Valid only in the Interactive
user interface.
|
||
| MAXSA = max signon attempts | ||
| MODALS = Y | N | ||
| MODIFY = Y | N | ||
| NSUBMIT = Y | N | ||
| OVCRC = Y | N | ||
| PASSword = initial password | ||
| PHone = 'phone number' | ||
| PTKTDATA = (APPL profile name, secured signon key) | ||
| RESETSA | ||
| RUNJOB = Y | N | ||
| RUNTASK = Y | N | ||
| SECURERD= Y | N | ||
| SECUREWR = Y | N | ||
| SECURITY = (security id, security pswd) | ||
| SELNET = Y | N | ||
| SELPR = Y | N Note: The setting for
this parameter overrides the setting specified for the GEN.SEL.PROCESS
parameter.
|
||
| SELSTAT = Y | N Note: The setting for
this parameter overrides the setting specified for the GEN.SEL.STATISTICS
parameter.
|
||
| STATCMD = Y | N | ||
| STOPCD = Y | N | ||
| SUBMIT = Y | N | ||
| SUBMITTER.CMDS = ( Y | N, Y | N,
Y | N, Y | N, Y | N ) Note: This parameter is
valid only in the batch interface.
|
||
| UPDNET = Y | N | ||
| REFSH = Y | N Note: This parameter updates
the INITPARM file.
|
||
| VIEW PROCESS = Y | N Note: The setting for this
parameter overrides the setting specified for the GEN.VIEW.PROCESS
parameter.
|
||
| CERTUSERAUTH = Y | N | ||
| READ PROCLIB = Y | N | ||
| ALTER PROCLIB = Y | N | ||
| READ FILEAGENT = Y | N | ||
| ALTER FILEAGENT = Y | N | ||
| EXTERNAL.STATS = Y | N |
Required Parameters
The following parameters are required for the INSERT USER command. The USERID parameter is required for the UPDATE USER command, but the NAME parameter is not.
| Parameter | Description |
|---|---|
| USERID = (nodename, user ID) | Specifies the user node and user ID of the record
being added or updated. nodename specifies the user node of the User record. It is a 1–16 character alphanumeric string. Note: Connect:Direct
for z/OS® does
not accept the following characters for the node name:
Important: Characters used in Netmap Node
Names (or Secure+ Node Names or Secure+ Alias Names) should be restricted
to A-Z, a-z, 0-9 and @ # $ . _ - to ensure that the entries can be
properly managed by Control Center, Connect:Direct Browser User Interface,
or Sterling Connect:Direct Application Interface for
Java (AIJ) programs.
user ID specifies the user ID of the User record. The user ID can contain 1–64 characters of any kind. |
| NAME = ‘username' | Specifies the full name of the user. The NAME is a string of 1–20 characters. If blanks are embedded in the NAME parameter, you must enclose the NAME in single quotation marks. This parameter is not required by the UPDATE USER command. |
Optional Authorization Record Parameters
Optional parameters for INSERT and UPDATE USER commands are separated into two categories: authorization record parameters and functional authorization parameters.
The following table describes the authorization record parameters for the INSERT USER and UPDATE USER commands. You can authorize each user to add, alter, read, or remove a record. Specify the authorization by indicating the action (ADD, ALTER, READ, REMOVE) followed by the record type. If you do not specify an action for a Type or User record, the action defaults to No.
