If the _User table is not used in the database, the local operating system login (effective process user-id) identifies the privileged user. This user must be granted at least the Audit Administrator role. Once the appropriate roles are granted to the user, no further action is required. The utilities are to trust the operating system user verification, and the user can run the utilities without specifying any additional command-line parameters.

Optionally, a local operating system user-id can be specified on the utility command line by adding the -userid username qualifier. The consequence of adding -userid is that it requires a password. The password can be specified with the -password qualifier. If the -password qualifier is not specified, the utility will prompt for the password to be entered. For the local operating system user, the password for the enhanced utilities is not the operating system login password. The utilities require the encoded database MAC key (DB Pass key) for the password. The database MAC key is stored in the _db-detail table of the database in the _db-mac-key field, and is set through the Data Administration tool. For details on setting the DB Pass Key, see OpenEdge Getting Started: Core Business Services - Security and Auditing or the Data Administration online Help. For details on specifying encoded passwords, see Specify encoded passwords.

If your operating system login is "sysdba", and you have not established the _User table, and you have assigned "sysdba" the Audit Data Archiver role for the database auditexampledb, then executing the protected PROUTIL AUDITARCHIVE utility for the database would use one of the following formats:

• Trust the operating system authentication:

$ proutil auditexampledb -C auditarchive

• Require DB Pass Key on command line:

$ genpassword -password ultra_secret_password -prefix xxxxx
253e3b35331a203633202a330d3532202325203536
.
.
.
proutil auditexampledb -C auditarchive -userid sysdba
      -password xxxxx::253e3b35331a203633202a330d3532202325203536

where xxxxx is the encoding prefix.

For this example, assume that the DB Pass Key is "utlra_secret_password". First, you must encode the DB Pass Key using genpassword. Then, when you run the AUDITARCHIVE utility (presumably at a later time), specify the encoded DB Pass Key in the command.

• Prompt for DB Pass Key:

$ proutil auditexampledb -C auditarchive -userid sysdba
OpenEdge Release 12
password: *********************

At the password prompt, the DB Pass Key must be typed before the AUDITARCHIVE runs. The password value is obfuscated as it is typed, and can be either the clear text value, or the encoded value, provided it has the proper encryption prefix.