skip book previous and next navigation links
go up to top of book: HP OpenVMS Guide to System SecurityHP OpenVMS Guide to System Security
go to beginning of part: Security for the UserSecurity for the User
go to beginning of chapter: Descriptions of Object ClassesDescriptions of Object Classes
go to previous page: QueuesQueues
go to next page: Security ClassesSecurity Classes
end of book navigation links

Resource Domains  



Processes that access shared resources can coordinate accessusing the services of the lock manager. These services allow processesto associate a name with a resource, such as a file or a data structure,to arbitrate access to that resource, and to exchange limited informationthrough a lock value block. The namespaces that catalog resourceson which locks can be taken are called resource domains.

A process must become a member of a resource domain to takeand release locks and to read and write value blocks associatedwith resources in that resource domain. A process implicitly joinsthe system and group domains, but it explicitly joins other domainsthrough a call to the $SET_RESOURCE_DOMAIN system service. Accessto all locks and value blocks within a domain is controlled by accessto the domain itself.

NamingRules  

A resource domain is identified to $SET_RESOURCE_DOMAIN bya longword binary value. However, the name of the resource domainobject is a string containing the resource number interpreted inoctal surrounded by brackets [] or angle brackets <>.Alternatively, the name of the resource domain object can be expressedas an identifier enclosed in brackets or angle brackets. The identifiermust translate to a UIC value; the group field of the UIC is usedas the resource domain number.

Typesof Access  

The resource domain class supports the following types ofaccess:

Read
Gives you the right to readlock value blocks in the domain, including the right to use the$GETLKI system service to retrieve it
Write
Gives you the right to writeto lock value blocks in the domain
Lock
Gives you the right to takelocks using $ENQ, release locks using $DEQ, and obtain informationabout the lock database using $GETLKI
Control
Gives you the right to modify the protectionelements of a resource domain

Template Profile  

The resource domain class provides the following templateprofile. The template assigns an owner UIC of [n,*]where n is the resource domain's number.

Template Name Owner UIC Protection Code
DEFAULT
[n,*]
S:RWL,O:RWL,G:RWL,W

Privilege Requirements  

The SYSLCK privilege allows lock access to the system resourcedomain (Domain 0).

Kinds of Auditing Performed  

The following events can be audited, provided the securityadministrator enables auditing for the event class:

Event Audited When Audit Occurs
Access
When a process calls $SET_RESOURCE_DOMAINor $ENQ to join a domain
Creation
The first time a processjoins the resource domain
Deaccess
When a process called $SET_RESOURCE_DOMAINor at image or process rundown

Permanence of the Object  

Both the resource domain and its security elements are savedin SYS$SYSTEM:VMS$OBJECTS.DAT.

go to previous page: QueuesQueues
go to next page: Security ClassesSecurity Classes