Manipulates the access control list (ACL) on various objects in
the CMS library.
Format:
SET ACL object-expression /OBJECT_TYPE=type "remark"
1 – Command Parameters
object-expression
Specifies one or more objects whose ACL is to be modified.
Wildcards and a comma list are allowed.
The object name depends on the object type (see the /OBJECT_TYPE
qualifier). For example, if the object type is CLASS, the object
name is the name of a class in the CMS library. The same principle
applies to elements and groups. If the object type is LIBRARY, the
object expression must be a list of one or more of the following
keywords:
ELEMENT_LIST
CLASS_LIST
GROUP_LIST
HISTORY
LIBRARY_ATTRIBUTES
These keywords are referred to as object subtypes. You can
abbreviate object subtypes. Wildcards are not allowed.
The object name can also be the name of a CMS command. If /OBJECT_
TYPE is specified as COMMAND, SET ACL modifies the ACL on the
given command. Commands that contain two words must be specified
with an underscore, for example, INSERT_ELEMENT.
remark
Specifies a character string to be logged in the history file
with this command, usually used to explain why the command was
entered. The remark is enclosed in quotation marks. If no remark
was entered, a null remark ("") is logged.
2 – Description
The SET ACL command is used to manipulate ACLs on various objects
in the CMS library. ACLs can be put on elements, groups, and
classes, as well as on the lists containing these entities. (An
ACL on a list can be thought of as a directory ACL.) An ACL can be
put on the entire library, and on the library history. ACLs can
also be used to control access to individual CMS commands.
3 – Qualifiers
3.1 /ACL[=(ace[,...])]
Specifies one or more access control entries (ACEs) to be
modified. When no ACE is specified, the entire access control
list (ACL) is affected. Separate multiple ACEs with commas and
enclose the list in parentheses. The specified ACEs are inserted
at the beginning of the ACL unless the /AFTER qualifier is used.
3.2 /AFTER=ace
Indicates that all access control entries (ACEs) specified with
the /ACL qualifier are added after the ACE specified with the
/AFTER qualifier. By default, any ACEs added to the access control
list (ACL) are always placed at the top of the list.
3.3 /CONFIRM
Controls whether CMS prompts you for confirmation before each
transaction.
When you specify /CONFIRM and run CMS in interactive mode, CMS
prompts you for confirmation. If you type YES, ALL, TRUE, or 1,
CMS executes the transaction. If you type NO, QUIT, FALSE, 0,
or press RETURN or CTRL/Z, no action is performed. If you type
any other character, CMS continues to prompt until you type an
acceptable response.
CMS does not prompt for confirmation in batch mode.
3.4 /DEFAULT
Creates an ACL for one or more specified objects as if the object
were newly created. The /DEFAULT qualifier propagates the DEFAULT
option ACEs in the ACL of the entity list to the ACL of the
specified object. This qualifier can be used only with an object
that is a library entity, that is, either an element, class, or
group.
3.5 /DELETE
Indicates that the access control entries (ACEs) specified with
the /ACL qualifier are to be deleted. If no ACEs are specified
with the /ACL qualifier, the entire ACL is deleted. If the /ACL
qualifier specifies an ACE that does not exist in the ACL of the
specified object, you are notified that the ACE does not exist,
and the delete operation continues on to the next ACE on the ACL,
if any exists.
3.6 /LIKE=object-specification
Indicates that the ACL of the specified object is to replace the
ACL of the object or objects specified with SET ACL. Any existing
ACEs are deleted before the ACL specified by /LIKE is copied.
The type of the source and destination objects must be the same.
No wildcard characters are allowed in the /LIKE parameter.
3.7 /LOG (D)
Controls whether CMS displays success and informational messages
on the default output device. By default, if the command executes
successfully, CMS displays a success message. If you specify
/NOLOG, success and informational messages are suppressed. Any
warning, error, or fatal error messages are displayed regardless
of whether /LOG or /NOLOG is specified.
3.8 /NEW
Indicates that any existing ACEs in the ACL of the object
specified with SET ACL are to be deleted. To use the /NEW
qualifier, you must specify a new ACL or ACE with the /ACL
qualifier.
3.9 /OBJECT_TYPE=type
Specifies the type of the object whose ACL is being modified.
There is no default object type; therefore, this qualifier is
required. The type must be one of the following keywords:
CLASS
ELEMENT
GROUP
LIBRARY
COMMAND
3.10 /OCCLUDE[=option,...]