| Parameter | Description |
|---|---|
| ADD TYPE = Y | N | Specifies whether the user is allowed to insert new records into the Type Defaults file. |
| ALTER TYPE = Y | N | Specifies whether the user is allowed to update records in the Type Defaults file. |
| READ TYPE = Y | N | Specifies whether the user is allowed to read records from the Type Defaults file. |
| REMOVE TYPE= Y | N | Specifies whether the user is allowed to delete records from the Type Defaults file. |
| ADD USER = Y | N | Specifies whether the user can insert new records into the Authorization file. |
| ALTER USER = Y | N | Specifies whether the user is allowed to update records in the Authorization file. |
| READ USER = Y | N | Specifies whether the user is allowed to read records from the Authorization file. |
| REMOVE USER = Y | N | Specifies whether the user is allowed to delete records from the Authorization file. |
Optional Functional Authorization Parameters
Following are the functional authorization parameters for INSERT USER and UPDATE USER:
| Parameter | Description |
|---|---|
| CASE = Y | N | Specifies whether accounting data, user ID, password, and data set name parameters are case sensitive. This choice overrides the case designation selected at session signon, and is in effect only for this command. The default is the designation made at session signon. |
| CDEL = Y | N | Specifies whether the Confirm Delete/Suspend/Flush Command prompt displays for a particular user. |
| CDELOFF = Y | N | Specifies whether the user can turn off the Confirm Delete/Flush/Suspend Command prompt for the current session. If you do not change the default of No to Yes, the user will always see the Confirm Delete/Flush/Suspend Command prompt and will not be given this option. |
| CHange = Y | N | Specifies whether the user is allowed to use the CHANGE PROCESS command. |
| COPY = Y | N | Specifies whether the user is allowed to use the COPY statement. |
| DELPR = Y | N | Specifies whether the user is allowed to use the DELETE PROCESS command. |
| EVENTCMD = Y | N | Specifies whether the user is allowed to use the Event Services Support commands. |
| FLUSH = Y | N | Specifies whether the user is allowed to use the FLUSH PROCESS and SUSPEND PROCESS commands. |
| GEN.CHG.PROCESS = Y | N | Specifies whether the user can change any Processes or only Processes that are submitted. If you specify GEN.CHG.PROCESS=Y, the user can only change Processes that he or she submitted (valid only in the IUI). Can be overridden by the CHange parameter setting. |
| GEN.DEL.PROCESS = Y | N | Specifies whether the user can delete any Processes or only Processes that are submitted. If you specify GEN.DEL.PROCESS=Y, the user can only delete Processes that he or she submitted (valid only in the IUI). Can be overridden by the DELPR parameter setting. |
| GEN.FLS.PROCESS = Y | N | Specifies whether the user can flush any Processes or only Processes that the user submitted. If you specify GEN.FLS.PROCESS=Y, the user can only flush Processes that he or she submitted (valid only in the IUI). Can be overridden by the FLUSH parameter setting. |
| GEN.SEL.PROCESS = Y | N | Specifies whether the user can select any Processes or only Processes that the user submitted. If you specify GEN.SEL.PROCESS=Y, the user can only select Processes that he or she submitted (valid only in the IUI). Can be overridden by the SELPR parameter setting. |
| GEN.SEL.STATISTICS = Y | N | Specifies whether the user can select any statistics or only statistics for Processes that the user submitted. If you specify GEN.SEL.STATISTICS=Y, the user can only select statistics for Processes that he or she submitted (valid only in the IUI). Can be overridden by the SELSTAT parameter setting. |
| GVIEW = Y | N | Specifies whether the user can view only Processes submitted with a matching USERID or all Processes regardless of who submitted them. Can be overridden by the VIEW PROCESS parameter setting. |
| MAXSA = max signon attempts | Specifies the maximum number of signon attempts the user is allowed per hour. The range is 0–99. The default is 60. Zero (0) indicates no maximum number. (See the RESETSA parameter to see how to temporarily reset this value.) |
| MODALS = Y | N | Specifies whether the user is allowed to use the modal statements IF, ELSE, EIF, GOTO, and EXIT. |
| MODIFY = Y | N | Specifies whether the user is allowed to request traces and modify initialization parameters. |
