join x Command Add Users to Internal Groups

Valid in the AC environment
capamsc141
Valid in the AC environment
The join[x] command adds users to one or more internal groups, or changes the users' properties with respect to the groups. The specified users and groups must already be defined to
Privileged Access Manager
.
Use join to add internal users to groups.
Use joinx to add enterprise users to groups.
This command also exists in the native environment but operates differently there.
The set of properties from the join command
completely replaces
any previous set of properties for the specified users in the specified groups. If any such properties were defined earlier, they are not retained unless the new join command specifies them again.
For more information about group properties, see the
Endpoint Administration Guide
for your OS.
You can use the join command if at least one of the following conditions is true:
  • You have the ADMIN attribute.
    If you want to modify 
    Privileged Access Manager
    GROUP records
    and
    enterprise groups you need both the MODIFY and JOIN access authority.
  • The group record is within the scope of a group in which you have the GROUP-ADMIN attribute.
  • You are the owner of the group.
  • You are assigned CONNECT authority in the access control list of the GROUP record in the ADMIN class.
This command has the following format:
{join[x]|j[x]} {userName|(userName [,userName...])} \
group(groupName [,groupName...]) \ [admin|admin-] \ [auditor|auditor-] \ [gowner(group-name)] \ [operator|operator-] \ [owner(userName|groupName)] \ [pwmanager | pwmanager-] \ [regular] \ [nt | unix]
  • admin
    Assigns the GROUP-ADMIN attribute to the user specified by
    userName
    .
  • admin-
    Removes the GROUP-ADMIN attribute from the user.
  • auditor
    Assigns the GROUP-AUDIT attribute to the user specified by
    userName
    .
  • auditor-
    Removes the GROUP-AUDIT attribute from the user.
  • gowner(
    groupName
    )
    Specifies that the user is being added to the group
    groupName
    .
  • group(
    groupName
    [
    ,groupName...
    ])
    Specifies the group or groups to which the that the user is being added as a member.
  • nt
    Connects
    userName
    to a group in the Windows database.
  • operator
    Assigns the GROUP-OPERATOR attribute to the user specified by
    userName
    .
  • operator-
    Removes the GROUP-OPERATOR attribute from the user.
  • owner(
    Name
    )
    Specifies a
    Privileged Access Manager
    user or group as the owner of the join record. If you are creating a connection and you do not specify an owner, you are the owner of the connection.
  • pwmanager
    Assigns the GROUP-PWMANAGER attribute to the user specified by
    userName
    .
  • regular
    Resets the administrative flags for the user.
  • unix
    Connects
    userName
    to the group in the UNIX security system.
  • userName
    Specifies a user who is to be connected (or reconnected with a new set of properties) to the group or groups specified by the group parameter.
    If the command is join,
    userName
    is the name of a USER record. If the command is joinx,
    userName
    is the name of an enterprise user.
Examples
  • The user Rorri wants to join the user Bob to the internal group staff.
    • Rorri has the ADMIN attribute.
    • The following defaults apply:
      • admin
      • auditor
      • owner(Rorri)
      • pwmanager
    join Bob group(staff)
  • The user Rorri wants to change the definition of Sue in the group staff. She currently is a GROUP-AUDITOR; Rorri wants to add the GROUP-PWMANAGER attribute.
    • Rorri has the ADMIN attribute.
    • The following defaults apply:
      • admin
      • owner(Rorri)
    join Sue group(staff) auditor pwmanager
    When selang executes this command, it deletes the previous record. No record is kept of Sue's previous attributes. Therefore, Rorri must specify the two attributes Sue should have now.