ACLEDT.HLB  —  IDENTIFIER_ACE
    Controls the type of access allowed to a particular user or group
    of users. An example of an Identifier ACE is as follows:

    (IDENTIFIER=SALES,ACCESS=READ+WRITE)

    A system manager can use the Authorize utility (AUTHORIZE) to
    grant the SALES identifier to a specific group of users. Read and
    write access to the file INVENTORY.DAT is then granted to users
    who hold the SALES identifier.

    For more information, see the OpenVMS Guide to System Security.

    Format

      (IDENTIFIER=identifier[+identifier...]

      [,OPTIONS=attributes[+attributes...]]

      ,ACCESS=access-type[+access-type...])

1  –  Parameters

 identifier

    Specifies a user or groups of users whose access to an object
    is defined in the ACE. A system manager creates or removes
    identifiers and assigns users to hold these identifiers.

    Types of identifiers are as follows:

    UIC           Identifiers in alphanumeric format that are based
                  on the user identification codes (UICs) and that
                  uniquely identify each user on the system. Users
                  with accounts on the system automatically receive
                  a UIC identifier, for example, [GROUP1,JONES] or
                  [JONES]. Thus, each UIC identifier specifies a
                  particular user.
    General       Identifiers defined by the security administrator
                  in the rights list to identify groups of users on
                  the system. A general identifier is an alphanumeric
                  string of 1 to 31 characters, containing at least
                  one alphabetic character. It can include the
                  letters A to Z, dollar signs ($),  underscores (_),
                  and the numbers 0 to 9, for example, 92SALES$,
                  ACCOUNT_3, or PUBLISHING.
    Environmental Identifiers describing different types of users
                  based on their initial entry into the system.
                  Environmental identifiers are also called system-
                  defined identifiers. Environmental identifiers
                  correspond directly to the login classes described
                  in the OpenVMS Guide to System Security. They
                  include batch, network, interactive, local, dialup,
                  and remote.

    For more information, see the OpenVMS Guide to System Security.

 options

    Specify any of the following attributes:

    Default      Indicates that an ACE is to be included in the
                 ACL of any files created within a directory. When
                 the entry is propagated, the Default attribute
                 is removed from the ACE of the created file. This
                 attribute is valid for directory files only.

                 Note that an Identifier ACE with the Default
                 attribute has no effect on access.
    Hidden       Indicates that this ACE should be changed only by
                 the application that adds it. Although the Hidden
                 attribute is valid for any ACE type, its intended
                 use is to hide Application ACEs. To delete or modify
                 a hidden ACE, you must use the SET SECURITY command.

                 Users need the SECURITY privilege to display a
                 hidden ACE with the DCL commands SHOW SECURITY
                 or DIRECTORY/SECURITY. SECURITY privilege is also
                 required to modify or delete a hidden ACE with the
                 DCL command SET SECURITY. The ACL editor displays
                 the ACE only to show its relative position within
                 the ACL, not to facilitate editing of the ACE. To
                 create a hidden ACE, an application can invoke the
                 $SET_SECURITY system service.
    Protected    Protects the ACE against casual deletion. Protected
                 ACEs can be deleted only in the following ways:

                 o  By using the ACL editor

                 o  By specifying the ACE explicitly when deleting it

                    Use the command SET SECURITY/ACL=(ace)/DELETE to
                    specify and delete an ACE.

                 o  By deleting all ACEs, both protected and
                    unprotected

                    Use the command SET SECURITY/ACL/DELETE=ALL to
                    delete all ACEs.

                 The following commands do not delete protected ACEs:

                    SET SECURITY/ACL/DELETE
                    SET SECURITY/LIKE
                    SET SECURITY/DEFAULT

    Nopropagate  Indicates that the ACE cannot be copied by
                 operations that usually propagate ACEs. For example,
                 the ACE cannot be copied by the SET SECURITY/LIKE or
                 SET SECURITY/DEFAULT commands.
    None         Indicates that no attributes apply to an entry.
                 Although you can create an ACL entry with
                 OPTIONS=None, the attribute is not displayed.
                 Whenever you specify additional attributes with
                 the None attribute, the other attributes take
                 precedence. The None attribute is equivalent to
                 omitting the field.

 access

    Specify access types that are valid for the object class. See the
    OpenVMS Guide to System Security for a listing of valid access
    types.
Close Help