HP OpenVMS Systems Documentation

Defines a UIC-based protection to be propagated to new files throughout a directory tree. The protection code in the ACE is assigned to new files created in the directory. The Default Protection ACE applies to directory files only. Although the system propagates the Default Protection ACE to new subdirectories, the protection code is not assigned to the subdirectories. Instead, the subdirectories receive a modified copy of the parent directory's protection code in which delete access is not granted.

An example of a Default Protection ACE is as follows:

(DEFAULT_PROTECTION,S:RWED,O:RWED,G,W)

The ACE grants read, write, execute, and delete access to users in the system (S) and owner (O) categories but no access to users in the group and world categories. For more information, see the HP OpenVMS Guide to System Security.

Format

(DEFAULT_PROTECTION[,OPTIONS=attribute[+attribute...]],access)

Parameters

options

Specify any of the following attributes:

Hidden	Indicates that this ACE should be changed only by the application that adds it. Although the Hidden attribute is valid for any ACE type, its intended use is to hide Application ACEs. To delete or modify a hidden ACE, you must use the SET SECURITY command. Users need the SECURITY privilege to display a hidden ACE with the DCL commands SHOW SECURITY or DIRECTORY/SECURITY. SECURITY privilege is also required to modify or delete a hidden ACE with the DCL command SET SECURITY. The ACL editor displays the ACE only to show its relative position within the ACL, not to facilitate editing of the ACE. To create a hidden ACE, an application can invoke the $SET_SECURITY system service.
Protected	Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways: By using the ACL editor By specifying the ACE explicitly when deleting it Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE. By deleting all ACEs, both protected and unprotected Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs. The following commands do not delete protected ACEs: SET SECURITY/ACL/DELETE SET SECURITY/LIKE SET SECURITY/DEFAULT
Nopropagate	Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands.
None	Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field.

access

Specify access in the format of a UIC-based protection code, which is as follows:

[category: list of access allowed (, category: list of access allowed,...)]

• User categories include system (S), owner (O), group (G), and world (W). Refer to the HP OpenVMS Guide to System Security for a definition of these categories. Access types for files include read (R), write (W), execute (E), and delete (D). The access type is assigned to each ownership category and is separated from its access types with a colon (:).
• A null access list means no access, so when you omit an access type for a user category, that category of user is denied that type of access. To deny all access to a user category, specify the user category without any access types. Omit the colon after the user category when you deny access to a category of users.
• When you omit a user category from a protection code, the current access allowed that category of user is set to no access.

Controls the type of access allowed to a particular user or group of users. An example of an Identifier ACE is as follows:

(IDENTIFIER=SALES,ACCESS=READ+WRITE)

A system manager can use the Authorize utility (AUTHORIZE) to grant the SALES identifier to a specific group of users. Read and write access to the file INVENTORY.DAT is then granted to users who hold the SALES identifier.

For more information, see the HP OpenVMS Guide to System Security.

Format

(IDENTIFIER=identifier[+identifier...] [,OPTIONS=attributes[+attributes...]] ,ACCESS=access-type[+access-type...])

Parameters

identifier

Specifies a user or groups of users whose access to an object is defined in the ACE. A system manager creates or removes identifiers and assigns users to hold these identifiers.

Types of identifiers are as follows:

UIC	Identifiers in alphanumeric format that are based on the user identification codes (UICs) and that uniquely identify each user on the system. Users with accounts on the system automatically receive a UIC identifier, for example, [GROUP1,JONES] or [JONES]. Thus, each UIC identifier specifies a particular user.
General	Identifiers defined by the security administrator in the rights list to identify groups of users on the system. A general identifier is an alphanumeric string of 1 to 31 characters, containing at least one alphabetic character. It can include the letters A to Z, dollar signs ($), underscores (_), and the numbers 0 to 9, for example, 92SALES$, ACCOUNT_3, or PUBLISHING.
Environmental	Identifiers describing different types of users based on their initial entry into the system. Environmental identifiers are also called system-defined identifiers. Environmental identifiers correspond directly to the login classes described in the HP OpenVMS Guide to System Security. They include batch, network, interactive, local, dialup, and remote.

