OPER Privilege (System)

If both a Table of Contents and Search form are not displayed in separate frames along with this one, you may wish to redisplay this book in a frameset, beginning with the first page.

HP OpenVMS Guide to System Security

Security for the System Administrator

Assigning Privileges

NETMBX Privilege (Normal)

PFNMAP Privilege (All)

OPER Privilege (System)

The OPER privilege allows a process to use the Operator CommunicationManager (OPCOM) process to reply to user's requests, to broadcastmessages to all terminals logged in, to designate terminals as operators' terminalsand specify the types of messages to be displayed on these operators'terminals, and to initialize and control the log file of operators'messages. In addition, this privilege lets the user spool devices,create and control all queues, and modify the protection and ownershipof all non-file-structured devices.

Grant this privilege only to the operators of the system.These are the users who respond to the requests of ordinary users,who tend to the needs of the system's peripheral devices (mountingreels of tape and changing printer forms), and who attend to allthe other day-to-day chores of system operation. (A nonprivilegeduser can log in on the console terminal to respond to operator requests,for example, to mount a tape.)

The OPER privilege lets a process perform the following tasks:

Task Interface

Modify deviceprotection
SET PROTECTION/DEVICE

Modify deviceownership
SET PROTECTION/DEVICE/OWNER

Access theSystem Management utility
SYSMAN

Perform operator tasks:

Issue a broadcastreply
REPLY, $SNDOPR

Cancel a systemoperator request
REPLY/ABORT, $SNDOPR

Initializethe system operator log file
$SNDOPR

Reply to apending system operator request
REPLY/TO, REPLY/PENDING, REPLY/INITIALIZE_TAPE,$SNDOPR

Issue a systemoperator request
REQUEST, $SNDOPR

Enable systemoperator classes
REPLY/ENABLE, $SNDOPR, $SNDMSG

Disable systemoperator classes
REPLY/DISABLE, $SNDOPR

Send a broadcastmessage
$BRKTHRU, $BRDCST

Write an eventto the operator log
$SNDOPR

Initializea system operator log
REPLY/LOG, $SNDOPR

Close the currentoperator log
REPLY/NOLOG, $SNDOPR

Send a messageto an operator
REPLY, $SNDOPR

Enable or disableautostart
$SNDJBC (SJC$_DISABLE_AUTO_START, SJC$_ENABLE_AUTO_START)

Stop all queues
$SNDJBC (SJC$_STOP_ALL_QUEUES_ON_NODE)

Modify the characteristics of devices:

Modify deviceavailability
SET DEVICE/[NO]AVAILABLE

Modify devicedual-porting
SET DEVICE/[NO]DUAL_PORT

Modify deviceerror logging
SET DEVICE/[NO]ERROR_LOGGING

Modify devicespooling
SET DEVICE/[NO]SPOOLED

Modify default definitions of days:

Set defaultday type to PRIMARY
SET DAY/PRIMARY

Set defaultday type to SECONDARY
SET DAY/SECONDARY

Return daytype to DEFAULT
SET DAY/DEFAULT

Modify or override login limits:

Modify interactivelogin limit
SET LOGIN/INTERACTIVE

Modify networklogin limit
SET LOGIN/NETWORK

Modify batchlogin limit
SET LOGIN/BATCH

Create and modify queues:

Bypass discretionaryaccess to a queue

Create a queue
$SNDJBC (SJC$_CREATE_QUEUE)

Define queuecharacteristics
$SNDJBC (SJC$_DEFINE_CHARACTERISTICS)

Define forms
$SNDJBC (SJC$_DEFINE_FORM)

Delete characteristics
$SNDJBC (SJC$_DELETE_CHARACTERISTICS)

Delete forms
$SNDJBC (SJC$_DELETE_FORM)

Set the basepriority of batch processes
$SNDJBC (SJC$_BASE_PRIORITY)

Set the schedulingpriority of a job
$SNDJBC (SJC$_PRIORITY)

Start accounting
SET ACCOUNTING/ENABLE, $SNDJBC (SJC$_START_ACCOUNTING)

Stop accounting
SET ACCOUNTING/DISABLE,$SNDJBC (SJC$_STOP_ACCOUNTING)

Operate the LAT device:

Transmit LATsolicit information message
$QIO request to a LAT portdriver (LTDRIVER)

Set staticrating for LAT service
$QIO request to a LAT portdriver (LTDRIVER)

