NAME
mxuser - add, modify, remove, or list users in Systems Insight Manager
SYNOPSIS
mxuser -a username [-d description] [-p full | limited | none | +T | -T
][ -C authorization_source_user]
mxuser -a -g usergroupname [-d description] [-p full | limited | none |
+T | -T ][ -C authorization_source_user]
mxuser -a -f filename
mxuser -a -gf -f filename
mxuser -m username [-d description] [-p full | limited | none | +T | -T
]
mxuser -m -g usergroupname [-d description] [-p full | limited | none |
+T | -T ]
mxuser -m -f filename
mxuser -m -gf -f filename
mxuser -r username
mxuser -r -g usergroupname
mxuser -r -f filename
mxuser -r -gf -f filename
mxuser [-l d|f|n|t] [ username ...]
mxuser [-l dg|fg|ng|tg] [ usergroupname ...]
mxuser -lf [-b encoding] [ username ...]
Remarks
This command does not list the authorizations assigned to a user. See
mxauth(1M).
DESCRIPTION
The mxuser command allows the user to manage user IDs and usergroups
in Systems Insight Manager.
The first, second, third, and fourth forms of mxuser allow a Systems
Insight Manager user or usergroup with Full Rights to add a new user
or group to the Systems Insight Manager-managed cluster. The Full
Rights User may optionally grant or deny Full or Limited Rights to the
new user or group. The Full Rights allows a user or user group full
access to Systems Insight Manager capabilities. With Limited Rights
and No Rights, users are only allowed access to the listing options of
Systems Insight Manager commands. In addition to listing, the Limited
Rights user may create tools using the mxtool(1M) command. If the Full
Rights User does not specify rights for the new user or user group,
the system assigns Limited Rights to the new user or group by default.
Additionally, this command provides the Full Rights User with the
option to assign the new user or group the authorizations of an
existing user or group by specifying the existing user's name or
group's name. For a discussion of authorizations, see mxauth(1M).
The third form allows the Systems Insight Manager Full Rights User to
add users by specifying a file containing the required information.
The file must be formatted in the eXtensible Markup Language (XML)
format defined for Systems Insight Manager users. See mxuser(4).
The third and fourth form allows the Systems Insight Manager Full
Rights User to add user groups by specifying a file containing the
required information. The file must be formatted in the eXtensible
Markup Language (XML) format defined for Systems Insight Manager user
groups. See mxuser(4).
The fourth, fifth, sixth and seventh forms of mxuser allow a Full
Rights User to modify an existing Systems Insight Manager user's or
group's description and/or to re-assign rights to an existing user or
group. The description replaces the existing description for the user
or group. Any modification of the user's or group's authorizations
must be through the use of mxauth(1M). As with adding users and
groups, the users or groups to be modified may be specified on the
command line or in an XML file. See mxuser(4).
The eighth and ninth forms of mxuser allows a Full Rights User to
remove the specified Systems Insight Manager user or group. This form
of the command can only remove one user or group at a time. All
authorizations for this user or group are removed as well. A Systems
Insight Managed Cluster must have at least one Full Rights User;
therefore, the last Full Rights User may not be removed.
If multiple Systems Insight Manager users or groups are be to removed,
the tenth and eleventh forms of mxuser allows the users or groups to
be specified in an XML file. See mxuser(4).
The twelfth form of this command allows Systems Insight Manager user
information to be listed. Specifying no options with the mxuser
command provides a listing of user names with no other information.
This listing is the same as the -l option with the n qualifier. The -l
option with the d qualifier provides a detailed screen-viewable
listing of the users. The -l option with the f qualifier provides an
XML file-formatted listing. The output of the XML file-formatted
listing is valid input to the -f option. The -l option with the t
qualifier provides a tabular listing of users with detailed
information.
The thirteenth form of the command allows user information to be
written to an XML file and optionally specify the character encoding
for the XML file. The value for the character encoding must match a
valid character encoding. If no encoding is specified, the system
attempts to write the file in the encoding currently defined for the
given system. The list of valid character encodings is maintained at
the following web site
http://www.iana.org/assignments/character-sets
Only Systems Insight Manager Full Rights Users may use this command to
add or remove users or to modify existing user information. Any user
may use the mxuser command to list user information.
For backwards compatibility with ServiceControl Manager 3.0, the -p
option also supports the Trusted and Untrusted User +T and -T options.
The +T option creates a user with or modifies a user to Full Rights.
The -T option creates a user with or modifies a user to Limited
Rights.
The last form of this command allows Systems Insight Manager user
group information to be listed. Specifying no options with the mxuser
command provides a listing of user group names with no other
information. This listing is the same as the -l option with the ng
qualifier. The -l option with the dg qualifier provides a detailed
screen-viewable listing of the users. The -l option with the fg
qualifier provides an XML file-formatted listing. The output of the
XML file-formatted listing is valid input to the -fg option. The -l
option with the tg qualifier provides a tabular listing of users with
detailed information.
File Processing
The mxuser command allows a Full Rights User to add, modify, or remove
Systems Insight Manager users by specifying an XML file containing a
list of users and user attributes.
