VMS Help Hints, Security, Protection Codes *Conan The Librarian (sorry for the slow response - running on an old VAX) |
A protection code controls the type of access allowed (or denied) to a particular user or group of users. It has the following format: [category:list of access allowed(,category:list of access allowed,...)] o Category User categories include system (S), owner (O), group (G), and world (W). Each category can be abbreviated to its first character. Categories have the following definition: System Any user process or application whose UIC is in the range 1 through 10 (octal), has SYSPRV privilege, or is in the same group as the owner and holds GRPPRV. Owner Any user process or application whose UIC is identical to the UIC of the object. Group Any user process or application whose Group UIC is identical to the group UIC of the object. World Any user process or application on the system. When specifying more than one user category, separate the categories with commas, and enclose the entire code in parentheses. You can specify user categories and access types in any order. A null access specification means no access, so when you omit an access type for a user category, that category of user is denied that type of access. To deny all access to a user category, specify the user category without any access types. Omit the colon after the user category when you are denying access to a category of users. o access-list For files, the access types include read (R), write (W), execute (E), or delete (D). The access type is assigned to each ownership category and is separated from its access types with a colon (:); for example, SET SECURITY /PROTECTION=(S:RWE,O:RWE,G:RE,W). File access types have the following meanings: Read Gives you the right to read, print, or copy a disk file. With directory files, the right to read or list a file and use a file name with wildcard characters to look up files. Read access implies execute access. Write Gives you the right to write to or change the contents of a file, but not delete it. Write access allows modification of the file characteristics that describe the contents of the file. With directory files, the right to make or delete an entry in the catalog of files. Execute Gives you the right to execute a file that contains an executable program image or DCL command procedure. With a directory file, the right to look up files whose names you know. Delete Gives you the right to delete the file. To delete a file, you must have delete access to the file and write access to the directory that contains the file. Control Gives you the right to file characteristics, including the protection code and ACL. Special restrictions apply to changing the owner of a file.
|