►►─┬─ ADD ─────┬─ USEr name is 
user-id ───────────────────────────────────────►
   ├─ MODify ──┤
   ├─ REPlace ─┤
   └─ DELete ──┘

 ►─┬─────────────────────────────────────────────────────────┬────────────────►
   └─┬─ PREpared ─┬─ by 
user-id ──┬────────────────────────┬─┘
     └─ REVised ──┘               └─ PASsword is 
password ─┘

►─┬────────────────────────────────────────┬─────────────────────────────────►
  └─ MAPtype ─┬─ is ─┬─┬─ 
map-type-name ─┬─┘
              └─ = ──┘ └─ NULl ──────────┘
 
 ►─┬────────────────────────────────┬─────────────────────────────────────────►
   └─ FULl name is 
full-user-name ──┘

   ┌──────────────────────────────────────────────────────────────────────────
 ►─▼─┬────────────────────────────────────────────────────────────────────────►─
     └─┬─ INClude ◄ ──┬─ OF ─┬─ SYStem ────┬─ 
system-name ────────────────────
       └─ EXClude ────┘      └─ SUBSYstem ─┘

  ───────────────────────────────────────────────────────────────────┐
─►────────────────────────────────────────────────────────────────┬──┴────────►
  ─┬───────────────────────────────────┬─┬──────────────────────┬─┘
   └─ Version is ─┬─ 
version-number ─┬─┘ └─ TEXt is 
user-text ──┘
                  ├─ HIGhest ────────┤
                  └─ LOWest ─────────┘
 
   ┌─────────────────────────────┐
 ►─▼─┬─────────────────────────┬─┴────────────────────────────────────────────►
     └─ SAMe AS USEr 
user-id ──┘

  ┌──────────────────────────────────────────────────────────┐
►─▼─┬──────────────────────────────────────────────────────┬─┴───────────────►
    └─ COPy ─┬─ ALL COMment TYPes ──┬─ FROm user 
user-id ──┘
             ├─ COMments ───────────┤
             ├─ DEFinition ─────────┤
             ├─ ATTributes ─────────┤
             ├─ USERS ──────────────┤
             ├─┬─ SYStems ────┬─────┤
             │ └─ SUBSYstems ─┘     │
             ├─ WIThin USEr ────────┤
             ├─ 
comment-key ────────┤
             └─ 
relational-key ─────┘
 
 ►─┬────────────────────────────┬─────────────────────────────────────────────►
   └─ NEW NAMe is 
new-user-id ──┘

 ►─┬─────────────────────────────────────────┬────────────────────────────────►
   └─ user DEScription is 
description-text ──┘

 ►─┬──────────────────────────────┬───────────────────────────────────────────►
   └─ PASsword is ─┬─┬─ NULl ─┬─┬─┘
                   │ └─ '' ───┘ │
                   └─ 
password ─┘
 
   ┌──────────────────────────────────────────────────────────────────────────
 ►─▼─┬────────────────────────────────────────────────────────────────────────►─
     └─┬─ INClude ◄ ─┬─ AUThority ──┬──────────────────────┬──────────────────
       └─ EXClude ───┘              └─ for ─┬─ UPDate ◄ ─┬─┘
                                            ├─ ADD ──────┤
                                            ├─ MODify ───┤
                                            ├─ REPlace ──┤
                                            ├─ DELete ───┤
                                            └─ DISplay ──┘
 
  ────────────────────────────────────────────────────┐
─►──────────────────────────────────────────────────┬─┴───────────────────────►
                ┌───────────────────────────┐       │
  ─── is ─┬───┬─▼─┬─ ALL ─────────────────┬─┴─┬───┬─┘
          └ ( ┘   ├─ PASsword ────────────┤   └ ) ┘
                  ├─ CULprit ─────────────┤
                  ├─ OLQ ─────────────────┤
                  ├─ ADS ─────────────────┤
                  ├─ LOAd MODUle ─────────┤
                  ├─ CLAss and ATTribute ─┤
                  ├─ CLAss ───────────────┤
                  ├─ ATTribute ───────────┤
                  ├─ DC ──────────────────┤
                  ├─ DEStination ─────────┤
                  ├─ LINe ────────────────┤
                  ├─ LOGical-terminal ────┤
                  ├─ MAP ─────────────────┤
                  ├─ MESsage ─────────────┤
                  ├─┬─ PANels ──┬─────────┤
                  │ └─ SCReens ─┘         │
                  ├─ PHYsical-terminal ───┤
                  ├─ QUEue ───────────────┤
                  ├─ TASk ────────────────┤
                  ├─ IDD ─────────────────┤
                  ├─ ELEment ─────────────┤
                  ├─ ENTRy point ─────────┤
                  ├─ FILe ────────────────┤
                  ├─ MODUle ──────────────┤
                  ├─ PROCess ─────────────┤
                  ├─ QFIle ───────────────┤
                  ├─ TABle ───────────────┤
                  ├─ PROgram ─────────────┤
                  ├─ RECord ──────────────┤
                  ├─ REPOrt ──────────────┤
                  ├─ TRAnsaction ─────────┤
                  ├─┬─ SYStem ────┬───────┤
                  │ └─ SUBSYstem ─┘       │
                  ├─ USEr ────────────────┤
                  ├─ IDMs ────────────────┤
                  ├─ SCHema ──────────────┤
                  └─ SUBSChema ───────────┘
 
