[an error occurred while processing this directive]

HP OpenVMS Systems Documentation
Content starts here Defining Sharing of Rights
HP OpenVMS Guide to System Security: OpenVMS Version 8.4 > Chapter 8 Controlling Access to System Data and Resources

Defining Sharing of Rights

spacerspacerspacer
spacer
spacer
  		 
 

Many users often share the same access needs, and an ACL consisting strictly of UIC identifiers can become too lengthy. To shorten the ACL, you can include environmental identifiers, which are system-defined, or create general identifiers (see “Major Types of Rights Identifiers”Table 4-1).

When creating general identifiers, you design the names of the identifiers you want on your system and compose the set of holders for the identifiers. Then you add the identifiers to the rights database and assign the identifiers to the intended users.

For example, the Rainbow Paint Company decided to add the identifier PAYROLL to the rights database. The holders of that identifier were all users who needed read, write, execute, and delete access to PAYROLL.DAT: OWESTWOOD, CRUIZ, and RSMITH.

Once the identifier and its holders were defined, the security administrator used the following ACL to specify the same type of access to PAYROLL.DAT:

(IDENTIFIER=PAYROLL,ACCESS=READ+WRITE+EXECUTE+DELETE)
(IDENTIFIER=JSIMON,ACCESS=READ)
(IDENTIFIER=SGIBSON,ACCESS=READ)


Naming Individual Users in ACLs
  		 


Conditionalizing Identifiers for Different Users