Grants additional identifiers to a process while it is running the image to which the Subsystem ACE applies. Users with execute access to the image can access objects that are in the protected subsystem, such as data files and printers, but only when they run the subsystem images. The Subsystem ACE applies to executable images only. An example of a Subsystem ACE is as follows: (SUBSYSTEM, IDENTIFIER=ACCOUNTING) Format (SUBSYSTEM,[OPTIONS=attribute[+attribute...],]IDENTIFIER=identifier [,ATTRIBUTES=attribute[+attribute...]] [,IDENTIFIER=identifier [,ATTRIBUTES=attribute[+attribute...]],...])
1 – Parameters
options Specify any of the following attributes: Protected Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways: o By using the ACL editor o By specifying the ACE explicitly when deleting it Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE. o By deleting all ACEs, both protected and unprotected Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs. The following commands do not delete protected ACEs: SET SECURITY/ACL/DELETE SET SECURITY/LIKE SET SECURITY/DEFAULT Nopropagate Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands. None Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field. identifier A general identifier specifying the users or groups of users who are allowed or denied access to an object. It is an alphanumeric string of 1 through 31 characters, containing at least one alphabetic character. It can include the letters A to Z, dollar signs ($), underscores (_), and the numbers 0 to 9. For more information, see the OpenVMS Guide to System Security. A Subsystem ACE can have multiple pairs of identifiers, with special attributes assigned to the identifiers. A subsystem might require several identifiers to work properly. For example: (SUBSYSTEM,IDENTIFIER=MAIL_SUBSYSTEM,ATTRIBUTE=NONE,IDENTIFIER=BLDG5,ATTRIBUTE=NONE) attribute The identifier characteristics you specify when you add identifiers to the rights list or grant identifiers to users. You can specify the following attribute: Resource Allows holders of the identifier to charge disk space to the identifier. Used only for file objects.