 ►─┬──────────────────────────────────────────────────────────────────────────►─
   └─┬─ INClude ◄ ─┬─ SIGnon PROfile is 
module-name ──────────────────────────
     └─ EXClude ───┘

─►───────────────────────────────────────────────────────────────┬────────────►
  ─┬───────────────────────────────────┬─ LANguage is 
language ──┘
   └─ Version is ─┬─ 
version-number ─┬─┘
                  ├─ HIGhest ────────┤
                  └─ LOWest ─────────┘

 ►─┬───────────────────────────────────┬──────────────────────────────────────►
   └─ IDD SIGnon is ─┬─ ALLowed ◄ ───┬─┘
                     └─ NOT ALLowed ─┘
 
   ┌────────────────────────────────────────────────────────────────────────┐
 ►─▼─┬────────────────────────────────────────────────────────────────────┬─┴─►
     └─┬─ INClude ◄ ─┬─ ACCess to ─┬─ SYStem ────┬─ 
system-specification ─┘
       └─ EXClude ───┘             └─ SUBSYstem ─┘

(expanded 
system-specification syntax follows this syntax diagram)

 ►─┬──────────────────────────────────┬───────────────────────────────────────►
   └─┬─ INClude ◄ ─┬─ ACCess to ASF ──┘
     └─ EXClude ───┘

 ►─┬──────────────────────────────────┬───────────────────────────────────────►
   └─┬─ INClude ◄ ─┬─ ACCess to IDB ──┘
     └─ EXClude ───┘
 
 ►─┬──────────────────────────────────────────────┬───────────────────────────►
   └─ DEFAult for PUBlic access is ─┬─ ALL ◄ ───┬─┘
                                    ├─ NONe ────┤
                                    ├─ UPDate ──┤
                                    ├─ MODify ──┤
                                    ├─ REPlace ─┤
                                    ├─ DELete ──┤
                                    └─ DISplay ─┘

   ┌──────────────────────────────────────────────────────────────────────────
 ►─▼─┬────────────────────────────────────────────────────────────────────────►─
     └─┬─ INClude ◄ ─┬─ ACCess to FILe 
file-name ─────────────────────────────
       └─ EXClude ───┘

  ──────────────────────────────────────────────────────────────────┐
─►────────────────────────────────────────────────────────────────┬─┴─────────►
  ─┬───────────────────────────────────┬─┬──────────────────────┬─┘
   └─ Version is ─┬─ 
version-number ─┬─┘ └─ TEXt is 
user-text ──┘
                  ├─ HIGhest ────────┤
                  └─ LOWest ─────────┘
 
   ┌────────────────────────────────────────────────────────────────────┐
 ►─▼─┬────────────────────────────────────────────────────────────────┬─┴─────►
     └─┬─ INClude ◄ ─┬─ ACCess to SUBSChema 
subschema-specification ──┘
       └─ EXClude ───┘

(expanded 
subschema-specification syntax follows this syntax diagram)

 ►─┬────────────────────────────────┬─────────────────────────────────────────►
   └─ OLQ ACCess is ─┬─ IDMs sql ─┬─┘
                     └─ OLQ ◄ ────┘

 ►─┬──────────────────────────────────────────────────────────────────────────►─
   └─┬─ INClude ◄ ─┬─ ACCess to QFIle 
qfile-name ─────────────────────────────
     └─ EXClude ───┘
 
─►───────────────────────────────────────┬────────────────────────────────────►
  ─┬───────────────────────────────────┬─┘
   └─ Version is ─┬─ 
version-number ─┬─┘
                  ├─ HIGhest ────────┤
                  └─ LOWest ─────────┘
 
 ►─┬──────────────────────────────────────┬───────────────────────────────────►
   └─ OLQ MENu-mode is ─┬─ ALLowed ◄ ───┬─┘
                        ├─ NOT ALLowed ─┤
                        └─ ONLy ────────┘

 ►─┬──────────────────────────────────┬───────────────────────────────────────►
   └─ olq QFIle is ─┬─ ALLowed ◄ ───┬─┘
                    ├─ NOT ALLowed ─┤
                    └─ ONLy ────────┘

 ►─┬───────────────────────────────────────┬──────────────────────────────────►
   └─ OLQ QFIle SAVe is ─┬─ ALLowed ◄ ───┬─┘
                         └─ NOT ALLowed ─┘
 
 ►─┬────────────────────────────────┬─────────────────────────────────────────►
   └─ olq MRR is ─┬─ ALLowed ◄ ───┬─┘
                  └─ NOT ALLowed ─┘

 ►─┬─────────────────────────────────────┬────────────────────────────────────►
   └─ olq ─┬─ OPTional ◄ ─┬─ interrupt ──┘
           └─ MANdatory ──┘

 ►─┬─────────────────────────────────┬────────────────────────────────────────►
   └─ olq SORt is ─┬─ ALLowed ◄ ───┬─┘
                   └─ NOT ALLowed ─┘
 
 ►─┬───────────────────────────────────────────┬──────────────────────────────►
   └─ culprit OVErrides are ─┬─ ALLowed ◄ ───┬─┘
                             └─ NOT ALLowed ─┘

