user_criteria

    OpenVMS usage:char_string or item_list_3
    type:         character-coded text string or longword (unsigned)
    access:       read only
    mechanism:    by descriptor-fixed-length string descriptor or by
                  reference
    If the CIA$M_ITEMLIST flag is FALSE:

    The user_criteria argument is the description of intruder or
    suspect. This argument is the address of a character-string
    descriptor pointing to a buffer containing the user criteria to
    match an intrusion record's user specification in the intrusion
    database.

    The user_criteria argument is a character string of 1 to 1058
    bytes containing characters to match the user specification on
    records in the intrusion database.

    A user specification is any combination of the suspect's or
    intruder's source node name, source user name, source DECnet-
    Plus address, local failed user name, or local terminal. The user
    specification for an intrusion record is based on the input to
    the $SCAN_INTRUSION service and the settings of the LGI system
    parameter. For more information, see the HP OpenVMS Guide to
    System Security.

    Wildcards are allowed for the user_criteria argument. For
    example, if you specify an asterisk (*)  for the user_criteria
    argument, the service deletes all records in the intrusion
    database.

    If the CIA$M_ITEMLIST flag is TRUE:

    The user_criteria argument is now the address of a 32-bit item
    list. If the item list is used, one item, the CIA$_USER_CRITERIAL
    item, must be present in the item list. The ITM$L_BUFADR should
    point to a buffer containing the specified user criteria.

    The following table lists the valid item descriptions for the
    user_criteria argument:

    Item               Description

    CIA$_SCSNODE_LIST  Address of a list of 8-character null-padded
                       SCS nodenames for which intrusions are to be
                       deleted.
    CIA$_USER_         Address of a buffer, 1-1058 bytes long,
    CRITERIAL          containing the intruder or suspect.

    If the CIA$_SCSNODE_LIST item is present, it is the address
    of a list of 8-character null-padded SCS nodenames for which
    intrusions are to be deleted. If this item is absent, the service
    deletes the specified intrusion records for all nodes in the
    cluster. Multiple CIA$_SCSNODE_LIST items are permitted.

 flags

    OpenVMS usage:mask_longword
    type:         longword (unsigned)
    access:       read only
    mechanism:    by value
    Functional specification for the service. The flags argument is a
    longword bit mask wherein each bit corresponds to an option.

    Each flag option has a symbolic name. The $CIADEF macro defines
    the following valid names for the $DELETE_INTRUSION service:

    Symbolic Name      Description

    CIA$M_IGNORE_      The service should not wait for the return
    RETURN             status from the security server. No return
                       status from the server's function will be
                       returned to the caller.
    CIA$M_ITEMLIST     If FALSE, the user_criteria argument is a
                       character string. If TRUE, this argument is a
                       32-bit item list.