1 ACL_Editor The access control list editor (ACL editor) routine, ACLEDIT$EDIT, allows user-written applications to manipulate access control lists (ACLs). 2 ACLEDIT$EDIT The ACLEDIT$EDIT routine creates and modifies an access control list (ACL) associated with any protected object. Format ACLEDIT$EDIT item_list 3 Returns OpenVMS usage:cond_value type: longword (unsigned) access: write only mechanism: by value Longword condition value. Most utility routines return a condition value in R0. Condition values that this routine can return are listed under Condition Values Returned. 3 Argument item_list OpenVMS usage:item_list_3 type: longword (unsigned) access: read only mechanism: by descriptor Item list used by the callable ACL editor. The item_list argument is the address of one or more descriptors of arrays, routines, or longword bit masks that control various aspects of the editing session. Each entry in an item list is in the standard format shown in the following figure: The following table provides a detailed description of each item list entry: Item Identifier Description ACLEDIT$C_OBJNAM Specifies the name of the object whose ACL is being edited. ACLEDIT$C_OBJTYP A longword value that specifies the object type code for the type or class of the object whose ACL is being edited. These type codes are defined in $ACLDEF. The default object type is FILE (ACL$C_FILE). ACLEDIT$C_ Represents a longword bit mask of the various OPTIONS options available to control the editing session. Flag Function ACLEDIT$V_ Indicates that the editing JOURNAL session is to be journaled. ACLEDIT$V_ Indicates that the editing RECOVER session is to be recovered from an existing journal file. ACLEDIT$V_ Indicates that the journal KEEP_RECOVER file used to recover the editing session is not to be deleted when the recovery is complete. ACLEDIT$V_ Indicates that the journal KEEP_JOURNAL file used for the editing session is not to be deleted when the session ends. ACLEDIT$V_ Indicates that the session PROMPT_MODE is to use automatic text insertion (prompting) to build new access control list entries (ACEs). ACLEDIT$C_BIT_ Specifies a vector of 32 quadword string TABLE descriptors of strings that define the names of the bits present in the access mask. (The first descriptor defines the name of bit 0; the last descriptor defines the name of bit 31.) These descriptors are used in parsing or formatting an ACE. The buffer address field of the item descriptor contains the address of this vector. ACLEDIT$C_CLSNAM A string descriptor that points to the class name of the object whose ACL is being modified. The following are valid class names: o CAPABILITY o COMMON_EVENT_FLAG_CLUSTER o DEVICE o FILE o GROUP_GLOBAL_SECTION o LOGICAL_NAME_TABLE o QUEUE o RESOURCE_DOMAIN o SECURITY_CLASS o SYSTEM_GLOBAL_SECTION o VOLUME If both OBJTYP and CLSNAM are omitted, the object is assumed to belong to the FILE class. 3 Description Use the ACLEDIT$EDIT routine to create and modify an ACL associated with any security object. Under normal circumstances, the application calls the ACL editor to modify an object's ACL, and control is returned to the application when you finish or abort the editing session. If you also want to use a customized version of the ACL editor section file, the logical name ACLEDT$SECTION should be defined. See the OpenVMS System Management Utilities Reference Manual for more information. 3 Condition_Values_Returned SS$_NORMAL Normal successful completion. RMS$_xxx See the OpenVMS Record Management Services Reference Manual for a description of OpenVMS RMS status codes.