VMS Help CMS, SET, ACL *Conan The Librarian (sorry for the slow response - running on an old VAX) |
Manipulates the access control list (ACL) on various objects in the CMS library. Format: SET ACL object-expression /OBJECT_TYPE=type "remark"
1 - Command Parameters |
object-expression Specifies one or more objects whose ACL is to be modified. Wildcards and a comma list are allowed. The object name depends on the object type (see the /OBJECT_TYPE qualifier). For example, if the object type is CLASS, the object name is the name of a class in the CMS library. The same principle applies to elements and groups. If the object type is LIBRARY, the object expression must be a list of one or more of the following keywords: ELEMENT_LIST CLASS_LIST GROUP_LIST HISTORY LIBRARY_ATTRIBUTES These keywords are referred to as object subtypes. You can abbreviate object subtypes. Wildcards are not allowed. The object name can also be the name of a CMS command. If /OBJECT_ TYPE is specified as COMMAND, SET ACL modifies the ACL on the given command. Commands that contain two words must be specified with an underscore, for example, INSERT_ELEMENT. remark Specifies a character string to be logged in the history file with this command, usually used to explain why the command was entered. The remark is enclosed in quotation marks. If no remark was entered, a null remark ("") is logged.
2 - Description |
The SET ACL command is used to manipulate ACLs on various objects in the CMS library. ACLs can be put on elements, groups, and classes, as well as on the lists containing these entities. (An ACL on a list can be thought of as a directory ACL.) An ACL can be put on the entire library, and on the library history. ACLs can also be used to control access to individual CMS commands.
3 - Qualifiers |
3.1 - /ACL[=(ace[,...])]
Specifies one or more access control entries (ACEs) to be modified. When no ACE is specified, the entire access control list (ACL) is affected. Separate multiple ACEs with commas and enclose the list in parentheses. The specified ACEs are inserted at the beginning of the ACL unless the /AFTER qualifier is used.
3.2 - /AFTER=ace
Indicates that all access control entries (ACEs) specified with the /ACL qualifier are added after the ACE specified with the /AFTER qualifier. By default, any ACEs added to the access control list (ACL) are always placed at the top of the list.
3.3 - /CONFIRM
Controls whether CMS prompts you for confirmation before each transaction. When you specify /CONFIRM and run CMS in interactive mode, CMS prompts you for confirmation. If you type YES, ALL, TRUE, or 1, CMS executes the transaction. If you type NO, QUIT, FALSE, 0, or press RETURN or CTRL/Z, no action is performed. If you type any other character, CMS continues to prompt until you type an acceptable response. CMS does not prompt for confirmation in batch mode.
3.4 - /DEFAULT
Creates an ACL for one or more specified objects as if the object were newly created. The /DEFAULT qualifier propagates the DEFAULT option ACEs in the ACL of the entity list to the ACL of the specified object. This qualifier can be used only with an object that is a library entity, that is, either an element, class, or group.
3.5 - /DELETE
Indicates that the access control entries (ACEs) specified with the /ACL qualifier are to be deleted. If no ACEs are specified with the /ACL qualifier, the entire ACL is deleted. If the /ACL qualifier specifies an ACE that does not exist in the ACL of the specified object, you are notified that the ACE does not exist, and the delete operation continues on to the next ACE on the ACL, if any exists.
3.6 - /LIKE=object-specification
Indicates that the ACL of the specified object is to replace the ACL of the object or objects specified with SET ACL. Any existing ACEs are deleted before the ACL specified by /LIKE is copied. The type of the source and destination objects must be the same. No wildcard characters are allowed in the /LIKE parameter.
3.7 - /LOG (D)
Controls whether CMS displays success and informational messages on the default output device. By default, if the command executes successfully, CMS displays a success message. If you specify /NOLOG, success and informational messages are suppressed. Any warning, error, or fatal error messages are displayed regardless of whether /LOG or /NOLOG is specified.
3.8 - /NEW
Indicates that any existing ACEs in the ACL of the object specified with SET ACL are to be deleted. To use the /NEW qualifier, you must specify a new ACL or ACE with the /ACL qualifier.
3.9 - /OBJECT_TYPE=type
Specifies the type of the object whose ACL is being modified. There is no default object type; therefore, this qualifier is required. The type must be one of the following keywords: CLASS ELEMENT GROUP LIBRARY COMMAND
3.10 - /OCCLUDE[=option,...]