For more information, see the HP OpenVMS Guide to System Security.

options

Specify any of the following attributes:

Default	Indicates that an ACE is to be included in the ACL of any files created within a directory. When the entry is propagated, the Default attribute is removed from the ACE of the created file. This attribute is valid for directory files only. Note that an Identifier ACE with the Default attribute has no effect on access.
Hidden	Indicates that this ACE should be changed only by the application that adds it. Although the Hidden attribute is valid for any ACE type, its intended use is to hide Application ACEs. To delete or modify a hidden ACE, you must use the SET SECURITY command. Users need the SECURITY privilege to display a hidden ACE with the DCL commands SHOW SECURITY or DIRECTORY/SECURITY. SECURITY privilege is also required to modify or delete a hidden ACE with the DCL command SET SECURITY. The ACL editor displays the ACE only to show its relative position within the ACL, not to facilitate editing of the ACE. To create a hidden ACE, an application can invoke the $SET_SECURITY system service.
Protected	Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways: By using the ACL editor By specifying the ACE explicitly when deleting it Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE. By deleting all ACEs, both protected and unprotected Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs. The following commands do not delete protected ACEs: SET SECURITY/ACL/DELETE SET SECURITY/LIKE SET SECURITY/DEFAULT
Nopropagate	Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands.
None	Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field.

access

Specify access types that are valid for the object class. Refer to the HP OpenVMS Guide to System Security for a listing of valid access types.

Grants additional identifiers to a process while it is running the image to which the Subsystem ACE applies. Users with execute access to the image can access objects that are in the protected subsystem, such as data files and printers, but only when they run the subsystem images. The Subsystem ACE applies to executable images only.

An example of a Subsystem ACE is as follows:

(SUBSYSTEM, IDENTIFIER=ACCOUNTING)

Format

(SUBSYSTEM,[OPTIONS=attribute[+attribute...],]IDENTIFIER=identifier [,ATTRIBUTES=attribute[+attribute...]] [,IDENTIFIER=identifier [,ATTRIBUTES=attribute[+attribute...]],...])

Parameters

options

Specify any of the following attributes:

Protected	Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways: By using the ACL editor By specifying the ACE explicitly when deleting it Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE. By deleting all ACEs, both protected and unprotected Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs. The following commands do not delete protected ACEs: SET SECURITY/ACL/DELETE SET SECURITY/LIKE SET SECURITY/DEFAULT
Nopropagate	Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands.
None	Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field.

identifier

A general identifier specifying the users or groups of users who are allowed or denied access to an object. It is an alphanumeric string of 1 through 31 characters, containing at least one alphabetic character. It can include the letters A to Z, dollar signs ($), underscores (_), and the numbers 0 to 9. For more information, see the HP OpenVMS Guide to System Security.

A Subsystem ACE can have multiple pairs of identifiers, with special attributes assigned to the identifiers. A subsystem might require several identifiers to work properly. For example:

(SUBSYSTEM,IDENTIFIER=MAIL_SUBSYSTEM,ATTRIBUTE=NONE,IDENTIFIER=BLDG5,ATTRIBUTE=NONE)

attribute

The identifier characteristics you specify when you add identifiers to the rights list or grant identifiers to users. You can specify the following attribute:

Resource

Allows holders of the identifier to charge disk space to the identifier. Used only for file objects.

1.4 ACL Editor Qualifiers

All of the qualifiers described in this section also apply to the SET SECURITY/EDIT command. You can substitute the SET SECURITY/EDIT command wherever the EDIT/ACL command is shown; the syntax is the same for both commands.

/CLASS

Specifies the class of the object whose ACL is being edited. Unless the object is a file, you must specify the object class.