Read last LATresponse message buffer
$QIO request to a LAT portdriver (LTDRIVER)

Change porttype from dedicated to application
$QIO request to a LAT portdriver (LTDRIVER)

Change porttype from application to dedicated
$QIO request to a LAT portdriver (LTDRIVER)

Modify tape operations:

Specify numberof file window-mapping pointers
MOUNT/WINDOWS, $MOUNT

Mount a volumewith an alternate ACP
MOUNT/PROCESSOR, $MOUNT

Mount a volumewith alternate cache limits
MOUNT/CACHE, $MOUNT

Modify writecaching for a tape controller
MOUNT/CACHE, $MOUNT

Modify ODS1directory FCB cache limit
SET VOLUME/ACCESSED, MOUNT/ACCESSED, $MOUNT

Perform network operations:

Connect toan object while executor state is restricted

Read networkevent-logging buffer
NETACP

Modify networkvolatile database
NETACP

Access thepermanent database for an update
DECnet/NML

Connect toa DECnet circuit
$QIO request to the DECnetdownline load and loopback class driver (NDDRIVER)

Display thepermanent DECnet service password
NCP

Display thevolatile DECnet service password
NCP

Control character conversion by terminals:

Load terminalfallback table
TFU, $QIO request to theterminal fallback driver (FBDRIVER)

Unload terminalfallback table
TFU, $QIO request to theterminal fallback driver (FBDRIVER)

Establish systemdefault terminal fallback table
TFU, $QIO request to theterminal fallback driver (FBDRIVER)

Control cluster operations:

Request expectedvotes modification
SET CLUSTER/EXPECTED_VOTES

Request MSCPserving of a device
SET DEVICE/SERVED

Request quorummodification
SET CLUSTER/QUORUM

Add an adapterto the failover list
$QIO request to the DEBNIBI bus NI driver (EFDRIVER)

Remove an adapterfrom the failover list
$QIO request to the DEBNIBI bus NI driver (EFDRIVER)

Set an adapterto be the current adapter
$QIO request to the DEBNIBI bus NI driver (EFDRIVER)

Set the new adapter testinterval
$QIO request to the DEBNI BI bus NI driver (EFDRIVER)

