CDO$HELP.HLB  —  CDO Commands, DEFINE  PROTECTION  Protecting the Repository Anchor
    Oracle CDD/Repository places a security ACL on repository anchors
    when a new repository is created, when a repository is moved,
    or when the location of the repository is changed with the CDO
    command VERIFY/LOCATION/FIX.

    The ACL is as follows:

    (IDENTIFIER=CDD$SYSTEM,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
    (IDENTIFIER=[*,*],ACCESS=READ+EXECUTE)
    (IDENTIFIER=CDD$SYSTEM,OPTIONS=DEFAULT+NOPROPAGATE,ACCESS=READ
       +WRITE+EXECUTE+DELETE+CONTROL)
    (IDENTIFIER=[*,*],OPTIONS=DEFAULT+NOPROPAGATE,ACCESS=NONE)

    To add these ACLs to existing repository anchors on your system,
    you can use either one of the following methods:

    o  OpenVMS SET ACL/ACL command

    o  ACL Editor

    In addition to this default protection, you should add UIC-based
    protection with either of the following commands:

    o  OpenVMS SET PROTECTION command

    o  OpenVMS CREATE/DIRECTORY/PROTECTION command

    For more information about setting OpenVMS protection on a
    repository's OpenVMS anchor directory, see the OpenVMS Examples
    at the end of this section.

1  –  Examples 

    Example 1:

    $ SET ACL/ACL=(IDENTIFIER=CDD$SYSTEM, -
    _$ ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL) [SMITH]DIC.DIR(1)

    $ SET ACL/ACL=(IDENTIFIER=[*,*],ACCESS=READ) [SMITH]DIC.DIR(1)

    Protect your repository anchor directory with an ACL containing
    the ACEs shown in the previous example. With these ACEs, only
    repository files can be created in a repository anchor directory.

    In this example, the SET ACL/ACL command, creates an ACL for the
    OpenVMS anchor directory of the [SMITH.DIC] repository:

    Example 2:

    $ SET ACL/EDIT [SMITH]DIC.DIR(1)
    $ EDIT/ACL [SMITH]DIC.DIR(1)

    You might find it easier to use the ACL Editor to create an
    ACL for an OpenVMS anchor directory by using either one of the
    following DCL commands:

    Example 3:

    $ SHOW ACL [SMITH]DIC.DIR(1)
    element type: file, element name: CDD$DISK:[SMITH]DIC.DIR(1),
           on 27-FEB-1989 09:54:40.62
           (IDENTIFIER=CDD$SYSTEM,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
           (IDENTIFIER=[*,*],ACCESS=READ)

    To display the ACL you just created, use the DCL SHOW ACL
    command:

    Example 4:

    $ SET PROTECTION=(S:RWED,,,) [SMITH]DIC.DIR(1)

    You should also add UIC-based protection to your repository's
    OpenVMS anchor directory. In this example, the DCL SET PROTECTION
    command creates UIC-based protection for the OpenVMS anchor
    directory [SMITH.DIC].
Close Help