Controls whether CMS selects the first instance of the specified
object, or all instances of the specified object in the library
search list. The options field contains one or more keywords
associated with the name of the object. The options field can
contain the following keywords:
ALL--equivalent to (ELEMENT, GROUP, CLASS, OTHER)
ELEMENT (D)
NOELEMENT
GROUP (D)
NOGROUP
CLASS (D)
NOCLASS
OTHER (D)
NOOTHER
NONE--equivalent to (NOELEMENT, NOGROUP, NOCLASS, NOOTHER)
You can specify either ALL or NONE, or any combination of the
[NO]ELEMENT, [NO]GROUP, [NO]CLASS, and [NO]OTHER keywords.
By default, CMS performs occlusion for all objects; that is, CMS
selects only the first occurrence of a specified object.
3.11 /REPLACE=(ace[,...])
Deletes the access control entries (ACEs) specified with the /ACL
qualifier and replaces them with those specified with /REPLACE.
Any ACEs specified with the /ACL qualifier must exist and must be
specified in the order in which they appear in the current ACL.
4 – Examples
(1) CMS> SET ACL/OBJECT=ELEMENT SAMPLE.PAS/ACL=(IDENTIFIER=WALLEN, -)
_CMS> ACCESS=RESERVE+CONTROL "setting up acl on element"
%CMS-S-MODACL, modified access control list for element
DISKX:[PROJECT.CMSLIB]SAMPLE.PAS
This command assigns an ACL on the element SAMPLE.PAS,
specifying that the user holding the identifier WALLEN has
reserve and control access on the element.
(2) CMS> SET ACL/OBJECT=LIBRARY ELEMENT_LIST/ACL=((IDENTIFIER=WALLEN, -)
_CMS> OPTIONS=DEFAULT,ACCESS=FETCH,(IDENTIFIER=WALLEN, -)
_CMS> ACCESS=CREATE+CONTROL))
_Remark: assign ACEs to newly created elements
%CMS-S-MODACL, modified access control list for subtype
DISKX:[PROJECT.CMSLIB]ELEMENT_LIST
This example shows how to assign two separate ACEs on the
element list. The first ACE specifies a default ACE to be
inherited by newly created elements in the library. The second
ACE allows the user holding the identifier WALLEN to create
elements in the library.
(3) CMS> SET ACL/OBJECT=ELEMENT/DEFAULT SAMPLE.PAS
_Remark: inherit default ACEs from element list
%CMS-S-MODACL, modified access control list for element
DISKX:[PROJECT.CMSLIB]SAMPLE.PAS
CMS> SHOW ACL/OBJECT=ELEMENT SAMPLE.PAS
ACLs in CMS Library DISKX:[PROJECT.CMSLIB]
SAMPLE.PAS
(IDENTIFIER=[PROJECT,WALLEN],ACCESS=FETCH)
The SET ACL command causes the default ACE from the element
list (see example 2) to be placed on the element SAMPLE.PAS.
The SHOW ACL command displays the ACE on element SAMPLE.PAS
(which is now assigned the default ACE from the element list in
example 2).
(4) CMS> SET ACL/OBJECT=CLASS BL1/ACL=(IDENTIFIER=[DEV,*]+LIBRARIAN, -)
_CMS> ACCESS=INSERT+REMOVE
_Remark: allow access to class for library employees
%CMS-S-MODACL, modified access control list for class
DISKX:[PROJECT.CMSLIB]BL1
This command assigns an ACL allowing insert and remove access
to class BL1 for users in group DEV holding the LIBRARIAN
identifier.
(5) CMS> SET ACL/OBJECT=CLASS/LIKE=BL1 BL2
_Remark: put ACL from class BL1 on class BL2
%CMS-S-MODACL, modified access control list for class
DISKX:[PROJECT.CMSLIB]BL2
CMS> SHOW ACL/OBJECT=CLASS
ACLs in CMS Library DISKX:[PROJECT.CMSLIB]
BL1
(IDENTIFIER=[DEV,*]+LIBRARIAN,ACCESS=INSERT+REMOVE)
BL2
(IDENTIFIER=[DEV,*]+LIBRARIAN,ACCESS=INSERT+REMOVE)
In this example, the /LIKE qualifier causes the ACL from the
class BL1 (see example 4) to be placed on the class BL2. The
SHOW ACL command displays the ACL on both classes BL1 and BL2.