psmgr Commands

ADD Command
Syntax
Arguments
AUTHORIZE Command
Syntax
Arguments
Details
Example
CHGAUTH Command
Syntax
Arguments
CHGEXPIRE Command
Syntax
Arguments
CHGIP Command
Syntax
Arguments
CHGTIMEOUT Command
Syntax
Arguments
CHGPASS Command
Syntax
Arguments
CHGPERFCLASS Command
Syntax
Arguments
DELETE Command
Syntax
Arguments
EXPORT Command
Syntax
Arguments
Details
GROUPDEF Command
Syntax
Arguments
GROUPDEL Command
Syntax
Arguments
GROUPMEM Command
Syntax
Arguments
Details
Example
GROUPS Command
Syntax
HELP Command
Syntax
Arguments
IMPORT Command
Syntax
Arguments
Details
LIST Command
Syntax
Arguments
Example
RESET Command
Syntax
Arguments
Details
Example
QUIT Command
Syntax

ADD Command

Adds a new user to the password database.

Syntax

add <username> <passwd> <passwd> <privilege>
[<ip-addr>|-] [<expiretime>|-] [<group>|-]
[<timeout>|-] [<failures>|-] [<class>|-]

Arguments

<username>

an SPD Server user ID. The user ID is restricted to eight characters. All characters must be alphanumeric or underscores. The SPD Server user ID does not have to correspond to any system user ID, unless nonnative authentication is configured.

<passwd> <passwd>

the user's password, which is restricted to eight characters. The password database requires a password with a minimum of six characters. At least one character must be numeric, and at least one character must be alphabetic. The argument is repeated to verify the password.

Note: This password expires after the first logon to SPD Server. The user must change the password by using either the NEWPASSWD= or the CHANGEPASS= LIBNAME option. Password changing techniques do not apply to users who rely on LDAP Authentication for SPD Server access.

<privilege>

an authorization level number in the range 0 to 7. The authorization level number assigns access privileges to the user.

The numbers 0–3 are equivalent. Use the numbers 0–3 to specify a regular, non-privileged user.
The numbers 4–7 are equivalent. Use the numbers 4–7 to specify a user with special privilege. Users with special privilege can update the password database and override any ACL restrictions on server tables.
Note: All users connect to SPD Server as regular users, regardless of their authorization level. Users with special privilege must specify the ACLSPECIAL=YES LIBNAME option to invoke their special access in the SAS session.
CAUTION:
Authorization levels 4–7 should be granted with care.
Users who have authorization levels 4–7 can access all SPD Server data with the PROC SPDO SPDSCMD statement.

<ip-addr>

a numerical IP address. The IP address on which the SAS, ODBC, JDBC, or SQL client software is running must match the IP address that is entered in the password database. This argument restricts the user's access to SPD Server to the specified IP address. A hyphen (-) indicates that no IP address is specified.

Note: The IP address is not verified.

<expiretime>

the length of time, in days, after which the user must change his password. A hyphen (-) indicates that no password expiration time is being specified. The time is measured from the day that you add the user.

<group>

the default group for the user. A hyphen (-) indicates that no default group is being specified. If a group name is specified, the group definition must have been created by a previous GROUPDEF Command. You can change group affiliation by using the GROUPMEM Command.

<timeout>

the maximum amount of time that is allowed between successful logins before the account is no longer enabled. A hyphen (-) indicates that no time-out is being specified.

<failures>

the number of password failures. A hyphen (-) indicates that no failure limit is being specified. The value specifies the number of login failures allowed before the user is disabled. A disabled password can be re-enabled by the administrator using the RESET Command.

<class>

the performance class of the user. Valid values are in the range 1–3. The value specifies whether the user is in a Low (1), Medium (2), or High (3) performance class. SPD Server can be configured to provide different server parameters, based on the user's performance class setting.

AUTHORIZE Command

Authorizes a user to modify the password database.

Syntax

authorize <username> <passwd>
Alias: AUTH

Arguments

<username>

an existing SPD Server user ID.

<passwd>

a valid user password.

