skip book previous and next navigation links
go up to top of book: HP OpenVMS Guide to System SecurityHP OpenVMS Guide to System Security
go to beginning of part: Security for the System AdministratorSecurity for the System Administrator
go to beginning of appendix: Assigning PrivilegesAssigning Privileges
go to previous page: GRPNAM Privilege (Devour)GRPNAM Privilege (Devour)
go to next page: IMPERSONATE Privilege (All) (Formerly DETACH)IMPERSONATE Privilege (All) (Formerly DETACH)
end of book navigation links

GRPPRV Privilege (Group)  



When the process's group matches the group of the object owner,the GRPPRV privilege gives a process the access rights providedby the object's system protection field. GRPPRV also lets a processchange the protection or the ownership of any object whose ownergroup matches the process's group by using the DCL commands SETSECURITY.

Grant this privilege only to users who function as group managers.If this privilege is given to unqualified users who have no needfor it, they can modify group UAF records to values equal to thoseof the group manager. They can increase resource allocations andgrant privileges for which they are authorized.

The GRPPRV privilege lets a process perform the followingtasks:

Task Interface
Modify objectownership
SET SECURITY/OWNER, $QIOrequest to F11BXQP
Read or modifya user authorization record
$GETUAI, $SETUAI
File systemoperations:
$QIO request to F11BXQP
  • Overridethe creation of an owner ACE on a newly created file


  • Clear the directory bit in a directory's file header


  • Acquire or release a volume lock


  • Force mount verification on a volume


  • Create a file access window with the no access lockbit set


  • Specify a null lock mode for a volume lock


  • Access a locked file


  • Enable or disable disk quotas on a volume



go to previous page: GRPNAM Privilege (Devour)GRPNAM Privilege (Devour)
go to next page: IMPERSONATE Privilege (All) (Formerly DETACH)IMPERSONATE Privilege (All) (Formerly DETACH)