|
HP OpenVMS Systemsask the wizard |
|
The Question is: Hello, I'm working with ACE and found two different ways to define access for all others user/all other idents IDENT=*, ACCESS=... IDENT=[*,*], ACCESS=... What is different between these two definition ? greetings from Hannover, Germany Dirk The Answer is : For details of Access Control Lists (ACLs) and Access Control List Entries (ACEs), as well as resource, subsystem and other forms of identifiers, please see the information available within the OpenVMS System Security Manual. In this particular case, one is the wildcard identifer, and the other is the wildcard UIC. (Determining which one is the identifier and which is the UIC is left as an exercise for the reader.) There is no generally need for such an identifier wildcard, as this wildcard result can more directly be achieved using the standard UIC protection mask and mechanisms. In most instances, there is no specific need for an ACL nor a wildcarded ACE for general access to an object; a standard OpenVMS UIC rotection mask setting can provide wildcard access or wildcard denial. Do note that the order of ACEs within an ACL and teh UIC progtection mask are of some importance. The security manual will have details here, of course.
|