ACLEDT.HLB  —  SUBSYSTEM_ACE
    Grants additional identifiers to a process while it is running
    the image to which the Subsystem ACE applies. Users with execute
    access to the image can access objects that are in the protected
    subsystem, such as data files and printers, but only when they
    run the subsystem images. The Subsystem ACE applies to executable
    images only.

    An example of a Subsystem ACE is as follows:

    (SUBSYSTEM, IDENTIFIER=ACCOUNTING)

    Format

      (SUBSYSTEM,[OPTIONS=attribute[+attribute...],]IDENTIFIER=identifier

      [,ATTRIBUTES=attribute[+attribute...]] [,IDENTIFIER=identifier

      [,ATTRIBUTES=attribute[+attribute...]],...])

1  –  Parameters

 options

    Specify any of the following attributes:

    Protected    Protects the ACE against casual deletion. Protected
                 ACEs can be deleted only in the following ways:

                 o  By using the ACL editor

                 o  By specifying the ACE explicitly when deleting it

                    Use the command SET SECURITY/ACL=(ace)/DELETE to
                    specify and delete an ACE.

                 o  By deleting all ACEs, both protected and
                    unprotected

                    Use the command SET SECURITY/ACL/DELETE=ALL to
                    delete all ACEs.

                 The following commands do not delete protected ACEs:

                    SET SECURITY/ACL/DELETE
                    SET SECURITY/LIKE
                    SET SECURITY/DEFAULT

    Nopropagate  Indicates that the ACE cannot be copied by
                 operations that usually propagate ACEs. For example,
                 the ACE cannot be copied by the SET SECURITY/LIKE or
                 SET SECURITY/DEFAULT commands.
    None         Indicates that no attributes apply to an entry.
                 Although you can create an ACL entry with
                 OPTIONS=None, the attribute is not displayed.
                 Whenever you specify additional attributes with
                 the None attribute, the other attributes take
                 precedence. The None attribute is equivalent to
                 omitting the field.

 identifier

    A general identifier specifying the users or groups of users who
    are allowed or denied access to an object. It is an alphanumeric
    string of 1 through 31 characters, containing at least one
    alphabetic character. It can include the letters A to Z, dollar
    signs ($),  underscores (_), and the numbers 0 to 9. For more
    information, see the OpenVMS Guide to System Security.

    A Subsystem ACE can have multiple pairs of identifiers, with
    special attributes assigned to the identifiers. A subsystem might
    require several identifiers to work properly. For example:

 (SUBSYSTEM,IDENTIFIER=MAIL_SUBSYSTEM,ATTRIBUTE=NONE,IDENTIFIER=BLDG5,ATTRIBUTE=NONE)

 attribute

    The identifier characteristics you specify when you add
    identifiers to the rights list or grant identifiers to users.
    You can specify the following attribute:

    Resource       Allows holders of the identifier to charge disk
                   space to the identifier. Used only for file
                   objects.
Close Help