VMS Help
CMS, SET, ACL

 *Conan The Librarian (sorry for the slow response - running on an old VAX)

    Manipulates the access control list (ACL) on various objects in
    the CMS library.

       Format:

          SET ACL  object-expression /OBJECT_TYPE=type "remark"

  1 - Command Parameters

 object-expression

    Specifies one or more objects whose ACL is to be modified.
    Wildcards and a comma list are allowed.

    The object name depends on the object type (see the /OBJECT_TYPE
    qualifier). For example, if the object type is CLASS, the object
    name is the name of a class in the CMS library. The same principle
    applies to elements and groups. If the object type is LIBRARY, the
    object expression must be a list of one or more of the following
    keywords:

       ELEMENT_LIST
       CLASS_LIST
       GROUP_LIST
       HISTORY
       LIBRARY_ATTRIBUTES

    These keywords are referred to as object subtypes. You can
    abbreviate object subtypes. Wildcards are not allowed.

    The object name can also be the name of a CMS command. If /OBJECT_
    TYPE is specified as COMMAND, SET ACL modifies the ACL on the
    given command. Commands that contain two words must be specified
    with an underscore, for example, INSERT_ELEMENT.

 remark

    Specifies a character string to be logged in the history file
    with this command, usually used to explain why the command was
    entered. The remark is enclosed in quotation marks. If no remark
    was entered, a null remark ("") is logged.

  2 - Description

    The SET ACL command is used to manipulate ACLs on various objects
    in the CMS library. ACLs can be put on elements, groups, and
    classes, as well as on the lists containing these entities. (An
    ACL on a list can be thought of as a directory ACL.) An ACL can be
    put on the entire library, and on the library history. ACLs can
    also be used to control access to individual CMS commands.

  3 - Qualifiers

 3.1 - /ACL[=(ace[,...])]

    Specifies one or more access control entries (ACEs) to be
    modified. When no ACE is specified, the entire access control
    list (ACL) is affected. Separate multiple ACEs with commas and
    enclose the list in parentheses. The specified ACEs are inserted
    at the beginning of the ACL unless the /AFTER qualifier is used.

 3.2 - /AFTER=ace

    Indicates that all access control entries (ACEs) specified with
    the /ACL qualifier are added after the ACE specified with the
    /AFTER qualifier. By default, any ACEs added to the access control
    list (ACL) are always placed at the top of the list.

 3.3 - /CONFIRM

    Controls whether CMS prompts you for confirmation before each
    transaction.

    When you specify /CONFIRM and run CMS in interactive mode, CMS
    prompts you for confirmation. If you type YES, ALL, TRUE, or 1,
    CMS executes the transaction.  If you type NO, QUIT, FALSE, 0,
    or press RETURN or CTRL/Z, no action is performed. If you type
    any other character, CMS continues to prompt until you type an
    acceptable response.

    CMS does not prompt for confirmation in batch mode.

 3.4 - /DEFAULT

    Creates an ACL for one or more specified objects as if the object
    were newly created. The /DEFAULT qualifier propagates the DEFAULT
    option ACEs in the ACL of the entity list to the ACL of the
    specified object. This qualifier can be used only with an object
    that is a library entity, that is, either an element, class, or
    group.

 3.5 - /DELETE

    Indicates that the access control entries (ACEs) specified with
    the /ACL qualifier are to be deleted. If no ACEs are specified
    with the /ACL qualifier, the entire ACL is deleted. If the /ACL
    qualifier specifies an ACE that does not exist in the ACL of the
    specified object, you are notified that the ACE does not exist,
    and the delete operation continues on to the next ACE on the ACL,
    if any exists.

 3.6 - /LIKE=object-specification

    Indicates that the ACL of the specified object is to replace the
    ACL of the object or objects specified with SET ACL. Any existing
    ACEs are deleted before the ACL specified by /LIKE is copied.

    The type of the source and destination objects must be the same.
    No wildcard characters are allowed in the /LIKE parameter.

 3.7 - /LOG (D)

    Controls whether CMS displays success and informational messages
    on the default output device. By default, if the command executes
    successfully, CMS displays a success message. If you specify
    /NOLOG, success and informational messages are suppressed. Any
    warning, error, or fatal error messages are displayed regardless
    of whether /LOG or /NOLOG is specified.

 3.8 - /NEW

    Indicates that any existing ACEs in the ACL of the object
    specified with SET ACL are to be deleted. To use the /NEW
    qualifier, you must specify a new ACL or ACE with the /ACL
    qualifier.

 3.9 - /OBJECT_TYPE=type

    Specifies the type of the object whose ACL is being modified.
    There is no default object type; therefore, this qualifier is
    required. The type must be one of the following keywords:

       CLASS
       ELEMENT
       GROUP
       LIBRARY
       COMMAND

 3.10 - /OCCLUDE[=option,...]

