The ACCESS statement grants access to any USERDATAFILE and causes each user entry to be checked for specified conditions. If the conditions are met, the appropriate library object in the SDASUPPORT or user-supplied library is invoked.

If the selection expression includes the PASSWORD or OLDPWLIST attribute but not the NEWPASSWORDLIST or OLDPASSWORDLIST attribute, the selection uses the NEWPASSWORDLIST or OLDPASSWORDLIST value.

Syntax

<access statement>

── ACCESS ─┬──────────────────────┬─┬───────────────────────┬──────────►
           └─<output destination>─┘ └─<userdata file title>─┘
►─┬─<selection attribute list>──<access action>─┬─┬────────────┬───────►
  └─<predefined ID>─────────────────────────────┘ └─ UNSORTED ─┘
►─┬─────────────┬──────────────────────────────────────────────────────
  └─ LISTALIAS ─┘

<output destination>

  ┌◄──────────────────┐
──┴─┬─/1\─ REMOTE ──┬─┴────────────────────────────────────────────────┤
    └─/1\─ PRINTER ─┘

<selection attribute list>

                ┌◄───────────────────────────────────────────────┐
── [ ─┬───────┬─┴─┬────────────────────────────────────────────┬─┴─ ] ─┤
      └─ ANY ─┘   ├─────┬─<bit attribute>──────────────────────┤
                  ├─ + ─┤                                      │
                  ├─ ─ ─┘                                      │
                  ├─<field att>─┬─<relation op>──<value>───────┤
                  ├─<real att>──┤                              │
                  ├─<word att>──┘                              │
                  ├─<long name att>──<relation op>──<string>───┤
                  ├─<time loc>──<relation op>──<time>──────────┤
                  ├─<string loc>──<relation op>──<string>──────┤
                  ├─<text loc>──<relation op>──<text>──────────┤
                  ├─ ABSENT ──┬─ ( ──<att other than bit>── ) ─┤
                  ├─ PRESENT ─┘                                │
                  ├─<family loc>─┬─ INCLUDES ─┬─<family name>──┤
                  │              └─ EXCLUDES ─┘                │
                  └─<list att>─┬─ INCLUDES ─┬─<list value>─────┘
                               └─ EXCLUDES ─┘

<relation op>

──┬─ = ──┬─────────────────────────────────────────────────────────────┤
  ├─ > ──┤
  ├─ < ──┤
  ├─ >= ─┤
  ├─ <= ─┤
  └─ <> ─┘

<time spec>

──<hour>── : ──<minute>─┬───────────────┬─<month>── / ──<day>── / ─────►
                        └─ : ──<second>─┘
►─<year>───────────────────────────────────────────────────────────────┤

<access action>

──┬──────────────────────────────────────────┬─────────────────────────┤
  ├─ REPORTUSERCODE ─────────────────────────┤
  ├─ REPORTSELECTATT ────────────────────────┤
  ├─ REPORTATT ── [<report attribute list>] ─┤
  ├─ REPORTALL ──────────────────────────────┤
  └─ <library object> IN <library title> ────┘

<report attribute list>

  ┌◄─────────────────────────┐
──┴─┬──────────────────────┬─┴─────────────────────────────────────────┤
    └─<userdata attribute>─┘

<predefined ID>

──┬─ AGINGANOMALIES ──┬────────────────────────────────────────────────┤
  ├─ OLDPWSAVED ──────┤
  ├─ PWAGING ─────────┤
  ├─ SUSPENDEDUSER ───┤
  ├─ VIOLCOUNTSAVED ──┤
  └─<user defined ID>─┘

Explanation

If no USERDATAFILE title is provided, the currently active USERDATAFILE is used.

If no output destination is specified, the output is directed to the remote terminal.

If the selection attribute list is empty, all user entries are selected.

If no access action (library object) is specified, the REPORTUSERCODE library object is invoked.

SDASUPPORT is a private library that is linked by function. It must be made available with the SL system command before the ACCESS statement is accepted. Refer to the Security SDK for a description of the programmatic interface available for the ACCESS statement.

