skip book previous and next navigation links
go up to top of book: HP OpenVMS Guide to System SecurityHP OpenVMS Guide to System Security
go to beginning of part: Security for the UserSecurity for the User
go to beginning of chapter: Descriptions of Object ClassesDescriptions of Object Classes
go to previous page: Global SectionsGlobal Sections
go to next page: QueuesQueues
end of book navigation links

Logical Name Tables  



Logical name assignments are maintained in logical name tables.A logical name table can be accessible to only one process, or itcan be shareable if its parent table is shareable. All shareablename tables are listed in the LNM$SYSTEM_DIRECTORY, the system directorytable. It is shareable logical name tables that the operating systemprotects.

Naming Rules  

The name of a logical name table is a string of 1 to 32 characters.

Types of Access  

The logical name table class supports the following typesof access:

Read
Gives you the right to lookup (translate) logical names in the table
Write
Gives you the right to createand delete logical names in the table
Create
Gives you the right to createa descendant logical name table, including theright to use a subset of the dynamic memory allocated to the parent logicalname table when creating the descendant logical name table
Delete
Gives you the right to delete the table
Control
Gives you the right to modify the protection elementsand owner of the table

Template Profile  

The logical name table class provides the following templateprofiles. Although the template assigns an owner UIC of [0,0], thisvalue is only temporary. As soon as the object is created, the operatingsystem replaces a 0 value with the value in the corresponding fieldof the creating process's UIC.

Template Name Owner UIC Protection Code
DEFAULT
[0,0]
S:RW,O:RW,G:R,W:R
GROUP
[0,*]
S:RWCD,O:R,G:R,W
JOB
[0,0]
S:RWCD,O:RWCD,G,W

Privilege Requirements  

The operating system allows read and write access to the grouplogical name tables with GRPNAM privilege and to the system logicalname table with SYSNAM privilege.

Deletion of a shared table from the system directory requiresSYSNAM privilege, and deletion of a logical name from the groupdirectory requires GRPNAM privilege. Deletion of a parent logicalname table results in the deletion of all its descendant logicalname tables.

Creation or deletion of an inner-mode logical name or logicalname table requires SYSNAM privilege (or being in an inner mode).

Kinds of Auditing Performed  

The following events can be audited, provided the securityadministrator enables auditing for the event class:

Event Audited When Audit Occurs
Access
When translating a name,when creating a name or a descendent table, or when deleting a nameor a descendent table
Creation
During access to a parent table for theright to create a table or when the table itself is created

Permanence of the Object  

A logical name table and its security profile must be reseteach time the system is rebooted.

go to previous page: Global SectionsGlobal Sections
go to next page: QueuesQueues