join x Command Add Users to Internal Groups
Valid in the AC environment
capamsc141
Valid in the AC environment
The join[x] command adds users to one or more internal groups, or changes the users' properties with respect to the groups. The specified users and groups must already be defined to
PAM Server Control
.Use join to add internal users to groups.
Use joinx to add enterprise users to groups.
This command also exists in the native environment but operates differently there.
The set of properties from the join command
completely replaces
any previous set of properties for the specified users in the specified groups. If any such properties were defined earlier, they are not retained unless the new join command specifies them again. For more information about group properties, see the
Endpoint Administration Guide
for your OS.You can use the join command if at least one of the following conditions is true:
- You have the ADMIN attribute.If you want to modifyPAM Server ControlGROUP recordsandenterprise groups you need both the MODIFY and JOIN access authority.
- The group record is within the scope of a group in which you have the GROUP-ADMIN attribute.
- You are the owner of the group.
- You are assigned CONNECT authority in the access control list of the GROUP record in the ADMIN class.
This command has the following format:
{join[x]|j[x]} {userName|(userName [,userName...])} \
group(groupName [,groupName...]) \ [admin|admin-] \ [auditor|auditor-] \ [gowner(group-name)] \ [operator|operator-] \ [owner(userName|groupName)] \ [pwmanager | pwmanager-] \ [regular] \ [nt | unix]
- adminAssigns the GROUP-ADMIN attribute to the user specified byuserName.
- admin-Removes the GROUP-ADMIN attribute from the user.
- auditorAssigns the GROUP-AUDIT attribute to the user specified byuserName.
- auditor-Removes the GROUP-AUDIT attribute from the user.
- gowner(groupName)Specifies that the user is being added to the groupgroupName.
- group(groupName[,groupName...])Specifies the group or groups to which the that the user is being added as a member.
- ntConnectsuserNameto a group in the Windows database.
- operatorAssigns the GROUP-OPERATOR attribute to the user specified byuserName.
- operator-Removes the GROUP-OPERATOR attribute from the user.
- owner(Name)Specifies aPAM Server Controluser or group as the owner of the join record. If you are creating a connection and you do not specify an owner, you are the owner of the connection.
- pwmanagerAssigns the GROUP-PWMANAGER attribute to the user specified byuserName.
- regularResets the administrative flags for the user.
- unixConnectsuserNameto the group in the UNIX security system.
- userNameSpecifies a user who is to be connected (or reconnected with a new set of properties) to the group or groups specified by the group parameter.If the command is join,userNameis the name of a USER record. If the command is joinx,userNameis the name of an enterprise user.
Examples
- The user Rorri wants to join the user Bob to the internal group staff.
- Rorri has the ADMIN attribute.
- The following defaults apply:
- admin
- auditor
- owner(Rorri)
- pwmanager
join Bob group(staff) - The user Rorri wants to change the definition of Sue in the group staff. She currently is a GROUP-AUDITOR; Rorri wants to add the GROUP-PWMANAGER attribute.
- Rorri has the ADMIN attribute.
- The following defaults apply:
- admin
- owner(Rorri)
join Sue group(staff) auditor pwmanagerWhen selang executes this command, it deletes the previous record. No record is kept of Sue's previous attributes. Therefore, Rorri must specify the two attributes Sue should have now.