The XML file format allows one to specify information in addition to
that allowed by command line options. In the XML file, one may specify
a user's full name, email address, and phone number.
The Systems Insight Manager processes the input file data in two
passes.
The first pass attempts to parse the XML file and generate a list of
users to process during the second pass. The first pass ensures that
the XML file is formatted properly, that the user names are valid, and
the user objects contain valid information. During the first pass, if
the Systems Insight Manager detects a error, the Systems Insight
Manager interrupts the process, issues an error message describing the
error, and leaves the Systems Insight Manager repository unchanged.
If the Systems Insight Manager successfully processes the XML file in
the first pass, the Systems Insight Manager attempts to process the
user list collected during the first pass. During this second pass,
the Systems Insight Manager processes the user list until it processes
the entire list or until the Systems Insight Manager encounters a
logic error, such as specifying a duplicate user during an add,
specifying a non-existent user during a modify, or attempting to
remove the last Full Rights User during a remove.
If an error occurs during the second pass, the Systems Insight Manager
interrupts processing at that point and issues an error message. If
the input file contains valid user data prior to the invalid data, the
Systems Insight Manager processes that data completely and modifies
the Systems Insight Manager repository appropriately. The Systems
Insight Manager ignores all data subsequent to the invalid data.
Options
mxuser recognizes the following options:
-a Indicates that a user is to be added.
-r Indicates that the user is to be completely
removed.
-m Indicates that a user is to be modified. The user
may be granted or denied privileges. A
modification of the comment replaces any existing
comment.
-f filename Indicates that information regarding users to be
added, modified or removed is provided in the XML
file specified by filename (see mxuser(4) ).
-l d Displays a detailed and screen-viewable listing of
user(s) and user attributes.
-l f Displays an XML listing of user(s) and user
attributes (see mxuser(4) ).
-l n Displays the names (with no details) of user(s).
-l t Displays a tabular listing of user(s) and user
attributes.
-b encoding Used in conjunction with the -lf option to specify
the character encoding for the XML file.
-C authorization_source_user
Specifies an existing Systems Insight Manager
user. mxuser will copy the authorizations of the
existing user to the new user during the add
operation.
-d description Specifies the Systems Insight Manager-specific
description to be associated with the user.
-p full | limited | none | +T | -T
Indicates the rights granted to the user. Full
rights allow all Central Management Server
Configuration operations. Limited rights allow
tool creation and all listing operations. No
rights allow only listing operations. The +T flag
grants full rights to the user. The -T flag grants
limited rights to the user. These options are
provided for backwards compatibility with
ServiceControl Manager 3.0.
Note: When duplicate options are specified (for example, -f file1 -
f file2), the last instance of the option will be used by mxuser (in
this example, file2).
EXTERNAL INFLUENCES
For HP-UX or Linux, LANG determines the default encoding that the
system will use to output XML data if no encoding is specified on the
command line. If LANG is not specified or null or LANG does not
correspond to a recognized encoding, it defaults to C (see lang (5)).
In this case, the user should use the -b option to specify the desired
encoding of the XML data.
RETURN VALUES
mxuser returns one of the following values:
0 Successful completion.
1 Command line syntax error.
2 Error in a file operation.
3 Nonexistent user error.
5 Duplicate user error.
21 Invalid name.
26 Invalid operation.
50 Unauthorized user.
102 Systems Insight Manager Repository error.
222 Central Management Server (CMS) is not
initialized.
249 Unable to connect to the session manager.
250 Remote exception.
252 File input parsing error.
253 Duplicate name.
254 Systems Insight Manager Properties file error.
EXAMPLES
This command adds user "jane", a new Database Administrator, and
grants her Full Rights privilege.
mxuser -a jane -d "Database Administrator" -p full
This command adds user "fred", a Backup Supervisor, grants him Full
Rights, and assigns him the same authorizations as user "jane".
mxuser -a fred -d "Backup Supervisor" -p full -C jane
This command adds the usre group "mygroup".
mxuser -a -g mygroup
This command assigns limited rights to user "fred".
mxuser -m fred -p limited
This command removes user "fred" from the list of Systems Insight
Manager users.
mxuser -r fred
This command adds the list of users found in the local file "updates".
mxuser -a -f updates.xml
This command displays the list of Systems Insight Manager user names.
mxuser -l
This command displays a detailed, screen-viewable listing of the
users.
mxuser -l d
This command displays a tabular listing of users.
mxuser -l t
The output may look like the following:
USER RIGHTS COMMENT
root full Default Full Rights user
jane limited Database Administrator
joe none Backup Operator
WARNINGS
Only Systems Insight Manager Full Rights Users, that is users with
full Management Server Configuration Rights, may use this command to
add or remove users or to modify existing user information. Any user
may use the mxuser command to list user information.
Only a unique instance of any given user name may be added. Attempting
to add a user name that has already been added to the Systems Insight
Manager results in an error.
Only existing users may be successfully removed.
LIMITATIONS
This command may only be run on the CMS.
AUTHOR
mxuser was developed by the Hewlett-Packard Company.
SEE ALSO for HP-UX
mxuser(4), mxauth(1M).
SEE ALSO for Linux
mxuser(4), mxauth(8).