Details

The password database is owned by the operating system ID of the psmgr executable. The owner of the password database is normally the only person with authorized access to the database.
The following conditions must apply if you want to allow another system user to update the password database using the psmgr utility:
  • The user must have operating system rights to execute the psmgr utility.
  • The user must have operating system Read and Write access to the password database.
  • The user must have AUTHORIZE access to update the password database. This requires an SPD Server user ID that has a special privilege level of 4-7.

Example

Assume that you are an operating system user and your user account meets the preconditions of operating system rights to execute the psmgr utility. You also have operating system Read and Write access to the password database. Your SPD Server administrator has given you a special user ID of user=auxadmin, password=admin2. To enable authorization to update the password database, use the following command:
authorize auxadmin admin2

CHGAUTH Command

Changes the authorization level for a user.

Syntax

chgauth <username> <authlevel>

Arguments

<username>

an existing SPD Server user ID.

<authlevel>

an authorization level for the user, in the range 0–7. The authorization level number assigns access privileges to the user.

The numbers 0–3 are equivalent. Use the numbers 0–3 to specify a regular, non-privileged user.
The numbers 4–7 are equivalent. Use the numbers 4–7 to specify a user with special privilege. Users with special privilege can update the password database and override any ACL restrictions on server tables.

CHGEXPIRE Command

Changes the expiration date for the specified user's password. By default, a new user ID is created with an expired password.

Syntax

chgexpire <username> <exptime>

Arguments

<username>

an existing SPD Server user ID.

<exptime>

the length of time, in days, after which the user must change his password. The time is measured from the day that you change the expiration time.

CHGIP Command

Changes the IP address from which the user must connect to SPD Server. The IP address on which the SAS, ODBC, JDBC, or SQL client software is running must match the IP address that is entered in the password database.

Syntax

chgip <username> "<new-ip-address>"

Arguments

<username>

an existing SPD Server user ID.

"<new-ip-address>"

the new IP address from which the user must connect to the SPD Server host. The IP address must be specified numerically using the format xxx.xxx.xxx.xxx. The IP address is not verified. Invalid and incorrect IP addresses are noted as errors in the SPD Server log and will cause that user's future logon attempts to fail. The default value is blank.

CHGTIMEOUT Command

Changes the logon time-out date for a user's password.

Syntax

chgtimeout <username> <timeout>

Arguments

<username>

an existing SPD Server user ID.

<timeout>

a password logon time-out period, specified in days. The time-out period specifies the number of days that the account can be inactive before the password becomes invalid.

CHGPASS Command

Changes the password for a user to a permanent password.

Syntax

chgpass <username> <oldpwd> <newpwd> <newpwd>

Arguments

<username>

an existing SPD Server user ID.

<oldpwd>

the user's old password.

<newpwd>

the new password for the user. If you are prompted for the new password, you are prompted again to re-enter it for accuracy. The new password must be different from the last six passwords. The new password must also contain at least six characters, with at least one numeric character and with at least one alphabetic character. The password cannot contain the user ID.

CHGPERFCLASS Command

Changes the performance class of a user.

Syntax

chgperfclass <username> <class>

Arguments

<username>

an existing SPD Server user ID.

<class>

a performance class for the user, in the range 1–3. The value specifies whether the user is in a Low (1), Medium (2), or High (3) performance class. The SPD Server server can be configured to provide different server parameters, based on the user's performance class setting.

DELETE Command

Deletes a user from the password database.

Syntax

delete <username>!
Alias: DEL

Arguments

<username>

the user ID of an existing SPD Server user.

!

verifies that you intend to delete the user ID from the password database. If you do not specify !, you are prompted to verify the deletion.

EXPORT Command

Exports the current password database into a flat file.

Syntax

export <textfile>

Arguments

<textfile>

name of the flat file to create that will contain the contents of the current password database.

Details

The EXPORT command generates a single line in the flat file for each record in the password database. User passwords are encrypted in the table.
The contents of the flat file are a representation of what is stored in the password database. When you are making changes that affect many users, it might be easier to edit the flat file than to use the psmgr utility. After you make the changes in the file, you can use the IMPORT command to construct a new, modified password database.

GROUPDEF Command

Defines a new ACL group entry in the password database.