 ►─┬───────────────────────────────────────────────────────────────────┬──────►
   │                              ┌───────────────────────────────┐    │
   └ olq DEFault OPtions are ─ ( ─▼─┬─── HEAder ◄ ──────────────┬─┴─ ) ┘
                                    ├─┬─ ECHo ◄ ──┬─────────────┤
                                    │ └─ NO ECHo ─┘             │
                                    ├─┬─ ALL ◄ ─┬───────────────┤
                                    │ └─ NONe ──┘               │
                                    ├─┬─ NO FILler ◄ ─┬─────────┤
                                    │ └─ FILler ──────┘         │
                                    ├─┬─ INTerrupt ◄ ──┬────────┤
                                    │ └─ NO INTerrupt ─┘        │
                                    ├─┬─ WHOle ◄ ─┬─────────────┤
                                    │ └─ PARtial ─┘             │
                                    ├─┬─ FULl ◄ ─┬──────────────┤
                                    │ └─ SPArse ─┘              │
                                    ├─┬─ NO OLQ HEAder ◄ ─┬─────┤
                                    │ └─ OLQ HEAder ──────┘     │
                                    ├─┬─ COMments ◄ ──┬─────────┤
                                    │ └─ NO COMments ─┘         │
                                    ├─┬─ NO CODe TABle ◄ ─┬─────┤
                                    │ └─ CODe TABle ──────┘     │
                                    ├─┬─ NO PATH STAtus ◄ ─┬────┤
                                    │ └─ PATH STAtus ──────┘    │
                                    ├─┬─ NO EXTernal PICture ◄ ─┤
                                    │ └─ EXTernal PICture ──────┤
                                    └─┬─ VERbose ◄ ─┬───────────┘
                                      └─ TERse ─────┘
 
   ┌───────────────────────────────────────────────────────────────────┐
 ►─┴─┬───────────────────────────────────────────────────────────────┬─┴──────►
     └─┬─ INClude ◄ ─┬─ WIThin USEr 
user-id ─┬─────────────────────┬─┘
       └─ EXClude ───┘                       └─ TEXt is 
user-text ─┘

   ┌────────────────────────────────────────────────────────────────────────┐
 ►─▼┬──────────────────────────────────────────────────────────────────────┬┴─►
    └─┬─ INClude ◄ ─┬─ 
class-name is 
attribute-name ─┬────────────────────┬┘
      └─ EXClude ───┘                                └ TEXt is 
user-text ─┘

   ┌────────────────────────────────────────────────────────────────────────┐
 ►─▼─┬────────────────────────────────────────────────────────────────────┬─┴─►
     └─┬─ INClude ◄ ─┬─ 
relational-key is 
user-id ─┬────────────────────┬─┘
       └─ EXClude ───┘                             └ TEXt is 
user-text ─┘
 
   ┌───────────────────────────────────────────────────────────────┐
 ►─▼─┬───────────────────────────────────────────────────────────┬─┴──────────►
     │                            ┌────────────────────┐         │
     └─ EDIt ─┬─ COMments ────┬───▼─ 
edit-instruction ─┴─ QUIT ──┘
              ├─ DEFinition ──┤
              └─ 
comment-key ─┘

   ┌──────────────────────────────────────────────────┐
 ►─▼─┬─────────────────────────────────────────────┬──┴───────────────────────►◄
     └─┬─ COMments ─────┬── is ─┬─ NULl ─────────┬─┘
       ├─ DEFinition ───┤       └─ 
comment-text ─┘
       └─ 
comment-key ──┘





Expansion of 
system-specification





►►── 
system-name ─┬───────────────────────────────────┬───────────────────────►
                  └─ Version is ─┬─ 
version-number ─┬─┘
                                 ├─ HIGhest ────────┤
                                 └─ LOWest ─────────┘

 ►─┬───────────────────────────────────────────┬──────────────────────────────►
   └─ INStallation code is 
character-literal ──┘

 ►─┬───────────────────────────────────┬──────────────────────────────────────►
   └─ PRIority is ─┬─ 0 ◄ ───────────┬─┘
                   └─ 
user-priority ─┘

 ►─┬────────────────────────────────────────────────────────────────────┬─────►◄
   │                                          ┌─────────────────┐       │
   └─ SECurity classes is ─┬─ ADD ◄ ──┬─┬ ( ──▼─ 
security-code ─┴ ) ──┬─┘
                           └─ DELete ─┘ └─ ALL ───────────────────────┘





Expansion of 
subschema-specification





►►── 
subschema-name of SCHema 
schema-name ────────────────────────────────────►

 ►─┬───────────────────────────────────┬──────────────────────────────────────►
   └─ Version is ─┬─ 
version-number ─┬─┘
                  ├─ HIGhest ────────┤
                  └─ LOWest ─────────┘

 ►─┬────────────────────────────────────────────────────────────────────┬─────►◄
   └─ SIGnon QFile is 
qfile-name ─┬───────────────────────────────────┬─┘
                                  └─ Version is ─┬─ 
version-number ─┬─┘
                                                 ├─ HIGhest ────────┤
                                                 └─ LOWest ─────────┘

DISPLAY/PUNCH USER statement (for a single user)





►►─┬─ DISplay ─┬─ USEr name is 
user-id ───────────────────────────────────────►
   └─ PUNch ───┘

 ►─┬──────────────────────────────────────────────────┬───────────────────────►
   └─ PREpared by 
user-id ─┬────────────────────────┬─┘
                           └─ PASsword is 
password ─┘
 