Controls whether CMS selects the first instance of the specified object, or all instances of the specified object in the library search list. The options field contains one or more keywords associated with the name of the object. The options field can contain the following keywords: ALL--equivalent to (ELEMENT, GROUP, CLASS, OTHER) ELEMENT (D) NOELEMENT GROUP (D) NOGROUP CLASS (D) NOCLASS OTHER (D) NOOTHER NONE--equivalent to (NOELEMENT, NOGROUP, NOCLASS, NOOTHER) You can specify either ALL or NONE, or any combination of the [NO]ELEMENT, [NO]GROUP, [NO]CLASS, and [NO]OTHER keywords. By default, CMS performs occlusion for all objects; that is, CMS selects only the first occurrence of a specified object.
3.11 - /REPLACE=(ace[,...])
Deletes the access control entries (ACEs) specified with the /ACL qualifier and replaces them with those specified with /REPLACE. Any ACEs specified with the /ACL qualifier must exist and must be specified in the order in which they appear in the current ACL.
4 - Examples |
(1) CMS> SET ACL/OBJECT=ELEMENT SAMPLE.PAS/ACL=(IDENTIFIER=WALLEN, -) _CMS> ACCESS=RESERVE+CONTROL "setting up acl on element" %CMS-S-MODACL, modified access control list for element DISKX:[PROJECT.CMSLIB]SAMPLE.PAS This command assigns an ACL on the element SAMPLE.PAS, specifying that the user holding the identifier WALLEN has reserve and control access on the element. (2) CMS> SET ACL/OBJECT=LIBRARY ELEMENT_LIST/ACL=((IDENTIFIER=WALLEN, -) _CMS> OPTIONS=DEFAULT,ACCESS=FETCH,(IDENTIFIER=WALLEN, -) _CMS> ACCESS=CREATE+CONTROL)) _Remark: assign ACEs to newly created elements %CMS-S-MODACL, modified access control list for subtype DISKX:[PROJECT.CMSLIB]ELEMENT_LIST This example shows how to assign two separate ACEs on the element list. The first ACE specifies a default ACE to be inherited by newly created elements in the library. The second ACE allows the user holding the identifier WALLEN to create elements in the library. (3) CMS> SET ACL/OBJECT=ELEMENT/DEFAULT SAMPLE.PAS _Remark: inherit default ACEs from element list %CMS-S-MODACL, modified access control list for element DISKX:[PROJECT.CMSLIB]SAMPLE.PAS CMS> SHOW ACL/OBJECT=ELEMENT SAMPLE.PAS ACLs in CMS Library DISKX:[PROJECT.CMSLIB] SAMPLE.PAS (IDENTIFIER=[PROJECT,WALLEN],ACCESS=FETCH) The SET ACL command causes the default ACE from the element list (see example 2) to be placed on the element SAMPLE.PAS. The SHOW ACL command displays the ACE on element SAMPLE.PAS (which is now assigned the default ACE from the element list in example 2). (4) CMS> SET ACL/OBJECT=CLASS BL1/ACL=(IDENTIFIER=[DEV,*]+LIBRARIAN, -) _CMS> ACCESS=INSERT+REMOVE _Remark: allow access to class for library employees %CMS-S-MODACL, modified access control list for class DISKX:[PROJECT.CMSLIB]BL1 This command assigns an ACL allowing insert and remove access to class BL1 for users in group DEV holding the LIBRARIAN identifier. (5) CMS> SET ACL/OBJECT=CLASS/LIKE=BL1 BL2 _Remark: put ACL from class BL1 on class BL2 %CMS-S-MODACL, modified access control list for class DISKX:[PROJECT.CMSLIB]BL2 CMS> SHOW ACL/OBJECT=CLASS ACLs in CMS Library DISKX:[PROJECT.CMSLIB] BL1 (IDENTIFIER=[DEV,*]+LIBRARIAN,ACCESS=INSERT+REMOVE) BL2 (IDENTIFIER=[DEV,*]+LIBRARIAN,ACCESS=INSERT+REMOVE) In this example, the /LIKE qualifier causes the ACL from the class BL1 (see example 4) to be placed on the class BL2. The SHOW ACL command displays the ACL on both classes BL1 and BL2.
|