| NSUBMIT = Y | N | Specifies whether the user is allowed to use the SUBMIT statement to submit a Process. |
| OVCRC = Y | N | Specifies whether the user is allowed to use the CRC statement to override the initial CRC settings. |
| PASSword = initial password | Defines the initial password for the user ID. The password is a 1–64 character alphanumeric string. |
| PHone = 'phone number' | Phone number of the user. Enclose the phone number in single quotation marks. The quotation marks allow for a space after the area code. |
| PTKTDATA=(APPL prof name, secured signon key) | Specifies the values required for the Stage 2 security exit to rewrite an IBM RACF PassTicket password. APPL prof name is the value specified when the profile is defined for the PTKTDATA class. The secured signon key is the value associated with the PTKTDATA class and the name specified in the APPL Prof name. See Generating IBM RACF PassTickets . |
| RESETSA | Specifies that the signon attempt count is reset to 0. (See the MAXSA parameter to see how to set the signon attempt count.) This parameter enables the user to try to sign on, even if he or she has previously exceeded the maximum number of signon attempts. This parameter is used in the UPDATE USER command only. |
| RUNJOB = Y | N | Specifies whether the user is allowed to use the RUN JOB statement. |
| RUNTASK = Y | N | Specifies whether the user is allowed to use the RUN TASK statement. |
| SECURERD = Y | N or SECURE.READ =Y | N |
Specifies whether the user can display (read) the Connect:Direct Secure Plus Parameters file in Control Center. |
| SECUREWR = Y | N or SECURE.WRITE = Y | N |
Specifies whether the user can update (write to) the Connect:Direct Secure Plus Parameters file in Control Center. |
| SECURITY = (security ID, security pswd) | Specifies the security ID and security password
to identify the file authorization of the user. Security support includes
CA-ACF2, CA-TOP SECRET, and IBM RACF. Security ID specifies the 1–64 character security system ID for the user. This ID must meet the standards of the security subsystem at the location of the user. The security ID is required if this parameter is specified. Security pswd specifies the 1–64 character security system password for the user. This password must meet the standards of the security subsystem at the location of the user. |
| SELNET = Y | N | Specifies whether the user is allowed to use the SELECT NETMAP command. |
| SELPR = Y | N | Specifies whether the user is allowed to use the SELECT PROCESS command. |
| SELSTAT = Y | N | Specifies whether the user is allowed to use the SELECT STATISTICS command. |
| STATCMD = Y | N | Specifies whether the user is allowed to use the STATISTICS COMMAND command. |
| STOPCD = Y | N | Specifies whether the user is allowed to use the STOP CD command. |
| SUBMIT = Y | N | Specifies whether the user is allowed to use the SUBMIT statement to define and submit within a Process. |
| SUBMITTER.CMDS = (Y | N Y | N Y | N Y | N Y | N) | Specifies whether the user is allowed to issue
certain commands concerning the Processes that he or she submitted
(valid only in the batch interface). These commands are:
For more information, see the IUI definitions for these commands in Functional Authorization Parameters for the INSERT and UPDATE USER Command . (The IUI definitions begin with GEN and the command name is abbreviated.) |
| REFSH = Y | N | Specifies whether the user is allowed to update the initialization parameters file in Control Center. |
| UPDNET = Y | N | Specifies whether the user is allowed to use UPDATE NETMAP. |
| VIEW PROCESS = Y | N | Specifies whether the user is allowed to use VIEW PROCESS. |
| CERTUSERAUTH = Y | N |
Specifies whether the user can perform certificate authentication for client API connections. Y — Enables client certificate authentication for a user N — Disables client certificate authentication for a user |
| READ PROCLIB = Y | N |
Specifies whether the user can read Process Library. User can perform List or Get operations on Process Library when value is Y. |
| ALTER PROCLIB = Y | N |
Specifies whether the user can update Process Library. User can perform List, Add, Delete, Rename or Get operations on Process Library when value is Y. |
| READ FILEAGENT = Y | N | Specifies whether the user can read File Agent Configuration. |
| ALTER FILEAGENT = Y | N | Specifies whether the user can update File Agent Configuration. |
| EXTERNAL.STATS = Y | N | Specifies whether the user is allowed to use WRITE EXSTATS. |