   ┌─────────────────────────────────────────────────────────┐
 ►─▼─┬─────────────────────────────────────────────────────┬─┴────────────────►
     │                ┌──────────────────────────────────┐ │
     ├─ WITh ──────┬──▼──┬─ ALL ───────────────────────┬─┴─┘
     ├─ ALSo WITh ─┤     ├─ ALL COMment TYPes ─────────┤
     └─ WITHOut ───┘     ├─ ATTributes ────────────────┤
                         ├─ COMments ──────────────────┤
                         ├─ DEFinitions ───────────────┤
                         ├─ DEStinations ──────────────┤
                         ├─ DETails ───────────────────┤
                         ├─ ELements ──────────────────┤
                         ├─ ENTRy points ──────────────┤
                         ├─ FILes ─────────────────────┤
                         ├─ HIStory ───────────────────┤
                         ├─ LINes ─────────────────────┤
                         ├─ LOGical-terminals ─────────┤
                         ├─ MAPS ──────────────────────┤
                         ├─ MODules ─┬─────────┬───────┤
                         │           └─ ONLy ──┘       │
                         ├─ NONe ──────────────────────┤
                         ├─┬─ PANels ──┬───────────────┤
                         │ └─ SCReens ─┘               │
                         ├─ PHYsical-terminals ────────┤
                         ├─ PROCesses ─────────────────┤
                         ├─ PROgrams ──────────────────┤
                         ├─ QFIles ────────────────────┤
                         ├─ QUEues ────────────────────┤
                         ├─ RECords ───────────────────┤
                         ├─ REPorts ───────────────────┤
                         ├─ SAMe AS ───────────────────┤
                         ├─ SCHemas ───────────────────┤
                         ├─ SUBSChemas ────────────────┤
                         ├─┬─ SYStems ────┬────────────┤
                         │ └─ SUBSYstems ─┘            │
                         ├─ TABles ────────────────────┤
                         ├─ TASks ─────────────────────┤
                         ├─ TRAnsactions ──────────────┤
                         ├─ USErs ─────────────────────┤
                         ├─┬─ USEr DEFINED COMments ─┬─┤
                         │ └─ UDCs ──────────────────┘ │
                         ├─┬─ USEr DEFINED NESts ─┬────┤
                         │ └─ UDNs ───────────────┘    │
                         ├─ WHEre USED ────────────────┤
                         └─ WITHIn USEr ───────────────┘
 
 ►─┬──────────────────────────────────────────────────────────────────────────►─
   └─ TO ─┬─ SYSpch ──────────────────────────────────────────────────────────
          └─ MODule 
module-name ─┬───────────────────────────────────┬────────
                                 └─ Version is ─┬─ 
version-number ─┬─┘
                                                ├─ HIGhest ────────┤
                                                └─ LOWest ─────────┘

─►──────────────────────────────────────────────────────────────────────────┬─►
  ─────────────────────────────────────────────────────────────────────────┬┘
  ─┬──────────────────────┬┬──────────────────────────────────────────────┬┘
   └ LANguage is 
language ┘└ PREpared by 
user-id ┬───────────────────────┬┘
                                                 └ PASsword is 
password ─┘

 ►─┬──────────────────────┬──┬─────────────────────┬──────────────────────────►◄
   └─ VERB ─┬─ DISplay ─┬─┘  └─ AS ─┬─ SYNtax ───┬─┘
            ├─ PUNch ───┤           └─ COMments ─┘
            ├─ ADD ─────┤
            ├─ MODify ──┤
            ├─ REPlace ─┤
            └─ DELete ──┘





DISPLAY/PUNCH USER statement (for multiple users)





►►─┬─ DISplay ─┬─┬─ ALL ──────────────────────────┬─ USErs ───────────────────►
   └─ PUNch ───┘ └─┬─ FIRst ─┬─┬─ 1 ◄ ──────────┬─┘
                   ├─ NEXt ──┤ └─ 
entity-count ─┘
                   ├─ LASt ──┤
                   └─ PRIor ─┘

 ►─┬──────────────────────────────────────────────────┬───────────────────────►
   └─ PREpared by 
user-id ─┬────────────────────────┬─┘
                           └─ PASsword is 
password ─┘

 ►─┬─────────────────────────────────┬────────────────────────────────────────►
   └─ WHEre 
conditional-expression ──┘

(for complete 
conditional-expression syntax, see WHERE clause)
 
 ►─┬──────────────────┬───────────────────────────────────────────────────────►
   └─ BY ─┬─ SET ◄ ─┬─┘
          └─ AREa ──┘

 ►─┬──────────────────────────────────────────────────────────────────────────►─
   └─ TO ─┬─ SYSpch ──────────────────────────────────────────────────────────
          └─ MODule 
module-name ─┬───────────────────────────────────┬────────
                                 └─ Version is ─┬─ 
version-number ─┬─┘
                                                ├─ HIGhest ────────┤
                                                └─ LOWest ─────────┘

─►──────────────────────────────────────────────────────────────────────────┬─►
  ─────────────────────────────────────────────────────────────────────────┬┘
  ─┬──────────────────────┬┬──────────────────────────────────────────────┬┘
   └ LANguage is 
language ┘└ PREpared by 
user-id ┬───────────────────────┬┘
                                                 └ PASsword is 
password ─┘

 ►─┬──────────────────────┬──┬──────────────────────────────────────┬─────────►◄
   └─ VERB ─┬─ DISplay ─┬─┘  └─ AS ─┬─ SYNtax ───┬──┬─────────────┬─┘
            ├─ PUNch ───┤           └─ COMments ─┘  └─ RECursive ─┘
            ├─ ADD ─────┤
            ├─ MODify ──┤
            ├─ REPlace ─┤
            └─ DELete ──┘
 

