QUERY SECUSER

Read syntax diagramSkip visual syntax diagram Query SECuser 1*ALL2userid3
Notes:
  • 1 If QUERY SECUSER is executed with the AT command, the ALL or userid operand is required.
  • 2 ALL is not valid for class G users.
  • 3 A class G user may specify only the user's own user ID.

Authorization

Privilege Class: A, B, C, G

Purpose

Use QUERY SECUSER to determine the secondary user setting for a virtual machine (the primary user). CP displays the identity and status of the secondary user. If you are a class G user, you can display the secondary user setting for your own virtual machine. If you are a class A, B, or C user, you can display the secondary user setting for any virtual machine or for all local virtual machines that have secondary users defined.

Operands

*
displays the secondary user setting for the user who issues the command. This is the default.
ALL
displays the secondary user setting for all local users currently logged on or disconnected that have secondary users defined.
userid
identifies the user whose secondary user setting is to be displayed.

Usage Notes

  1. The initial setting for your secondary user ID is determined by the CONSOLE statement in your user directory entry.
  2. A virtual machine cannot have both a secondary user and an observer defined by any combination of the SET SECUSER and SET OBSERVER commands and the CONSOLE directory statement.
  3. In an SSI cluster, the primary user and secondary user can be logged on to different member systems.
    If either user is a multiconfiguration virtual machine:
    • The secondary user will function in that capacity only when it is local (logged on to the same member as the primary user). If the primary user is a multiconfiguration virtual machine, the secondary user must be logged on to the same member as the instance of the primary user for which the secondary user setting was established:
      • If the setting was established by a CONSOLE statement in the identity entry in the primary user's virtual machine definition, a potential secondary user relationship exists for every member instance of the primary user.
      • If the setting was established by a CONSOLE statement in a subconfiguration entry in the primary user's virtual machine definition, a potential secondary user relationship exists for that member instance of the primary user.
      • If the setting was established by a SET SECUSER command, a potential secondary user relationship exists for the member on which the SET SECUSER command was issued.
    • If the secondary user is remote:
      • The secondary user can issue SEND commands to the primary user. The AT sysname operands are required if the primary user is a multiconfiguration virtual machine instance.
      • The secondary user will not receive responses to SEND commands or any other output from the primary user.
  4. If your virtual machine requests console input while disconnected and you do not have a functional secondary user, CP waits for some installation-defined period of time (usually 15 minutes) for you to reconnect. If you do not reconnect within that time, CP logs you off the system.

Responses

Responses 1 through 5 are returned if you issue the QUERY SECUSER command without any additional operands.

Response 1: 
SECONDARY USER userid IS DISCONNECTED
is returned if a secondary user is defined for your virtual machine (on the CONSOLE statement in your virtual machine definition or on a SET SECUSER command), and that user is disconnected.

If you disconnect from the system, the result is the same as if no secondary user ID was defined, unless the secondary user's virtual machine handles console I/O through the message system service. In this case, secondary console support is provided to your disconnected virtual machine. If the secondary user reconnects, it can provide secondary console functions for your virtual machine.

Response 2: 
SECONDARY USER userid IS NOT LOGGED ON
is returned if a secondary user is defined for your virtual machine (on the CONSOLE statement in your virtual machine definition or on a SET SECUSER command), and that user is not logged on.

If you disconnect from the system, the result is the same as if no secondary user ID was defined. If the secondary user logs on, it can provide secondary console functions for your virtual machine.

Response 3: 
SECONDARY USER userid IS LOGGED ON
is returned if a secondary user is defined for your virtual machine (on the CONSOLE statement in your virtual machine definition or on a SET SECUSER command), and that user is capable of providing secondary console support for you.

If you, the primary user, disconnect from the system, that secondary user receives your console output until you reconnect or log off. The secondary user may provide console input to your virtual machine or to CP on your behalf by using the SEND command.

Response 4: 
SECONDARY USER IS UNDEFINED
is returned if a secondary user is not defined for your virtual machine. If you disconnect from the system, your console output is lost until you reconnect. If you have spooled your console output, it is retained in your console spool file.
Response 5: 
SECONDARY USER IS NOT LOGGED ON LOCALLY
is returned if all of the following conditions are true:
  • This system is a member of an SSI cluster.
  • You, the primary user, are defined as a multiconfiguration virtual machine.
  • A secondary user is defined for your virtual machine on this member of the cluster (on a CONSOLE statement in the subconfiguration entry for this member in your virtual machine definition, or on a SET SECUSER command issued on this member).
  • That user is not logged on to this member of the cluster. (The user might be logged on to another member.)

No console output from your virtual machine will be sent to the secondary user. See usage note 3.

Response 6: 
FAILED MAC CHECK
is returned if security label checking by an external security manager (ESM) is active and the primary/secondary user relationship fails the mandatory access control checks.
Response 7: If you issue the QUERY SECUSER command with an additional option and the secondary user is disconnected, CP responds with a display that looks like this: 
          Secondary
Userid    Userid    Status
MAINT     DAVID     disconnected
The Status column in the display might also contain not logged on, logged on, not defined, not logged on locally, or failed MAC check.
Response 8: If a class A, B, or C user issues QUERY SECUSER ALL, CP displays the current secondary user settings for all users that are currently logged on or disconnected. If no currently logged on users have a secondary user defined, CP issues the following response: 
No secondary users defined or active.

Messages

  • HCP003E Invalid option - {option|command contains extra option(s) starting with option}
  • HCP045E userid not logged on
  • HCP1149E Error communicating with another SSI member. It cannot be determined if command executed remotely.