/ATTRIBUTES=(keyword[,...])
Specifies attributes to be associated with the identifiers. Attributes
may be added to new or existing identifiers. The following are valid
keywords:
DYNAMIC
|
Allows unprivileged holders of the identifier to remove and to restore
the identifier from the process rights list by using the DCL command
SET RIGHTS_LIST.
|
NOACCESS
|
Makes any access rights of the identifier null and void. If a user is
granted an identifier with the No Access attribute, that identifier has
no effect on the user's access rights to objects. This attribute is a
modifier for an identifier with the Resource or Subsystem attribute.
|
RESOURCE
|
Allows holders of an identifier to charge disk space to the identifier.
Used only for file objects.
|
SUBSYSTEM
|
Allows holders of the identifier to create and maintain protected
subsystems by assigning the Subsystem ACE to the application images in
the subsystem. Used only for file objects.
|
To remove an attribute from the identifier, add a NO prefix to the
attribute keyword. For example, to remove the Resource attribute,
specify /ATTRIBUTE=NORESOURCE.
The default uses the current processes in the rights database. Use the
command SHOW PROCESS/RIGHTS to see the attributes of the current
process.
/DISABLE
Removes the identifiers from the process or system rights list. You
cannot use the /DISABLE qualifier with the /ENABLE qualifier. Note that
removing more than ten identifiers in a single command invocation
requires CMKRNL privilege.
/ENABLE
Adds the identifiers to the process or system rights list. You cannot
use the /ENABLE qualifier with the /DISABLE qualifier. Note that adding
more than ten identifiers in a single command invocation requires
CMKRNL privilege.
/IDENTIFICATION=pid
Specifies the process identification (PID) value of the process whose
rights list is to be modified. The PID is assigned by the system when
the process is created. When you specify a PID, you can omit the
leading zeros.
If you specify the /IDENTIFICATION qualifier, you cannot use the
/PROCESS qualifier. By default, if neither the /IDENTIFICATION nor the
/PROCESS qualifier is specified, the current process is assumed. You
cannot use the /IDENTIFICATION qualifier with the /SYSTEM qualifier.
/PROCESS[=process-name]
Specifies the name of the process whose rights list is to be modified.
The process name can contain from 1 to 15 alphanumeric characters.
If you specify the /PROCESS qualifier, you cannot use the
/IDENTIFICATION qualifier. By default, if neither the /PROCESS nor the
/IDENTIFICATION qualifier is specified, the current process is assumed.
You cannot use the /PROCESS qualifier with the /SYSTEM qualifier.
/SYSTEM
Specifies that the desired operation (addition or removal of an
identifier) be performed on the system rights list. You cannot use the
/SYSTEM qualifier with the /PROCESS or the /IDENTIFICATION qualifier.