[an error occurred while processing this directive]

HP OpenVMS Systems Documentation

Content starts here

HP OpenVMS DCL Dictionary


Previous Contents Index


SET RIGHTS_LIST

Allows users to modify the process or system rights list. You must specify either the /DISABLE or the /ENABLE qualifier with the SET RIGHTS_LIST command.

Format

SET RIGHTS_LIST id-name[,...]


Parameter

id-name[,...]

Specifies identifiers to be added to or removed from the process or system rights list. The id-name parameter is a string of 1 to 31 alphanumeric characters, underscores (_), and dollar signs ($); each name must contain at least one nonnumeric character.

Description

The SET RIGHTS_LIST command modifies identifiers in your current process rights list, the rights list of another process on the system, or the system rights list. Use the following guidelines to determine which privileges are required for each case:
  • Adding new identifiers or modifying existing identifiers in your process rights list that do not have the Dynamic attribute requires CMKRNL (change mode to kernel) privilege.
  • Modifying the rights list of other processes on the system requires CMKRNL privilege and either GROUP or WORLD privilege.
  • Modifying the system rights list requires both CMKRNL and SYSNAM (system logical name) privileges.
  • Adding or removing more than ten identifiers using the /ENABLE qualifier or the /DISABLE qualifier in a single command invocation requires CMKRNL privilege. You must specify either the /DISABLE or the /ENABLE qualifier with the SET RIGHTS_LIST command.

This command can also be used to add attributes to existing identifiers.


Qualifiers

/ATTRIBUTES=(keyword[,...])

Specifies attributes to be associated with the identifiers. Attributes may be added to new or existing identifiers. The following are valid keywords:
DYNAMIC Allows unprivileged holders of the identifier to remove and to restore the identifier from the process rights list by using the DCL command SET RIGHTS_LIST.
NOACCESS Makes any access rights of the identifier null and void. If a user is granted an identifier with the No Access attribute, that identifier has no effect on the user's access rights to objects. This attribute is a modifier for an identifier with the Resource or Subsystem attribute.
RESOURCE Allows holders of an identifier to charge disk space to the identifier. Used only for file objects.
SUBSYSTEM Allows holders of the identifier to create and maintain protected subsystems by assigning the Subsystem ACE to the application images in the subsystem. Used only for file objects.

To remove an attribute from the identifier, add a NO prefix to the attribute keyword. For example, to remove the Resource attribute, specify /ATTRIBUTE=NORESOURCE.

The default uses the current processes in the rights database. Use the command SHOW PROCESS/RIGHTS to see the attributes of the current process.

/DISABLE

Removes the identifiers from the process or system rights list. You cannot use the /DISABLE qualifier with the /ENABLE qualifier. Note that removing more than ten identifiers in a single command invocation requires CMKRNL privilege.

/ENABLE

Adds the identifiers to the process or system rights list. You cannot use the /ENABLE qualifier with the /DISABLE qualifier. Note that adding more than ten identifiers in a single command invocation requires CMKRNL privilege.

/IDENTIFICATION=pid

Specifies the process identification (PID) value of the process whose rights list is to be modified. The PID is assigned by the system when the process is created. When you specify a PID, you can omit the leading zeros.

If you specify the /IDENTIFICATION qualifier, you cannot use the /PROCESS qualifier. By default, if neither the /IDENTIFICATION nor the /PROCESS qualifier is specified, the current process is assumed. You cannot use the /IDENTIFICATION qualifier with the /SYSTEM qualifier.

/PROCESS[=process-name]

Specifies the name of the process whose rights list is to be modified. The process name can contain from 1 to 15 alphanumeric characters.

If you specify the /PROCESS qualifier, you cannot use the
/IDENTIFICATION qualifier. By default, if neither the /PROCESS nor the /IDENTIFICATION qualifier is specified, the current process is assumed.

You cannot use the /PROCESS qualifier with the /SYSTEM qualifier.

/SYSTEM

Specifies that the desired operation (addition or removal of an identifier) be performed on the system rights list. You cannot use the /SYSTEM qualifier with the /PROCESS or the /IDENTIFICATION qualifier.

Examples

#1

$ SET RIGHTS_LIST/ENABLE/ATTRIBUTES=RESOURCE MARKETING
 
      

The SET RIGHTS_LIST command in this example adds the MARKETING identifier to the process rights list of the current process. Specifying the RESOURCE attribute allows holders of the MARKETING identifier to charge resources to it.

#2

$ SET RIGHTS_LIST/ENABLE/SYSTEM PHYSICS101
%SYSTEM-F-NOPRIV, insufficient privilege or object 
 protection violation
$ SET PROCESS/PRIVILEGES=(CMKRNL,SYSNAM)
$ SET RIGHTS_LIST/ENABLE/SYSTEM PHYSICS101
 
      

The SET RIGHTS_LIST command in this example adds the PHYSICS101 identifier to the system rights list. You must have both the CMKRNL (change mode to kernel) and SYSNAM (system logical name) privileges to modify the system rights list.


Previous Next Contents Index