Task	Interface
Modify deviceprotection	SET PROTECTION/DEVICE
Modify deviceownership	SET PROTECTION/DEVICE/OWNER
Access theSystem Management utility	SYSMAN
Perform operator tasks:
Issue a broadcastreply	REPLY, $SNDOPR
Cancel a systemoperator request	REPLY/ABORT, $SNDOPR
Initializethe system operator log file	$SNDOPR
Reply to apending system operator request	REPLY/TO, REPLY/PENDING, REPLY/INITIALIZE_TAPE,$SNDOPR
Issue a systemoperator request	REQUEST, $SNDOPR
Enable systemoperator classes	REPLY/ENABLE, $SNDOPR, $SNDMSG
Disable systemoperator classes	REPLY/DISABLE, $SNDOPR
Send a broadcastmessage	$BRKTHRU, $BRDCST
Write an eventto the operator log	$SNDOPR
Initializea system operator log	REPLY/LOG, $SNDOPR
Close the currentoperator log	REPLY/NOLOG, $SNDOPR
Send a messageto an operator	REPLY, $SNDOPR
Enable or disableautostart	$SNDJBC (SJC$_DISABLE_AUTO_START, SJC$_ENABLE_AUTO_START)
Stop all queues	$SNDJBC (SJC$_STOP_ALL_QUEUES_ON_NODE)
Modify the characteristics of devices:
Modify deviceavailability	SET DEVICE/[NO]AVAILABLE
Modify devicedual-porting	SET DEVICE/[NO]DUAL_PORT
Modify deviceerror logging	SET DEVICE/[NO]ERROR_LOGGING
Modify devicespooling	SET DEVICE/[NO]SPOOLED
Modify default definitions of days:
Set defaultday type to PRIMARY	SET DAY/PRIMARY
Set defaultday type to SECONDARY	SET DAY/SECONDARY
Return daytype to DEFAULT	SET DAY/DEFAULT
Modify or override login limits:
Modify interactivelogin limit	SET LOGIN/INTERACTIVE
Modify networklogin limit	SET LOGIN/NETWORK
Modify batchlogin limit	SET LOGIN/BATCH
Create and modify queues:
Bypass discretionaryaccess to a queue
Create a queue	$SNDJBC (SJC$_CREATE_QUEUE)
Define queuecharacteristics	$SNDJBC (SJC$_DEFINE_CHARACTERISTICS)
Define forms	$SNDJBC (SJC$_DEFINE_FORM)
Delete characteristics	$SNDJBC (SJC$_DELETE_CHARACTERISTICS)
Delete forms	$SNDJBC (SJC$_DELETE_FORM)
Set the basepriority of batch processes	$SNDJBC (SJC$_BASE_PRIORITY)
Set the schedulingpriority of a job	$SNDJBC (SJC$_PRIORITY)
Start accounting	SET ACCOUNTING/ENABLE, $SNDJBC (SJC$_START_ACCOUNTING)
Stop accounting	SET ACCOUNTING/DISABLE,$SNDJBC (SJC$_STOP_ACCOUNTING)
Operate the LAT device:
Transmit LATsolicit information message	$QIO request to a LAT portdriver (LTDRIVER)
Set staticrating for LAT service	$QIO request to a LAT portdriver (LTDRIVER)
Read last LATresponse message buffer	$QIO request to a LAT portdriver (LTDRIVER)
Change porttype from dedicated to application	$QIO request to a LAT portdriver (LTDRIVER)
Change porttype from application to dedicated	$QIO request to a LAT portdriver (LTDRIVER)
Modify tape operations:
Specify numberof file window-mapping pointers	MOUNT/WINDOWS, $MOUNT
Mount a volumewith an alternate ACP	MOUNT/PROCESSOR, $MOUNT
Mount a volumewith alternate cache limits	MOUNT/CACHE, $MOUNT
Modify writecaching for a tape controller	MOUNT/CACHE, $MOUNT
Modify ODS1directory FCB cache limit	SET VOLUME/ACCESSED, MOUNT/ACCESSED, $MOUNT
Perform network operations:
Connect toan object while executor state is restricted
Read networkevent-logging buffer	NETACP
Modify networkvolatile database	NETACP
Access thepermanent database for an update	DECnet/NML
Connect toa DECnet circuit	$QIO request to the DECnetdownline load and loopback class driver (NDDRIVER)
Display thepermanent DECnet service password	NCP
Display thevolatile DECnet service password	NCP
Control character conversion by terminals:
Load terminalfallback table	TFU, $QIO request to theterminal fallback driver (FBDRIVER)
Unload terminalfallback table	TFU, $QIO request to theterminal fallback driver (FBDRIVER)
Establish systemdefault terminal fallback table	TFU, $QIO request to theterminal fallback driver (FBDRIVER)
Control cluster operations:
Request expectedvotes modification	SET CLUSTER/EXPECTED_VOTES
Request MSCPserving of a device	SET DEVICE/SERVED
Request quorummodification	SET CLUSTER/QUORUM
Add an adapterto the failover list	$QIO request to the DEBNIBI bus NI driver (EFDRIVER)
Remove an adapterfrom the failover list	$QIO request to the DEBNIBI bus NI driver (EFDRIVER)
Set an adapterto be the current adapter	$QIO request to the DEBNIBI bus NI driver (EFDRIVER)
Set the new adapter testinterval	$QIO request to the DEBNI BI bus NI driver (EFDRIVER)

Used in combination with other privileges, OPER lets processesperform the following tasks:

Privileges Task Interface

OPER and CMKRNL
Mount a volumewith a private ACP
MOUNT/PROCESSOR, $MOUNT

OPER and LOG_IO
Set the systemtime
SET TIME, $SETIME

OPER and SYSNAM
Start or stopthe queue manager
START/QUEUE/MANAGER, STOP/QUEUE/MANAGER, $SNDJBC

OPER and VOLPRO
Initialize a blank tapeor override access checks while initializing a blank tape
$INIT_VOL, MOUNT, $MOUNT

Privileges	Task	Interface
OPER and CMKRNL	Mount a volumewith a private ACP	MOUNT/PROCESSOR, $MOUNT
OPER and LOG_IO	Set the systemtime	SET TIME, $SETIME
OPER and SYSNAM	Start or stopthe queue manager	START/QUEUE/MANAGER, STOP/QUEUE/MANAGER, $SNDJBC
OPER and VOLPRO	Initialize a blank tapeor override access checks while initializing a blank tape	$INIT_VOL, MOUNT, $MOUNT

NETMBX Privilege (Normal)

PFNMAP Privilege (All)