GROUP Class (Windows Environment)
The GROUP class contains all group records defined to the Windows operating system. A record in the GROUP class represents every group of users.
capamsc141
The GROUP class contains all group records defined to the Windows operating system. A record in the GROUP class represents every group of users.
The following definitions describe the properties contained in this class record. Most properties are modifiable and can be manipulated using selang or the administration interfaces. Nonmodifiable properties are marked as
informational
and cannot be modified.- COMMENTAdditional information that you want to include in the record.PAM Server Controldoes not use this information for authorization.Use the comment[-] parameter with the chgrp, editgrp, and newgrp commands to modify this property.Limit:255 characters
- FULL_NAMEThe full name associated with a user.PAM Server Controluses the full name to identify the user in audit log messages, but not for authorization.Use the name parameter with the chusr, editusr, or newusr command to modify this property.
- GID(Informational). A value that contains the relative identifier of the group. The accounts database determines the relative identifier when the group is created. It uniquely identifies the group to the account manager within the domain.
- GLOBALIndicates a global group. This property is only applicable to Windows groups. This property replaces the ISGLOBAL property of earlierPAM Server Controlversions.Use the global parameter with the newgrp (only) command to add this property.
- USERLISTThe list of users and global groups (for local groups only) that belong to the group. The list that is contained in this property can be different from the one in thePAM Server Controldatabase.Use the username(groupname)parameter with the join[-] command to modify this property.
- PRIVILEGESThe Windows rights assigned to the group.Use the privileges parameter with the chgrp, editgrp, or newgrp command to modify this property.