CDO$HELP.HLB  —  CDO Commands, CHANGE  PROTECTION
    Format

                              { DIRECTORY         }
                              { FIELD             }
      CHANGE PROTECTION  FOR  { RECORD            }  element-name ,...
                              {                   }
                              { GENERIC type-name }

                              [ POSITION n ]
                              [ id1+...    ] ACCESS  right+ ... .
                              [            ]

                              { REPOSITORY  anchor-name           }
      CHANGE PROTECTION  FOR  { GENERIC  MCS_CONTEXT context-name }
                              {                                   }

                              [ POSITION n ]
                              { ACCESS         }
                              { DEFAULT_ACCESS } right+ ... .
                              {                }

1  –  Parameters

1.1  –  type-name 

    Specifies the type of the generic element whose ACE you are
    modifying.

1.2  –  element-name 

    Specifies the element whose ACE you are modifying. You can use
    wildcard characters in this name.

1.3  –  n 

    Specifies the relative position (a positive integer) in the ACL
    of the ACE you are modifying. If you omit this parameter and also
    the id1 parameter, CDO changes the first ACE by default.

1.4  –  id 

    Specifies the identifier of the ACE you are modifying. If you
    omit this parameter and also the n parameter, CDO changes the
    first ACE by default.

1.5  –  right 

    Specifies the access rights you are granting to the users
    specified in the ACE.

1.6  –  anchor-name 

    Specifies the anchor directory for the repository whose ACE you
    are modifying.

1.7  –  context-name 

    Specifies the context for which you are modifying protections.

2  –  Description 

    The CHANGE PROTECTION command modifies access rights for an
    access control list entry (ACE) in an access control list (ACL)
    for an element. When you specify FOR GENERIC MCS_CONTEXT or FOR
    REPOSITORY, this command can also add an ACE to a default access
    control list.

    CHANGE PROTECTION affects a change in place. CDO changes the
    values you specify, and other values remain the same.

    You must have CONTROL access rights to change protection for an
    element or a repository.

    The POSITION clause identifies the ACE you are changing by
    its relative position within the ACL. For example, POSITION
    3 indicates the third ACE in the ACL. If you specify a number
    greater than the number of existing ACEs, CDO changes the last
    ACE in the ACL.

    The id parameter specifies the user or users affected by the
    ACE you are changing. The clause consists of one or more UIC,
    general, or system-specified identifiers.

    If you specify more than one identifier, a user's process must
    hold all the identifiers before CDO grants the access rights
    indicated in the ACE.

    The ACCESS clause specifies access rights provided by the ACE.
    See the DEFINE PROTECTION command for more information on access
    rights.

    The ACCESS clause is especially useful when you need to restrict
    access to a context or to a repository. For example, by modifying
    this clause you can restrict access to a single user for OpenVMS
    BACKUP or VERIFY operations.

    The DEFAULT_ACCESS clause is only valid for contexts (specified
    as GENERIC MCS_CONTEXT) or repositories. The clause specifies
    the default access rights for each new element you create.
    If a context is set, the new element receives default access
    rights defined for this context. If a context is not set, the
    new element receives the default access rights defined for the
    repository.

3  –  Examples 

    1.CDO>  CHANGE PROTECTION FOR RECORD
      cont> PAYROLL, PROMOTION [JONES]+INTERACTIVE
      cont>   ACCESS CONTROL+READ.

      In this example, the CHANGE PROTECTION command affects the
      access rights for the PAYROLL and PROMOTION record elements.
      CDO locates the ACE containing [JONES]+INTERACTIVE identifiers
      and adds additional CONTROL and READ access rights.

    2.CDO>  CHANGE PROTECTION FOR FIELD
      cont> EMP_DATE POSITION 3 ACCESS NOALL+READ.

      In this example, the CHANGE PROTECTION command affects the
      access rights for the EMP_DATE field element. CDO locates the
      third ACE in the field's ACL and removes all access rights
      except READ access.

    3.CDO> CHANGE PROTECTION FOR RECORD SALARY ACCESS NONE.

      In this example, the CHANGE PROTECTION command changes the
      first ACE in the ACL for the SALARY record element. After
      the command executes, the users whose identifiers match the
      identifiers in the first ACE will not have access to the SALARY
      record element.

    4.CDO>  CHANGE PROTECTION FOR REPOSITORY PERSONNEL
      cont>   POSITION 3 DEFAULT_ACCESS READ+NOWRITE+CONTROL.
      CDO>  DEFINE FIELD NEW_FIELD DATATYPE TEXT SIZE 5.

      In this example, the CHANGE PROTECTION command changes
      the default access rights for the PERSONNEL repository to
      READ+NOWRITE+CONTROL. If a context has not been set, CDO will
      then grant the newly created field, NEW_FIELD, with access
      rights that are equivalent to these repository default access
      rights.
Close Help