The SYSNAM privilege lets the user's process bypass discretionaryaccess controls on the system logical name table in order to insertnames into the system logical name table and delete names from thattable by using the Create Logical Name ($CRELNM) and Delete LogicalName ($DELLNM) system services. A process with this privilege canuse the DCL commands ASSIGN and DEFINE to add names to the systemlogical name table in user or executive mode and can use the DEASSIGNcommand in either mode to delete names from the table.
To mount a system volume or to dismount a system or groupvolume with the appropriate mount or dismount command or systemservice, you must have the SYSNAM privilege.
Grant this privilege only to the system operators or to systemprogrammers who need to define system logical names (such as namesfor user devices, library directories, and the system directory).Note that a process with SYSNAM privilege could redefine such criticalsystem logical names as SYS$SYSTEM and SYSUAF, thus gaining controlof the system.
The SYSNAM privilege also lets a process perform the followingtasks:
Task
Interface
Access a MAILmaintenance record
MAIL
Modify a MAILforward record
MAIL
Declare a networkobject
NETACP
Create an IPCassociation
$IPC
With CMKRNL, add or removean identifier to system rights list
HP OpenVMS Guide to System Security
Security for the System Administrator
