All users with execute access to the main application imageof the subsystem can use the data files and other objects undercontrol of the subsystem if the subsystem allows the access. However,managers of the subsystem can restrict access to objects of thesubsystem in the following ways:
They can create special identifiers for resources belongingto the subsystem that they do not want all members to access andadd ACEs to these resources.
They can use compound expressions in ACEs and thusgrant access conditionally. For example, the following ACE grantsaccess to MEMBERS_ADMIN when running MEMBERS_SUBSYSTEM but not to MEMBERS_ADMINalone nor to other users holding the MEMBERS_SUBSYSTEM identifier: (ID=MEMBERS_SUBSYSTEM+MEMBERS_ADMIN, ACCESS=READ+WRITE)
Remember that as long as users are executing the applicationimage for the subsystem, their process rights list contains thesubsystem identifier as well as their normal identifiers. However,as soon as users interrupt or exit from the application, their processrights list loses the subsystem identifier, and they lose accessrights to the objects in the subsystem. Subsystem identifiers arenot propagated by default when subprocesses are spawned.
HP OpenVMS Guide to System Security
Security for the System Administrator
