[Info-vax] Need help in REVOKE

Hein RMS van den Heuvel heinvandenheuvel at gmail.com
Thu Feb 14 00:33:49 EST 2013 

On Wednesday, February 13, 2013 10:21:33 AM UTC-5, Doug Phillips wrote:
> On 2/12/2013 9:00 AM, Joseph Huber wrote:
> 
> > adityagtm4 at gmail.com wrote:
> 
> >
> 
> >> Suppose there are 20 Identifier are there for user...we can revoke it
:
> >   (REMOVE/IDENT as proposed would be quite contra-productive !)
> Please explain.
:
<Working example snipped>
:
> So, what problem have I caused that I don't know about?

Only one minor one. All rights will be removed.
When you add a right to a user, that right is not added to the 'name' but to the ID (UIC) behind the name.
This is done by adding a record to RIGHTSLIST with that same ID as (duplicate, primary) key , and the new right ID as value.
When the user ID is removed, all records with that key, thus all granted rights are deleted from RIGHTSLIST.
The record in SYSUAF for that user remains unchanged, with the old UIC, which is now no longer associated with a right, and will display only as [xxx,yyy]
After an ADD/ID name/VALU=UIC=[xxx,yyy] that user will be re-idenified by that new ID as if nothing ever happened... except that all grant records are gone.
This may well be exactly what the OP wanted.
The only potential problem with this is that ALL right will be revoked, not a selected few. My silly perl one-liner revoked only rights that match a regular expression.

Hein>> perl -ne "$u=$1 if /me: (\w+)/;print qq(REVOKE/ID $1 $u\n) if /(TES\w*)\s+%X/" 

in slow motion.... 

perl -ne "..."     # invoke perl and tell it to loop over SYS$INPUT executing the program provided in the quoted string

$u=$1 if /me: (\w+)/;   # first program line. Looks for pattern (userna)me: xxx 
                        # if found remember in $1 and assign to variable $u (user)

print qq(REVOKE/ID $1 $u\n) # first half of second program line. 
                            # print a double-quoted interpolated string
                            # with the REVOKE for the remembered used $u and $1.
if /(TES\w*)\s+%X/"         # second half of second line...
                            # Look for pattern TESxxx %Xyyy
                            # if found remember() TESxxx in variable $1 

That "TES" is an example string to match on using a regular expression. 
Remove it and anything matches.  

how RIGHTSLIST works...

$ keys sys$system:rightslist.dat

# LVL DB IB DTP  # TKS  POS NUL DUP Root-VBN   Data-VBN Name
-- -- -- -- ---- - --- ---- --- --- --------- --------- RIGHTSLIST.DAT
 0  1  3  3 BN4  1   4    0  -  Yes       550         4 IDENTIFIER
 1  1  3  3 STG  1   8    8   0 Yes       556       553 HOLDER
 2  1  3  3 STG  1  32   16   0  No       673       670 NAME




Dump of file SYS$COMMON:[SYSEXE]RIGHTSLIST.DAT;1 
:
Record number 66 (00000042), 48 (0030) bytes

 00000000 00000000 00000000 80010016 ................ 000000
 20202020 20202020 2020415F 54534554 TEST_A           000010
:
Record number 67 (00000043), 16 (0010) bytes

 00000000 00020001 00000000 80010016 ................ 000000

Record number 68 (00000044), 48 (0030) bytes

 00000000 00000000 00000000 80010017 ................ 000000
 20202020 20202020 2020425F 54534554 TEST_B           000010
 
Explanation:

that 00020001 at offset 8 in record #67 is 'my' UIC as ID.
It is associated with primary key 80010016.
That in turn is the right id for 'TEST_A' as per record #66

if TEST_A was granted to an other user, that would add a record between the current #67 and TEST_A, again with primary key 80010016 and and the other user-id at offset 8. This works nicely because RMS is garantueed to add records with duplicate keys in order of arrival for that key.

TMI ?
Hein.

More information about the Info-vax mailing list