Format

/CLASS =object-class

Description

To edit the ACL for an object other than a file, specify the object class with the /CLASS qualifier. Specify one of the following classes:

CAPABILITY	A system capability, such as the ability to process vector instructions. Currently, the only defined object name for the CAPABILITY class is VECTOR, which governs the ability of a subject to access a vector processor on the system. Note that you must supply the capability name as the object name parameter.
COMMON_EVENT_CLUSTER	A common event flag cluster.
DEVICE	A device, such as a disk or tape drive.
FILE	A file or a directory file. This is the default.
GROUP_GLOBAL_SECTION	A group global section.
LOGICAL_NAME_TABLE	A logical name table.
QUEUE	A batch queue or a device (printer, server, or terminal) queue.
RESOURCE_DOMAIN	A resource domain.
SECURITY_CLASS	A security class.
SYSTEM_GLOBAL_SECTION	A system global section.
VOLUME	A disk or tape volume.

Examples

$ EDIT/ACL/CLASS=DEVICE WORK1
      

The command in this example specifies that the object WORK1 is a device.

$ EDIT/ACL/CLASS=QUEUE FAST_BATCH
      

The command in this example creates an ACL for the queue FAST_BATCH. Note that if you create an ACL for a generic queue, you must create identical ACLs for all execution queues to which jobs can be directed.

Controls whether a journal file is created for the editing session.

Format

/JOURNAL [=file-spec]

/NOJOURNAL

Description

By default, the ACL editor keeps a journal file containing a copy of modifications made during an editing session. The journal file is given the name of the object and a .TJL file type. If you specify a different name for the file, do not include any wildcard characters.

To prevent the ACL editor from creating a journal file, specify /NOJOURNAL.

If your editing session ends abnormally, you can recover the changes made during the aborted session by invoking the ACL editor with the /RECOVER qualifier.

Examples

$ EDIT/ACL/JOURNAL=COMMONACL.SAV MECH1117.DAT
      

With this command, you create a journal file named COMMONACL.SAV. The file contains a copy of the ACL and the editing commands used to create the ACL for the file MECH1117.DAT.

If the editing session is interrupted, you can recover your edits by specifying the name COMMONACL.SAV with the /RECOVER qualifier.

$ EDIT/ACL/CLASS=RESOURCE/JOURNAL=ZERO_RESOURCE.TJL [0]
      

If you edit an ACL for the resource domain [0], the ACL editor attempts to create the file [0].TJL on the default device and fails. To create an ACL for the resource [0], you must specify a different name for the journal file (as shown in this example) or suppress the creation of a journal file with the /NOJOURNAL qualifier.

Specifies the use of prompting during the editing session.

Format

/MODE =option

Description

By default, the ACL editor prompts you for each ACE and provides values for some of the fields within an ACE (/MODE=PROMPT). To disable prompting, specify /MODE=NOPROMPT on the command line.

Examples

$ EDIT/ACL/MODE=NOPROMPT WEATHERTBL.DAT
 
      

With this command, you initiate an ACL editing session to create an ACL for the file WEATHERTBL.DAT. The /MODE=NOPROMPT qualifier specifies that no assistance is required in entering the ACL entries.

The /OBJECT_TYPE qualifier is superseded by the /CLASS qualifier.

Restores an ACL from a journal file at the beginning of an editing session.

Format

/RECOVER [=file-spec]

/NORECOVER

Description

The /RECOVER qualifier specifies that the ACL editor must restore the ACL from a journal file. The ACL editor restores the ACL to the state it was in when the last ACL editing session ended abnormally.

By default the journal file is given the name of the object and a .TJL file type. If you specify a more meaningful name for the journal file when you invoke the ACL editor (by using /JOURNAL), specify that file name with the /RECOVER qualifier.

Examples

$ EDIT/ACL/JOURNAL=SAVEACL MYFILE.DAT
 
 



  

    

      

      
 
  
 
  
   .
   .
   .
User creates ACL until system crashes 
   .
   .
   .
$ EDIT/ACL/JOURNAL=SAVEACL/RECOVER=SAVEACL MYFILE.DAT 
   .
   .
   .
ACL is restored and user proceeds with editing until done 
   .
   .
   .
^Z 
$ 




      

The first command in this example starts the ACL editing session and specifies that the ACL editor must save the journal file SAVEACL.TJL if the session ends abnormally. The session proceeds until it is aborted by a system crash.

The next command restores the lost session with the journal file SAVEACL.TJL. To end the session, press Ctrl/Z. The ACL editor saves the edits and deletes the journal file.