USEr name is
user-id
Identifies a new user to be established in the dictionary, or an existing user to be modified, replaced, deleted, displayed, or punched.
User-id
must specify a 1- through 32-character alphanumeric value and must be unique in the dictionary.
MAPtype is/=
map-type-name
/NULl
MAPTYPE has no meaning for CA IDMS since Release 12.0. It does not give an error so that migration can run without changes. MAPTYPE is now processed with DCUF SET MAPTYPE or with a PROFILE as specified in the MAPPING FACILITIES manual. For further information, see
Advantage ™ CA-IDMS™ Mapping Facility.
FULl name is
full-user-name
Specifies a 1- through 32-character name that clarifies or supplements
user-name
or supplies the full name for an abbreviated user name.
OF SYStem/SUBSYstem
system-name
Establishes (INCLUDE) or removes (EXCLUDE) a documentation relationship between the named user and the requested system or subsystem.
SAMe AS USEr
user-id
Copies the following options from the definition of the named user: user nests, attributes, systems associated with the user by means of the OF SYSTEM/SUBSYSTEM clause, and comments.
NEW NAMe is
new-user-id
Specifies a new name for the requested user. This clause changes only the name specification; it does not alter or delete any previously defined relationships in which the named user participates. Subsequent references to the user must specify the new name.
New-user-id
must be a 1- through 32-character value that does not duplicate the name of an existing user.
PASsword is NULl/
password
Establishes, replaces, or deletes a password for the named user.
password
must be a 1- through 8-character alphanumeric value. Specify PASSWORD IS NULL or PASSWORD IS '' to delete a password. This password must appear whenever the user name appears in an IDD SIGNON statement or in a PREPARED BY or REVISED BY clause.
If the SET OPTIONS statement specifies INDIVIDUAL PASSWORD SECURITY OVERRIDE IS ON and the USER statement is modifying the issuing user's password, neither AUTHORITY FOR UPDATE IS PASSWORD nor AUTHORITY FOR MODIFY IS USER need be specified; the AUTHORITY clause is described below. However, if the SET OPTIONS statement specifies INDIVIDUAL PASSWORD SECURITY OVERRIDE IS OFF, the issuing user must be assigned PASSWORD authority as well as the appropriate USER entity-type authority.
AUThority for UPDate/ADD/MODify/REPlace/DELete/DISplay
Assigns to (INCLUDE) or removes from (EXCLUDES) the named user the authority to access a secured product or entity type or to perform a secured operation. (Security must have been previously enabled by means of a SET OPTIONS statement SECURITY clause.)
This clause also specifies the verbs that the named user can issue for entities within secured products:
UPDATE specifies that the user can issue all verbs (ADD, MODIFY, REPLACE, DELETE, and DISPLAY/PUNCH). UPDATE is the default.
ADD specifies that the user can issue only ADD and DISPLAY/PUNCH verbs.
MODIFY specifies that the user can issue only MODIFY and DISPLAY/PUNCH verbs.
REPLACE specifies that the user can issue only REPLACE and DISPLAY/PUNCH verbs.
DELETE specifies that the user can issue only DELETE and DISPLAY/PUNCH verbs.
DISPLAY specifies that the user can issue only DISPLAY/PUNCH verbs.
To specify the INCLUDE/EXCLUDE parameter, the PREPARED/REVISED BY clause must identify a user with the AUTHORITY FOR UPDATE IS PASSWORD option. For more information about IDD security, see Securing the Dictionary.
ALL
Assigns the user the authority to access all products and entity types and in order to perform all secured operations. AUTHORITY FOR UPDATE IS ALL is required to establish default processing options for a specified dictionary by issuing the SET OPTIONS FOR DICTIONARY statement. This authority is also required to use the FIRST/SECOND/THIRD/FOURTH ALTERNATE PICTURE KEYWORD clause of the SET OPTIONS statement. Finally, AUTHORITY FOR UPDATE IS ALL is required to turn off entity-occurrence security with the REGISTRATION OVERRIDE clause.
The IDD installation procedure establishes one user with the AUTHORITY FOR UPDATE IS ALL attribute. This user is named 'CULL DBA' and assigned the password DBAPASS. After the installation, rename 'CULL DBA' and modify the password. Create a backup by adding another user with AUTHORITY IS ALL; if the new name of the DBA is inadvertently forgotten or lost, the backup user can be used.
PASsword
Allows the user to assign or change passwords for other users and to issue the AUTHORITY FOR PASSWORD clause for other users. A user with password authority can update the AUTHORITY clause of
any
user ID, including his own, to any level. Note that if PASSWORD is selected, the keyword UPDATE must be specified in the FOR clause (described above).
CULprit
Allows the user to access files and subschemas to run CA Culprit reports, change record layouts and file definitions (if the named user is assigned the CULPRIT OVERRIDES ARE ALLOWED option), and to generate DDR reports (if the named user is assigned the CULPRIT OVERRIDES ARE ALLOWED option and is authorized to access subschema IDMSNWKA of schema IDMSNTWK, version 1). This parameter allows the user to perform CA Culprit-related activities when the default processing options for the session include SECURITY FOR CULPRIT IS ON. Note that if CULPRIT is selected, the keyword UPDATE must be specified in the FOR clause (described above).
OLQ
Allows the user to code USER statement clauses that control access to CA OLQ files and subschema views and assign OLQ command authorities and processing/reporting options when the default processing options for the session include SECURITY FOR OLQ IS ON. If OLQ is specified, the keyword UPDATE must be specified in the FOR clause (described above).
ADS
Allows the user to generate CA ADS dialogs when the default processing options for the session include SECURITY FOR ADS IS ON. If the keyword UPDATE is specified in the FOR clause (described above), either MODIFY or REPLACE allows the user to modify CA ADS dialogs.
LOAd MODUle
Allows the user to access load modules when the default processing options for the session include SECURITY FOR LOAD MODULE IS ON.
CLAss and ATTribute
Allows the user to access classes, attributes, and user-defined entities when the default processing options for the session include SECURITY FOR CLASS AND ATTRIBUTE IS ON. Note that the keywords CLASS and ATTRIBUTE can be issued separately to assign individual authority for classes or attributes (user-defined entities).