    Controls whether CMS selects the first instance of the specified
    object, or all instances of the specified object in the library
    search list. The options field contains one or more keywords
    associated with the name of the object. The options field can
    contain the following keywords:

       ALL--equivalent to (ELEMENT, GROUP, CLASS, OTHER)
       ELEMENT (D)
       NOELEMENT
       GROUP (D)
       NOGROUP
       CLASS (D)
       NOCLASS
       OTHER (D)
       NOOTHER
       NONE--equivalent to (NOELEMENT, NOGROUP, NOCLASS, NOOTHER)

    You can specify either ALL or NONE, or any combination of the
    [NO]ELEMENT, [NO]GROUP, [NO]CLASS, and [NO]OTHER keywords.

    By default, CMS performs occlusion for all objects; that is, CMS
    selects only the first occurrence of a specified object.

 3.11 - /REPLACE=(ace[,...])

    Deletes the access control entries (ACEs) specified with the /ACL
    qualifier and replaces them with those specified with /REPLACE.
    Any ACEs specified with the /ACL qualifier must exist and must be
    specified in the order in which they appear in the current ACL.

  4 - Examples

    (1) CMS> SET ACL/OBJECT=ELEMENT SAMPLE.PAS/ACL=(IDENTIFIER=WALLEN, -)
        _CMS> ACCESS=RESERVE+CONTROL "setting up acl on element"
        %CMS-S-MODACL, modified access control list for element
        DISKX:[PROJECT.CMSLIB]SAMPLE.PAS

      This command assigns an ACL on the element SAMPLE.PAS,
      specifying that the user holding the identifier WALLEN has
      reserve and control access on the element.

    (2) CMS> SET ACL/OBJECT=LIBRARY ELEMENT_LIST/ACL=((IDENTIFIER=WALLEN, -)
        _CMS> OPTIONS=DEFAULT,ACCESS=FETCH,(IDENTIFIER=WALLEN, -)
        _CMS> ACCESS=CREATE+CONTROL))
        _Remark: assign ACEs to newly created elements
        %CMS-S-MODACL, modified access control list for subtype
        DISKX:[PROJECT.CMSLIB]ELEMENT_LIST

      This example shows how to assign two separate ACEs on the
      element list. The first ACE specifies a default ACE to be
      inherited by newly created elements in the library. The second
      ACE allows the user holding the identifier WALLEN to create
      elements in the library.

    (3) CMS> SET ACL/OBJECT=ELEMENT/DEFAULT SAMPLE.PAS
        _Remark: inherit default ACEs from element list
        %CMS-S-MODACL, modified access control list for element
        DISKX:[PROJECT.CMSLIB]SAMPLE.PAS
        CMS> SHOW ACL/OBJECT=ELEMENT SAMPLE.PAS

        ACLs in CMS Library DISKX:[PROJECT.CMSLIB]

        SAMPLE.PAS
                 (IDENTIFIER=[PROJECT,WALLEN],ACCESS=FETCH)

      The SET ACL command causes the default ACE from the element
      list (see example 2) to be placed on the element SAMPLE.PAS.
      The SHOW ACL command displays the ACE on element SAMPLE.PAS
      (which is now assigned the default ACE from the element list in
      example 2).

    (4) CMS> SET ACL/OBJECT=CLASS BL1/ACL=(IDENTIFIER=[DEV,*]+LIBRARIAN, -)
        _CMS> ACCESS=INSERT+REMOVE
        _Remark: allow access to class for library employees
        %CMS-S-MODACL, modified access control list for class
        DISKX:[PROJECT.CMSLIB]BL1

      This command assigns an ACL allowing insert and remove access
      to class BL1 for users in group DEV holding the LIBRARIAN
      identifier.

    (5) CMS> SET ACL/OBJECT=CLASS/LIKE=BL1 BL2
        _Remark: put ACL from class BL1 on class BL2
        %CMS-S-MODACL, modified access control list for class
        DISKX:[PROJECT.CMSLIB]BL2
        CMS> SHOW ACL/OBJECT=CLASS

        ACLs in CMS Library DISKX:[PROJECT.CMSLIB]

        BL1
                 (IDENTIFIER=[DEV,*]+LIBRARIAN,ACCESS=INSERT+REMOVE)

        BL2
                 (IDENTIFIER=[DEV,*]+LIBRARIAN,ACCESS=INSERT+REMOVE)

      In this example, the /LIKE qualifier causes the ACL from the
      class BL1 (see example 4) to be placed on the class BL2. The
      SHOW ACL command displays the ACL on both classes BL1 and BL2.
  Close     HLB-list     TLB-list     Help  

[legal] [privacy] [GNU] [policy] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.