Use the SET PROTECTION command to add entries to the access control list of each specified dictionary directory, subdictionary, or object. You can also use the SET PROTECTION/EDIT command to add, delete, and modify access control list entries. Command Syntax: SET PROTECTION uic- or rights-specification [qualifier] path-name [,path-name]...
1 – parameters
uic-specification Identifies the user identification criteria of the user[s] whose access control list entry you are modifying. You must specify at least one of the following: o /PASSWORD o /TERMINAL o /UIC o /USERNAME o /RIGHTS path-name Identifies the dictionary directory, subdictionary, or object owning the access control list you want to change. You cannot use any wildcards in the path name. If you are using a terminal of the VT200 family, you can use 8-bit characters in path names. Type "HELP specify path-name" for further information.
2 – privileges
You need PASS_THRU and CONTROL at the target dictionary directory, subdictionary, or object to set protection.
3 – qualifiers
3.1 /AUDIT
Syntax: /AUDIT [= (quoted-string [, quoted-string]...)] /AUDIT=file-specification /NOAUDIT Use /AUDIT to create history list entries auditing the creation of new access control list entries. You can include explanatory text in history list entries in two ways: o By including quoted strings. Enclose each quoted string in double quotation marks, and enclose the series of strings in parentheses. The parentheses are optional if you specify only one quoted string. o By specifying a file whose contents are to be included in the history list entry. The file specification is a standard VMS file specification, and the default file type is .DAT. You can include no more than 64 input strings in a history list entry. DMU ignores any excess. With /NOAUDIT, no history list entries are created. The default is /NOAUDIT.
3.2 /BANISH
Syntax: /[NO]BANISH = privileges /BANISH enumerates the privileges denied to the specified user(s) at the current dictionary directory or subdictionary and all of its descendants. /NOBANISH specifies the privileges that are not banished. The specification of a privilege in /NOBANISH overrides the specification of the same privilege in /BANISH. The most common use for the combination of the two qualifiers is in an example like "/BANISH=ALL/NOBANISH=(PASS,SEE)", where it is easier to enumerate the privileges that are not to be banished than to do the opposite. Once banished, privileges cannot be granted further down in the hierarchy. Type "HELP specify privileges" for further information.
3.3 /DENY
Syntax: /[NO]DENY = privileges /DENY enumerates the privileges denied to the specified user(s) at the current dictionary directory, subdictionary, or object. In addition, denied privileges extend to descendants, but they can be granted again at lower levels in the hierarchy. /NODENY specifies the privileges that are not denied. The specification of a privilege in /NODENY overrides the specification of the same privilege in /DENY. The most common use for the combination of the two qualifiers is in an example like "/DENY=ALL/NODENY=(PASS,SEE)", where it is easier to enumerate the privileges that are not denied than to do the opposite. Type "HELP specify privileges" for further information.
3.4 /GRANT
Syntax: /[NO]GRANT = privileges /GRANT enumerates the privileges granted to the specified user(s). /NOGRANT specifies the privileges that are not granted. The specification of a privilege in /NOGRANT overrides the specification of the same privilege in /GRANT. The most common use for the combination of the two qualifiers is in an example like "/GRANT=ALL/NOGRANT=(CONTROL,FORWARD,GLOBAL_DELETE)", where it is easier to enumerate the privileges that are not granted than to do the opposite. Type "HELP specify privileges" for further information.
3.5 /PASSWORD
Syntax: /PASSWORD = quoted-string Use /PASSWORD to include a password in the user identification criteria of an access control list entry. The quoted string can be any string of printable characters other than open parenthesis [(], close parenthesis [)], or period [.]. DMU translates lowercase characters to uppercase. Enclose the string in double quotation marks.
3.6 /POSITION
Syntax: /POSITION = number Use /POSITION to specify the relative position within the access control list where you want to place the new entry. If you do not specify the /POSITION qualifier, the default position is 1.
3.7 /RIGHTS
Syntax: /RIGHTS = uic- or rights-specification Use /RIGHTS to include user identification codes with the user identification criteria of an ACL entry. You can specify any of three alternative types of user identification code: a numeric UIC, an alphanumeric UIC, or a rights identifier. A numeric UIC consists of an octal group number and an octal member number separated by a comma and enclosed by either square brackets ([]) or angle brackets (<>). You can use the wildcard * in place of the group number to identify all group numbers, and in place of the member number group to identify all member numbers. A /UIC specification of [*,*] matches all user identification codes. An alphanumeric UIC consists of a single text string within brackets. A rights identifier consists of a single text string which the system manager has defined in the rights database to indicate all members of a particular group. /RIGHTS performs the same function as /UIC.
3.8 /TERMINAL
Syntax: /TERMINAL = terminal-specification Use /TERMINAL to include information about the terminal(s) in the user identification criteria of an access control list entry. The terminal specification can be any of the following: o TTcn or TXcn -- a specific terminal number. For example: /TERMINAL = TTA7. o LOCAL -- terminals hardwired to the system. For example: /TERMINAL = LOCAL. o NON_LOCAL -- dial-up and remote terminals, and terminals processing batch and network jobs. For example: /TERMINAL = NON_LOCAL. o BATCH -- terminals processing batch jobs. For example: /TERMINAL = BATCH. o NETWORK -- terminals processing network jobs. For example: /TERMINAL = NETWORK.
3.9 /UIC
Syntax: /UIC = uic- or rights-specification Use /RIGHTS to include user identification codes with the user identification criteria of an ACL entry. You can specify any of three alternative types of user identification code: a numeric UIC, an alphanumeric UIC, or a rights identifier. A numeric UIC consists of an octal group number and an octal member number separated by a comma and enclosed by either square brackets ([]) or angle brackets (<>). You can use the wildcard * in place of the group number to identify all group numbers, and in place of the member number group to identify all member numbers. A /UIC specification of [*,*] matches all user identification codes. An alphanumeric UIC consists of a single text string within brackets. A rights identifier consists of a single text string which the system manager has defined in the rights database to indicate all members of a particular group. /RIGHTS performs the same function as /UIC.
3.10 /USERNAME
Syntax: /USERNAME = string Use /USERNAME to include a specific username with the user identification criteria of an access control list entry.
4 /EDIT
Syntax: SET PROTECTION/EDIT [qualifier] path-name Use the SET PROTECTION/EDIT command to invoke the access control list keypad editor. Instead of using the SET PROTECTION command and typing the command qualifiers for each access control list entry, you can edit the access control list with the SET PROTECTION/EDIT command. This allows you to see and test changes before you commit access control list modifications. The editor displays the access control list for the specified dictionary directory, subdictionary, or object. You use the numeric keypad to move the cursor and to modify access control list entries. You may use the PF2 key (next to the GOLD key on the numeric keypad) to display HELP text once you're in the screen editor mode. NOTE: You may use this command only on VT52, VT100, and VT200 compatible terminals. You cannot use it on hardcopy terminals. /AUDIT is the only qualifier you can specify in the command line of SET PROTECTION/EDIT.