DC
Allows the user to access teleprocessing entities (DESTINATION, LINE, LOGICAL-TERMINAL, MAP, MESSAGE, PANEL, PHYSICAL-TERMINAL, QUEUE, and TASK) when the default processing options for the session include SECURITY FOR IDMS-DC IS ON. Note that the keywords DESTINATION, LINE, LOGICAL-TERMINAL, MAP, MESSAGE, PANEL, PHYSICAL-TERMINAL, QUEUE, and TASK can be issued to assign authority for the specified entity type only.
IDD
Allows the user to access IDD entities (ELEMENT, ENTRY POINT, FILE, MODULE, PROCESS, PROGRAM, QFILE, RECORD, REPORT, TRANSACTION, SYSTEM, TABLE, and USER) when the default processing options for the session include SECURITY FOR IDD SIGNON and/or IDD IS ON. Note that the keywords ELEMENT, ENTRY POINT, FILE, MODULE, PROCESS, PROGRAM, QFILE, RECORD, REPORT, TRANSACTION, SYSTEM, TABLE, and USER can be issued to assign authority only for the specified entity type.
IDMs
Allows the user to access CA IDMS entities (SCHEMA, SUBSCHEMA, and DMCL) when the default processing options for the session include SECURITY FOR IDMS IS ON. Note that the keywords SCHEMA, SUBSCHEMA, and DMCL can be issued to assign authority only for the specified entity type.
SIGnon PROfile is
module-name
Associates (INCLUDE) or disassociates (EXCLUDE) a module that has been defined for use as a signon profile.
Module-name
must reference an existing module. The LANGUAGE parameter is required;
language
specifies the language of the signon profile; for example, OLQ or DC. All languages, including user-defined languages, can be specified.
When the named user signs onto an application, the commands within the signon profile module are executed automatically. These profiles are not executed when signing onto a DC SYSTEM.
IDD SIGnon is
Specifies whether the named user is authorized to sign on to and execute the online or batch DDDL compiler when the SET OPTIONS statement specifies SECURITY FOR IDD IS ON.
Note that the issuing user must be assigned IDD SIGNON authority.
ALLowed
Authorizes the user to sign on to the DDDL compiler. ALLOWED is the default.
NOT ALLowed
Prohibits the user from signing on to the DDDL compiler.
ACCess to SYStem/SUBSYstem
system-name
Establishes (INCLUDE) or removes (EXCLUDE) a system access privilege. If this clause is specified in a non CA IDMS environment, the user/system relationship is documentation.
You must have IDMS-DC authority to use this clause.
INStallation code is
character-literal
Specifies an installation code for the named user. This code can be accessed at runtime by user exits or programs to provide additional security.
Character-literal
must be a 1- through 32-character alphanumeric symbol specified as an absolute expression.
PRIority is 0/
user-priority
Specifies the dispatching priority for the named user. DC/UCF uses the dispatching priority in combination with task and logical terminal priorities to establish a run-time dispatching priority for tasks initiated by the named user.
User-priority
must be an integer in the range 0 through 255; the default for ADD operations is 0. A high number indicates a high dispatching priority.
SECurity classes is
Adds or deletes securityclass codes for the named user; the user can execute only programs and tasks with matching security classes.
ADD/DELete
Specifies that the named security classes are added to or deleted from the user definition; ADD is the default for ADD operations.
security-code
/ALL
Specifies that the named security classes or all security classes are the object of the ADD or DELETE request.
Security-code
must be an integer in the range 1 through 255; multiple values must be enclosed in parentheses and separated by blanks.
ACCess to ASF
Specifies that the named user has (INCLUDE) or does not have (EXCLUDE) access to the CA IDMS ASF
ACCess to IDB
Specifies that the named CA IDMS or Information Center Management System (ICMS) user has (INCLUDE) or does not have (EXCLUDE) access to the Information Database (IDB).
DEFAult for PUBlic access is
Assigns a default public access specification to the named user. This feature, for ASF users only, is used to identify the public access level to be established by the user when storing entity-occurrence definitions in the dictionary through ASF. If an option other than ALL is specified, ASF automatically generates the appropriate registration option within the entity definition.
ACCess to FILe
file-name
Specifies that the named CA Culprit user has access to the named file. Note that if CA Culprit security is enabled, the requested user must be assigned CULPRIT authority in order to access the named file.
ACCess to SUBSChema
subschema-name
of SCHema
schema-name
Specifies that the named CA OLQ or CA Culprit user has access to (INCLUDE) or does not have access to (EXCLUDE) the named subschema.
Subschema-name
must identify a subschema view associated with
schema-name
. If CA OLQ or CA Culprit product security has been enabled in the SET OPTIONS statement SECURITY clause, the issuing user must be assigned OLQ or CULPRIT authority.
SIGnon QFIle is
qfile-name
Associates an existing qfile with the named subschema and establishes access privilege to that qfile for the named CA OLQ user. The named qfile is invoked automatically when the user signs on to OLQ and names the associated subschema.
The qfile access privilege does not permit the named user to execute qfiles; the qfile execution privilege is established separately by means of the OLQ QFILE clause described below.
OLQ ACCess is
Indicates an CA OLQ user's type of qfile access.
IDMs sql
Specifies qfile access using the functionality available with the CA IDMS SQL, providing the CA IDMS SQL is installed. IDMs sql, IDMssql, and IDMS-SQL are synonyms and can be used interchangeably.
More information: For more information on CA IDMS SQL, see the
CA IDMS SQL Reference section
.
OLQ
Specifies qfile access using the functionality available with CA OLQ. OLQ is the default for OLQ ACCESS.
ACCess to QFIle
qfile-name
Specifies that the named CA OLQ user has access to (INCLUDE) or does not have access to (EXCLUDE) the named qfile. Note that the qfile access privilege does not permit the named user to execute qfiles; qfile execution privilege is established separately by means of the OLQ QFILE clause described below.
OLQ MENu-mode is
Specifies whether the named user is authorized to access CA OLQ in menu mode. If the SET OPTIONS statement specifies SECURITY FOR OLQ IS ON, the issuing user must be assigned OLQ authority.
