When the process's group matches the group of the object owner,the GRPPRV privilege gives a process the access rights providedby the object's system protection field. GRPPRV also lets a processchange the protection or the ownership of any object whose ownergroup matches the process's group by using the DCL commands SETSECURITY.
Grant this privilege only to users who function as group managers.If this privilege is given to unqualified users who have no needfor it, they can modify group UAF records to values equal to thoseof the group manager. They can increase resource allocations andgrant privileges for which they are authorized.
The GRPPRV privilege lets a process perform the followingtasks:
Task
Interface
Modify objectownership
SET SECURITY/OWNER, $QIOrequest to F11BXQP
Read or modifya user authorization record
$GETUAI, $SETUAI
File systemoperations:
$QIO request to F11BXQP
Overridethe creation of an owner ACE on a newly created file
Clear the directory bit in a directory's file header
Acquire or release a volume lock
Force mount verification on a volume
Create a file access window with the no access lockbit set