VMS Help SET, SECURITY, Examples *Conan The Librarian (sorry for the slow response - running on an old VAX) |
1.$ SHOW SECURITY LNM$GROUP /CLASS=LOGICAL_NAME_TABLE LNM$GROUP object of class LOGICAL_NAME_TABLE Owner: [SYSTEM] Protection: (System: RWCD, Owner: R, Group: R, World: R) Access Control List: (IDENTIFIER=[USER,VARANESE],ACCESS=CONTROL) $ SET SECURITY LNM$GROUP /CLASS=LOGICAL_NAME_TABLE - _$ /ACL=((IDENTIFIER=CHEKOV,ACCESS=CONTROL), - _$ (IDENTIFIER=WU,ACCESS=READ+WRITE)) - _$ /DELETE=ALL - _$ /PROTECTION=(S:RWCD, O:RWCD, G:R, W:R) $ SHOW SECURITY LNM$GROUP /CLASS=LOGICAL_NAME_TABLE LNM$GROUP object of class LOGICAL_NAME_TABLE Owner: [SYSTEM] Protection: (System: RWCD, Owner: RWCD, Group: R, World: R) Access Control List: (IDENTIFIER=[USER,CHEKOV],ACCESS=CONTROL) (IDENTIFIER=[USER,WU],ACCESS=READ+WRITE) This example shows how to make a straightforward change to the security elements of an object. The first SHOW SECURITY command displays the current settings of the LNM$GROUP logical name table. The SET SECURITY command resets the ACL to allow control access for user Chekov, and to allow read and write access for user Wu. Note that without the /DELETE=ALL qualifier, these ACEs would have been added to the existing ACL rather than superseding it. The protection is also changed to allow read, write, create, and delete access for the owner. The last command displays the results of the changes. 2.$ SHOW SECURITY LNM$GROUP /CLASS=LOGICAL_NAME_TABLE LNM$GROUP object of class LOGICAL_NAME_TABLE Owner: [SYSTEM] Protection: (System: RWCD, Owner: R, Group: R, World: R) Access Control List: (IDENTIFIER=[USER,FERNANDEZ],ACCESS=CONTROL) $ SHOW SECURITY LNM$JOB /CLASS=LOGICAL_NAME_TABLE LNM$JOB object of class LOGICAL_NAME_TABLE Owner: [USER,WEISS] Protection: (System: RWCD, Owner: RWCD, Group, World) Access Control List: <empty> $ SET SECURITY LNM$JOB /CLASS=LOGICAL_NAME_TABLE - _$ /LIKE=(NAME=LNM$GROUP, CLASS=LOGICAL_NAME_TABLE) - _$ /COPY_ATTRIBUTES=PROTECTION $ SET SECURITY LNM$JOB /CLASS=LOGICAL_NAME_TABLE - _$ /ACL=(IDENTIFIER=FERNANDEZ, ACCESS=READ) $ SHOW SECURITY LNM$JOB /CLASS=LOGICAL_NAME_TABLE LNM$JOB object of class LOGICAL_NAME_TABLE Owner: [USER,WEISS] Protection: (System: RWCD, Owner: R, Group: R, World: R) Access Control List: (IDENTIFIER=[USER,FERNANDEZ],ACCESS=READ) This example shows how to copy security access information from one object to another and, at the same time, set some elements explicitly. The first SHOW SECURITY commands display the current settings for the LNM$GROUP and LNM$JOB logical name tables. The SET SECURITY command copies the protection code from the LNM$GROUP logical name table to the LNM$JOB logical name table and adds an ACE to allow read access to another user. The final SHOW SECURITY command shows the effect of the changes. 3.$ SHOW SECURITY SECURITY_CLASS /CLASS=SECURITY_CLASS SECURITY_CLASS object of class SECURITY_CLASS Owner: [SYSTEM] Protection: (System: RWED, Owner: RWED, Group: R, World: R) Access Control List: <empty> Template: DEFAULT Owner: [SYSTEM] Protection: (System: RWED, Owner: RWED, Group, World: RE) Access Control List: <empty> $ SET SECURITY SECURITY_CLASS /CLASS=SECURITY_CLASS - _$ /PROFILE=TEMPLATE=DEFAULT - _$ /PROTECTION=(S:RWE, O:RWE, G:RE) $ SHOW SECURITY SECURITY_CLASS /CLASS=SECURITY_CLASS SECURITY_CLASS object of class SECURITY_CLASS Owner: [SYSTEM] Protection: (System: RWED, Owner: RWED, Group: R, World: R) Access Control List: <empty> Template: DEFAULT Owner: [SYSTEM] Protection: (System: RWE, Owner: RWE, Group: RE, World: RE) Access Control List: <empty> This example demonstrates how to change the security elements for the template of a security class object. The first command shows the current settings for the SECURITY_CLASS object. The second command changes the DEFAULT template of the SECURITY_ CLASS object such that the protection is (S:RWE, O:RWE, G:RE). The change is shown in the display of the last command. The world protection of RE remains unchanged. 4.$ DIRECTORY/SECURITY Directory DKA200:[DATA] FILE001.DAT;1 [SYSTEM] (RWED,RWED,RE,) Total of 1 file. $ SET SECURITY/CLASS=FILE/PROTECTION=(WORLD:RE)/LOG FILE001.DAT %SET-I-MODIFIED, DKA200:[DATA]FILE001.DAT;1 modified $ DIRECTORY/SECURITY Directory DKA200:[DATA] FILE001.DAT;1 [SYSTEM] (RWED,RWED,RE,RE) Total of 1 file. $ This example shows how to set UIC-based protection codes on an object. The first DIRECTORY command displays the current security settings on the file FILE001.DAT. The SET SECURITY command changes the protection codes on the file to allow read and execute access for all users. The last command displays the results of the change.
|