user create

user create user_name_list -mypwd password -password password
-group group_name -organization organization_name [-force]
{-attribute attribute_list | attribute value}

Options

-attribute_value
As an alternative to using the -attribute option with an attribute list, you can change individual attribute options by prepending a hyphen (-) to any attributes listed in the Attributes topic of this reference page.

-attribute attribute_list
Allows you to specify attributes, including ERAs, by using an attribute list rather than using the -attribute value option. The format of an attribute list is as follows:

{{attribute_value}…{attribute_value}}

-force
Forces creation of the specified group or organization if they do not already exist.

-group group_name
The name of the group to associate with the account. See Attributes for the format of a group name.

-mypwd password
Your privileged password. You must enter your password to create an account. This check prevents a malicious user from using an existing privileged session to create unauthorized accounts. You must specify this option on the command line; it cannot be supplied in a script.

-organization organization_name
The name of the organization to associate with the account. See Attributes for the format of a organization name.

-password password
The account password. See Attributes for the format of a password.

Description
The user create operation creates a principal name, an account, and a directory in CDS for one or more DCE users. The user_name_list argument is the name of a single new principal to be added to the registry. The operation returns an empty string on success. If the operation encounters an error, it attempts to undo any interim operations that have completed.

This command creates a principal and an account for that principal. If either previously exist an error is generated. The principal is then added to the specified group and organization. Since the principal is created, it cannot have been a member of either. If the group or organization does not exist an error is generated unless the -force option is used. Creates a CDS directory called /.:/users/principalname and adds an ACL entry to the default ACL so that the user has rwtci permissions on the directory. This allows all access except for deleting the directory and administering replication on the directory.

Attributes and policies for the newly created principal and account can be specified with the -attributes option, and specifying an attribute list as the value, or with attribute options. This command attempts to add any unknown attributes as ERAs on the created principal object. Policies of the organization cannot be specified as these would probably affect more than just the created user. The required group and organization names can be specified either as attributes in the -attributes option, or in the -group and -organization options. The required password attribute can be provided as in the account create command, and the -mypwd option is also required.

Privileges Required
Because the user create command performs several operations you need the permissions associated with each operation:

· To create the principal name, you must have i (insert) permission to the directory in which the principal is to be created.

· If the specified groups or organizations do not already exist and you use the -force option, you must have i (insert) permission to the directories in which the groups and organizations are to be created.

· To create the account, you must have m (mgmt_info), a (auth_info), and u (user_info) permissions to the principal named in the account, r (read) permission to the organization named in the account, r (read) permission to the group named in the account, and r (read) permission on the registry policy object.

· To create the directory in CDS you must have the following permissions:

- r (read) and i (insert) permission to the parent directory;

- w (write) permission to the clearinghouse in which the master replica of the new directory is to be stored.

Examples
The following example creates a principal named K_Parsons and adds him to a group named users and an organization named users:

dcecp> user create K_Parsons -mypwd osfosf! -password change.me \
> -group users -organization users
dcecp> group list users
/.../my_cell.goodco.com/W_Ross
/.../my_cell.goodco.com/J_Severance
/.../my_cell.goodco.com/J_Hunter
/.../my_cell.goodco.com/B_Carr
/.../my_cell.goodco.com/E_Vliet
/.../my_cell.goodco.com/J_Egan
/.../my_cell.goodco.com/F_Willison
/.../my_cell.goodco.com/K_Parsons
dcecp>

dcecp> account show K_Parsons
{acctvalid yes}
{client yes}
{created /.../my_cell.goodco.com/cell_admin 1994-07-27-13:02:51.000+00:00I-----}
{description {}}
{dupkey no}
{expdate none}
{forwardabletkt yes}
{goodsince 1994-07-27-13:02:51.000+00:00I-----}
{group users}
{home /}
{lastchange /.../my_cell.goodco.com/cell_admin 1994-07-27-13:02:51.000+00:00I-----}
{organization users}
{postdatedtkt no}
{proxiabletkt no}
{pwdvalid yes}
{renewabletkt yes}
{server yes}
{shell {}}
{stdtgtauth yes}
dcecp>