ALLowed
Authorizes the CA OLQ user to access CA OLQ in menu mode. ALLOWED is the default.
NOT ALLowed
Prohibits the CA OLQ user from accessing CA OLQ in menu mode.
ONLy
Specifies that the CA OLQ user is allowed to access CA OLQ in menu mode only.
OLQ QFIle is
Specifies whether the named user is authorized to execute CA OLQ qfiles. If the SET OPTIONS statement specifies SECURITY FOR OLQ IS ON, the issuing user must be assigned OLQ authority.
ALLowed
Authorizes the CA OLQ user to execute qfiles. ALLOWED is the default.
NOT ALLowed
Prohibits the CA OLQ user from executing qfiles.
ONLy
Specifies that the CA OLQ user is authorized to access CA OLQ only through qfiles.
OLQ QFIle SAVe is
Specifies whether the named CA OLQ user is authorized to save paths and CA OLQ command groups as qfiles. If the SET OPTIONS statement specifies SECURITY FOR OLQ IS ON, the issuing user must be assigned OLQ authority.
ALLowed
Authorizes the CA OLQ user to save paths and groups of commands as qfiles. ALLOWED is the default.
NOT ALLowed
Prohibits the CA OLQ user from saving paths and groups of commands as qfiles.
olq MRR is
Specifies whether the named CA OLQ user is authorized to retrieve multiple record occurrences with a single CA OLQ command. If the SET OPTIONS statement specifies SECURITY FOR OLQ IS ON, the issuing user must be assigned OLQ authority.
ALLowed
Authorizes the CA OLQ user to retrieve multiple record occurrences with a single OLQ command. ALLOWED is the default.
NOT ALLowed
Prohibits the CA OLQ user from retrieving multiple record occurrences with a single CA OLQcommand.
olq OPTional/MANdatory interrupt
Specifies whether the named CA OLQ user is authorized to select the OLQ NOINTERRUPT option (described below). If the SET OPTIONS statement specifies SECURITY FOR OLQ IS ON, the issuing user must be assigned OLQ authority.
OPTional
Authorizes the CA OLQ user to select the OLQ NOINTERRUPT option.
MANdatory
Requires that the OLQ INTERRUPT be enabled at all times for the user.
olq SORt is
Specifies whether the named CA OLQ user can issue the CA OLQ SORT command. If the SET OPTIONS statement specifies SECURITY FOR OLQ IS ON, the issuing user must be assigned OLQ authority.
ALLowed
Authorizes the CA OLQ user to issue the CA OLQ SORT command. ALLOWED is the default.
NOT ALLowed
Prohibits the CA OLQ user from issuing the CA OLQ SORT command.
culprit OVErrides are
Specifies whether the named CA Culprit user is authorized to define file attributes and records. If the SET OPTIONS statement specifies SECURITY FOR CULPRIT IS ON, the issuing user must be assigned CULPRIT authority.
ALLowed
Authorizes the CA Culprit user to code file attributes and REC parameters. ALLOWED is the default.
NOT ALLowed
Prohibits the CA Culprit user from coding file attributes and REC parameters.
olq DEFAult OPTions are
Specifies the CA OLQ processing control and display options that will be in effect when the named user signs on to CA OLQ. If the SET OPTIONS statement specifies SECURITY FOR OLQ IS ON, the issuing user must be assigned OLQ authority.
HEAder/NO HEAder
Specifies whether CA OLQ report files will contain a header line. This option has no effect on single-record-occurrence retrieval displays. The default for ADD is HEADER.
ECHo/NO ECHo
Specifies whether a user-entered command will be repeated by CA OLQ on the output device. The default for ADD is ECHO.
ALL/NONe
Specifies whether the default internal field list for all records retrieved during the named user's CA OLQ session will contain all or none of the fields. The default for ADD is ALL.
NO FILler/FILler
Specifies whether filler field values will be displayed. The default for ADD is NO FILLER.
INTerrupt/NO INTerrupt
Specifies whether the processing interrupt feature for multiple record retrievals will be enabled or disabled. The default for ADD is INTERRUPT.
The OLQ MANDATORY INTERRUPT specification takes precedence over NO INTERRUPT.
WHOle/PARtial
Specifies the content of displayed path retrieval report lines. WHOLE displays only those lines containing a retrieved occurrence for every record type in a path definition. PARTIAL displays all lines, whether or not they contain data for every path record type. The default for ADD is WHOLE.
FULl/SPArse
Specifies the format of displayed path retrieval report lines. FULL displays data associated with a record type once for each retrieved occurrence. SPARSE displays data associated with a record type only once, regardless of how many associated record occurrences are retrieved. The default value for ADD is FULL.
NO OLQ HEAder/OLQ HEAder
Specifies whether the CA OLQ report file contains a header line. This option has no effect on single-record-occurrence retrieval displays. The default for ADD is NO OLQ HEADER.
COMments/NO COMments
Specifies whether comments will accompany the output from HELP RECORDS, HELP SUBSCHEMAS, and HELP QFILE requests. The default for ADD is COMMENTS.
NO CODe TABle/CODe TABle
Specifies whether CA OLQ will access a code table to encode and decode data. The default for ADD is NO CODE TABLE.
NO PATH STAtus/PATH STAtus
Specifies the conditions under which CA OLQ will retrieve a logical record. NO PATH STATUS requests CA OLQ to retrieve a logical record only when the path status of LR-FOUND is returned. PATH STATUS requests CA OLQ to retrieve a logical record when any DBA-defined path status is returned. The default for ADD is NO PATH STATUS.
NO EXTernal PICture/EXTernal PICture
Specifies whether CA OLQ will use external pictures for displaying data. The default for ADD is NO EXTERNAL PICTURE.
VERbose/TERse
Controls the amount of information displayed following record and field-level breaks. The default for ADD is VERBOSE.
WIThin USEr
user-id
Associates (INCLUDE) the user with or disassociates (EXCLUDE) the user from the user identified by
user-id
.
WITh/ALSo WITh/WITHOut
Includes or excludes the specified options when the named user is displayed or punched. Detailed information for each DISPLAY/PUNCH option is under SET OPTIONS Syntax. The options that are listed below present special considerations for this entity type.
DETails
Includes the following specifications:
DESCRIPTION
PASSWORD IS ASSIGNED
FULL NAME
AUTHORITY
OLQ MENU-MODE
OLQ QFILE
OLQ MRR
OLQ INTERRUPT
OLQ SORT
OLQ DEFAULT OPTIONS
CULPRIT OVERRIDES
IDD SIGNON
USErs
Includes all the users related by the WITHIN USER clause or relational-key clause.