Syntax

groupdef <groupname>
Alias: GPDEF

Arguments

<groupname>

the name of a new ACL group. The name must be unique and is restricted to eight characters. All characters must be alphanumeric or underscores. This argument verifies that the groups that are specified on the GROUPMEM command are valid.

GROUPDEL Command

Deletes an ACL group entry from the password database.

Syntax

groupdel <groupname> !
Alias: GPDEL

Arguments

<groupname>

the name of an existing ACL group.

!

verifies that you intend to delete the group from the password database. If you do not specify !, you are prompted to verify the deletion.

GROUPMEM Command

Updates the ACL group list for a user.

Syntax

groupmem username groupname | ! | - | " "
Alias: GPMEM

Arguments

<groupname>

specify the name of an existing ACL group. If multiple groups are specified, separate each ACL group name with a space. The first ACL group name that you specify becomes the default ACL group for the user.

specify a hyphen (-) as a group list argument to serve as a place holder for a group name that cannot be changed.

" "

specify an empty quoted argument (" ") as a group list argument to clear the group in that position.

!

specify an exclamation point (!) to indicate to SPD Server that there are no more groups in your group name declaration.

Details

The password database can be configured to support from 5 to 32 groups per user. The utility will prompt you for additional ACL group names, up to the number of groups that are configured at your site. In batch mode, the utility will expect you to enter the configured number of group names. To specify fewer than the configured number of group names, enter an exclamation point (!) to indicate to SPD Server that there are no more groups in your group name declaration.
To add names to the group list and leave existing group names unchanged, specify a hyphen (-) to indicate the groups in the group list that you want unchanged. To remove a group from the group list, specify the " " argument.

Example

The following example uses the GROUPMEM command to change the groups for user DSWider so that the user’s previously assigned groups in the first, second, and fourth positions remain the same; the group in the user’s third position is to be deleted; and the fifth group position is assigned to the group Fondo. The exclamation mark indicates to psmgr that no additional group memberships are to be declared for this user. 
groupmem dswider - - "" - fondo !

GROUPS Command

Lists the ACL groups that are in the password database.

Syntax

groups

HELP Command

Displays general or command-specific help for the psmgr utility.

Syntax

help [<command>]
Alias: ?

Arguments

<command>

the name of a psmgr command. If you specify a command, a short description of the command is displayed. If you issue a HELP command without an operand, a list of all available psmgr commands is displayed.

IMPORT Command

Imports user information from a flat file to the password database. The flat file must have been created with the EXPORT command.

Syntax

import <textfile>

Arguments

<textfile>

the name of the flat file to import. This flat file contains the user definitions to add to the password database.

Details

The IMPORT command reads the flat file, interpreting each single line as a record in the password database. Typically, the flat file is created from a submitted EXPORT command that was issued on the same password database or another password database.
If the psmgr utility encounters an identical user ID in the password database during the import process, it skips the line. The psmgr utility displays a message that states that the line was skipped.

LIST Command

Lists the contents of the password database or information about a specific user.

Syntax

list [<username>]
Alias: LS

Arguments

<username>

an existing SPD Server user ID. If you do not specify a user ID, the entire password database is listed.

Example

This following is an example of the LIST command and its output:
list bar
USER AUTHORIZATION IP ADDRESS
---- ------------- -----------
 bar       7

RESET Command

Resets a password for a user to a new temporary, one-time password.

Syntax

reset <username> <newpwd> <newpwd>

Arguments

<username>

the user ID of an existing SPD Server user.

<newpwd>

a new password for the user. The new password can be up to eight characters in length. The new password must contain at least six characters. At least one character must be numeric, and at least one character must be alphabetic. The argument is repeated to verify the password for accuracy.

Details

The RESET command can be used to reset a user's password after three consecutive failed attempts to connect to a server. After the third failed attempt, the user ID is no longer enabled. After the password has been reset, the user must change the password before connecting to a server by using either the NEWPASSWD= or the CHANGEPASSWD= LIBNAME option.

Example

This command resets the password for Tom:
reset tom abc123 abc123

QUIT Command

Terminates the psmgr session.

Syntax

quit
Alias: Q
Copyright © SAS Institute Inc. All Rights Reserved.
Last updated: February 3, 2017