CDO$HELP.HLB  —  CDO Commands, DEFINE  PROTECTION  Description
    The DEFINE PROTECTION command adds an access control list
    entry (ACE) to the access control list (ACL) of an element or
    repository. When you specify FOR GENERIC MCS_CONTEXT or FOR
    REPOSITORY, this command can also add an ACE to a default access
    control list. To define protection, you need CONTROL access.

    The ACEs in an ACL determine which users can access the element
    or repository and what operations each user can perform. An ACE
    consists of the following two parts:

    o  One or more identifiers that specifies a user or set of users:
       UIC, general, and system-defined

    o  A set of access rights: READ, WRITE, EXECUTE, and DELETE

    The POSITION clause specifies the relative position CDO assigns
    your ACE in the ACL. ACEs are numbered in ascending order
    starting with number one. If you specify a number that is larger
    than the number of ACEs in the ACL, the ACE you are creating
    becomes the last entry in the ACL.

    The AFTER clause specifies the identifiers of an existing ACE
    that will immediately precede the ACE that you are defining.

    The IDENTIFIER clause specifies the identifiers of the user or
    users whose access to the element or repository you are defining
    in this ACE. If an ACE contains more than one identifier, a
    user's process must hold all the identifiers specified in the
    ACE to receive the access rights granted by the ACE.

    The ACCESS clause specifies the rights that the ACE provides.
    This clause is especially useful when you need to restrict access
    to a context or to a repository. For example, by modifying this
    clause, you can restrict access to a single user for OpenVMS
    BACKUP or VERIFY operations.

    The DEFAULT_ACCESS clause is only valid for contexts (specified
    as GENERIC MCS_CONTEXT) or repositories. The clause specifies
    the default access rights for each new element you create.
    If a context is set, the new element receives default access
    rights defined for this context. If a context is not set, the
    new element receives the default access rights defined for the
    repository.

    For complete information on defining protection, see Using Oracle
    CDD/Repository on OpenVMS Systems.
Close Help