REMOTE

Causes the output to be directed to the remote terminal.

PRINTER

Causes the output to be directed to a line printer.

<selection attribute list>

Defines the selection criteria. User entries that satisfy the specified criteria are selected for reporting.

You can specify criteria for any attribute defined in USERSTRUCTURE, and you can enter them in any combination and in any sequence. If a Boolean attribute appears with no leading sign plus (+) or minus (–), a plus sign (+) is assumed.

If a group item is specified as an attribute, it must be qualified with a key; that is:

<group item> AT <key-locator> = <value>

If more than one attribute is entered and the keyword ANY precedes them, user entries that satisfy any of the specified conditions are selected. If ANY is not entered, user entries that satisfy all the specified conditions are selected.

You can use the ABSENT operator to return entries for which the specified locator is not present or has been assigned a value of zero. You can use the PRESENT specification to return entries with a value other than zero.

Using the INCLUDES operator with a time list selects those time lists that are ON at the time specified. Using the EXCLUDES operator selects those time lists that are OFF at the specified time.

Do not use the relational operator equal sign (=) when time-valued attributes are selected. Timestamps stored by the system might include fractions of seconds, and an absolute comparison is unlikely to succeed. Use a range of time, as in the following example:

[LASTLOGONTIME >= <time spec> LASTLOGONTIME <= <time spec>]

<predefined ID>

Facilitates the use of some frequently occurring specifications. You can redefine these specifications with the DEFINE statement. You can also provide your own defines. The system provides the defines that follow.

AGINGANOMALIES

Causes all user entries that do not satisfy the password aging requirements to be selected and the USERCODE, MINPW, and MAXPW attributes of each entry to be reported. The system defines AGINGANOMALIES as

[ANY MINPW<>1 MAXPW<>1]REPORTSELECTATT

OLDPWSAVED

Causes all entries that use password aging to be selected and the USERCODE, MAXOLDPW, MINPWLIFE, and DATEPWCHANGED attributes of each entry to be reported.

The system defines OLDPWSAVED as

[PASSWORDAGING MAXPW=1 MAXOLDPW>0] REPORTATT
[MAXOLDPW MINPWLIFE DATEPWCHANGED]

PWAGING

Causes all entries that use password aging to be selected and the USERCODE, DATESTAMP, DAYSACTIVE, DAYSWARNING, and ENFORCEEXPIREDPW attributes of each entry to be reported. The system defines PWAGING as

[PASSWORDAGING] REPORTATT [DATESTAMP DAYSACTIVE DAYSWARNING
ENFORCEEXPIREDPW]

SUSPENDEDUSER

Causes suspended user entries to be selected and the USERCODE and SUSPENDEDCODE attributes of each entry to be reported. The system defines SUSPENDEDUSER as

[SUSPENDED] REPORTATT [SUSPENDEDCODE]

VIOLCOUNTSAVED

Causes all entries that maintain a violation count to be selected and the USERCODE, VIOLATIONCOUNT, VIOLATIONDATE, and VIOLATIONLIMIT attributes of each entry to be reported. The system defines VIOLCOUNTSAVED as

[SAVEVIOLCOUNT] REPORTATT
[VIOLATIONCOUNT VIOLATIONDATE VIOLATIONLIMIT]

REPORTUSERCODE

Causes the usercode of the user entries to be reported to the specified output device. This is the default ACCESS action.

REPORTSELECTATT

Causes the usercode and the selection attributes to be reported to the specified output device. If a group item is specified in the attribute list, the entire group that corresponds to the group key is reported.

REPORTALL

Causes the entire user entry to be reported to the specified output device.

REPORTATT

Causes the usercode and the specified reporting attributes to be reported to the specified output device. If a group item is specified in the attribute list, the entire group that corresponds to the group key is reported.

LISTALIAS

Causes the report to include {remote usercode, host name} pairs as part of the output.

UNSORTED

Determines whether output is sorted alphanumerically by usercode. If UNSORTED is not specified, the output is sorted alphanumerically. If UNSORTED is specified, the output appears in the order that the usercodes appear in the USERDATAFILE.