FULL NAME
DESCRIPTION
OLQ DEFAULT OPTIONS
OLQ options
CULPRIT OVERRIDES
USER REGISTERED FOR
PUBLIC ACCESS
COMMENTS/DEFINITIONS/
comment-key
AUTHORITY
ACCESS TO SUBSCHEMA
ACCESS TO SYSTEM/SUBSYSTEM
ACCESS TO QFILE
WITHIN USER
ATTRIBUTES

Attributes
Destinations
Elements
Files
Lines
Logical terminals
Modules
Panels
Physical terminals
Processes
Programs
qfiles
Queues
Records
Systems (subsystems)
Tables
Tasks
Users to which the named user is related

User definitions built by other CA IDMS components
Users that are related to other users

ALL specifies that unregistered users are allowed to issue all verbs and perform all secured operations. ALL is the default.
NONE specifies that unregistered users are not allowed to access the entity occurrence.
UPDATE specifies that unregistered users are allowed to issue all verbs.
MODIFY specifies that unregistered users are allowed to issue only MODIFY and DISPLAY/PUNCH verbs.
REPLACE specifies that unregistered users are allowed to issue only REPLACE and DISPLAY/PUNCH verbs.
DELETE specifies that unregistered users are allowed to issue only DELETE and DISPLAY/PUNCH verbs.
DISPLAY specifies that unregistered users are allowed to issue only DISPLAY/PUNCH verbs.

Authority for IDD (or for a specific entity) is required to access a
basic
entity.
Authority for CA IDMS (or for a specific entity) is required to access a
database
entity.
Authority for IDD or MODULE is required before INCLUDE clauses can be processed.
Authority for DC only applies to IDD usage. If a DC component was built or is owned by the system generation compiler and the DDDL compiler processes the component, only dictionary security is checked, not the central security used by system generation.
Authority for MODULE includes authority for QFILE, TABLE, and PROCESS.
ELEMENT authority is
not
required to:
Associate an existing element with a record.
Delete an existing element by using DELETE RECORD if the element doesn't exist in another record.
RECORD authority is
not
required to associate an existing record with a schema if you use the SHARE STRUCTURE parameter of the schema RECORD statement.
LOAD MODULE authority is
not
required to generate tables, subschemas, or DC/UCF systems. It
is
required to use LOAD MODULE with the subschema and DDDL compilers.
CLASS and ATTRIBUTE authority are
not
required to associate an attribute with an automatic class (a class defined as AUTOMATIC PLURAL).
ATTRIBUTE authority is
not
required to associate an existing user-defined comment or nest with an entity.

add user name is dgs
    prepared by dba password is 'ice 9'
    password is sgd
    full name is 'dianna g. smith'
    user description is programmer
    within user development
    of system inventory
    of system stock-update
    access to subschema invbasea of schema invbase version 2
           signon qfile is invon version 2
    access to subschema invbasea of schema invbase
           signon qfile is invon
    access to system inventory
    access to system stock-update
    optional interrupt
    olq default options filler partial
    authority for display is idms
    authority for update is password
    library is private
    'other developer' is mrs.

modify user dgs
    prepared by dgs password is sgd
    password is gsd.