DMU.HLB  —  SET  PROTECTION
  Use the SET PROTECTION command to add entries to the  access  control
  list  of  each  specified  dictionary  directory,  subdictionary,  or
  object.

  You can also use the SET PROTECTION/EDIT command to add, delete,  and
  modify access control list entries.

  Command Syntax:

  SET PROTECTION uic-  or  rights-specification  [qualifier]  path-name
  [,path-name]...

1  –  parameters

  uic-specification

  Identifies the user identification  criteria  of  the  user[s]  whose
  access  control  list  entry  you are modifying.  You must specify at
  least one of the following:

   o  /PASSWORD

   o  /TERMINAL

   o  /UIC

   o  /USERNAME

   o  /RIGHTS

  path-name

  Identifies the dictionary directory, subdictionary, or object  owning
  the  access  control  list  you  want  to change.  You cannot use any
  wildcards in the path name.  If you are using a terminal of the VT200
  family, you can use 8-bit characters in path names.

  Type "HELP specify path-name" for further information.

2  –  privileges

  You need PASS_THRU and CONTROL at the  target  dictionary  directory,
  subdictionary, or object to set protection.

3  –  qualifiers

3.1    /AUDIT

  Syntax:

      /AUDIT [= (quoted-string [, quoted-string]...)]
      /AUDIT=file-specification
      /NOAUDIT

  Use /AUDIT to create history list entries auditing  the  creation  of
  new access control list entries.

  You can include explanatory text in history list entries in two ways:

   o  By including quoted  strings.   Enclose  each  quoted  string  in
      double  quotation  marks,  and  enclose  the series of strings in
      parentheses.  The parentheses are optional if  you  specify  only
      one quoted string.

   o  By specifying a file whose contents are to  be  included  in  the
      history  list  entry.   The  file specification is a standard VMS
      file specification, and the default file type is .DAT.   You  can
      include  no  more  than 64 input strings in a history list entry.
      DMU ignores any excess.

  With /NOAUDIT, no history list entries are created.  The  default  is
  /NOAUDIT.

3.2    /BANISH

  Syntax:

      /[NO]BANISH = privileges

  /BANISH enumerates the privileges denied to the specified user(s)  at
  the  current  dictionary  directory  or  subdictionary and all of its
  descendants.   /NOBANISH  specifies  the  privileges  that  are   not
  banished.   The  specification  of a privilege in /NOBANISH overrides
  the specification of the same privilege in /BANISH.

  The most common use for the combination of the two qualifiers  is  in
  an example like "/BANISH=ALL/NOBANISH=(PASS,SEE)", where it is easier
  to enumerate the privileges that are not to be banished  than  to  do
  the opposite.

  Once banished, privileges cannot  be  granted  further  down  in  the
  hierarchy.

  Type "HELP specify privileges" for further information.

3.3    /DENY

  Syntax:

      /[NO]DENY = privileges

  /DENY enumerates the privileges denied to the  specified  user(s)  at
  the  current  dictionary  directory,  subdictionary,  or  object.  In
  addition, denied privileges extend to descendants, but  they  can  be
  granted  again  at  lower levels in the hierarchy.  /NODENY specifies
  the privileges that are not denied.  The specification of a privilege
  in  /NODENY  overrides  the  specification  of  the same privilege in
  /DENY.

  The most common use for the combination of the two qualifiers  is  in
  an  example like "/DENY=ALL/NODENY=(PASS,SEE)", where it is easier to
  enumerate the privileges that are not denied than to do the opposite.

  Type "HELP specify privileges" for further information.

3.4    /GRANT

  Syntax:

      /[NO]GRANT = privileges

  /GRANT enumerates the privileges granted to  the  specified  user(s).
  /NOGRANT   specifies  the  privileges  that  are  not  granted.   The
  specification of a privilege in /NOGRANT overrides the  specification
  of the same privilege in /GRANT.

  The most common use for the combination of the two qualifiers  is  in
  an example like "/GRANT=ALL/NOGRANT=(CONTROL,FORWARD,GLOBAL_DELETE)",
  where it is easier to enumerate the privileges that are  not  granted
  than to do the opposite.

  Type "HELP specify privileges" for further information.

3.5    /PASSWORD

  Syntax:

      /PASSWORD = quoted-string

  Use /PASSWORD to  include  a  password  in  the  user  identification
  criteria  of  an access control list entry.  The quoted string can be
  any string of printable characters other than open  parenthesis  [(],
  close  parenthesis  [)],  or  period  [.].   DMU translates lowercase
  characters to uppercase.  Enclose  the  string  in  double  quotation
  marks.

3.6    /POSITION

  Syntax:

      /POSITION = number

  Use /POSITION to specify the  relative  position  within  the  access
  control  list  where  you want to place the new entry.  If you do not
  specify the /POSITION qualifier, the default position is 1.

3.7    /RIGHTS

  Syntax:

      /RIGHTS = uic- or rights-specification

  Use /RIGHTS to  include  user  identification  codes  with  the  user
  identification  criteria  of  an  ACL  entry.  You can specify any of
  three alternative types of user identification code:  a numeric  UIC,
  an alphanumeric UIC, or a rights identifier.

  A numeric UIC consists of an octal group number and an  octal  member
  number  separated  by  a comma and enclosed by either square brackets
  ([]) or angle brackets (<>).

  You can use the wildcard * in place of the group number  to  identify
  all  group  numbers,  and  in  place  of  the  member number group to
  identify all member numbers.  A /UIC specification of  [*,*]  matches
  all user identification codes.

  An alphanumeric UIC consists of a single text string within brackets.

  A rights identifier consists of a single text string which the system
  manager has defined in the rights database to indicate all members of
  a particular group.

  /RIGHTS performs the same function as /UIC.

3.8    /TERMINAL

  Syntax:

      /TERMINAL = terminal-specification

  Use /TERMINAL to include information about  the  terminal(s)  in  the
  user identification criteria of an access control list entry.

  The terminal specification can be any of the following:

   o  TTcn or TXcn -- a specific terminal number.
      For example:  /TERMINAL = TTA7.

   o  LOCAL -- terminals hardwired to the system.
      For example:  /TERMINAL = LOCAL.

   o  NON_LOCAL  --  dial-up  and  remote  terminals,   and   terminals
      processing batch and network jobs.
      For example:  /TERMINAL = NON_LOCAL.

   o  BATCH -- terminals processing batch jobs.
      For example:  /TERMINAL = BATCH.

   o  NETWORK -- terminals processing network jobs.
      For example:  /TERMINAL = NETWORK.

3.9    /UIC

  Syntax:

      /UIC = uic- or rights-specification

  Use /RIGHTS to  include  user  identification  codes  with  the  user
  identification  criteria  of  an  ACL  entry.  You can specify any of
  three alternative types of user identification code:  a numeric  UIC,
  an alphanumeric UIC, or a rights identifier.

  A numeric UIC consists of an octal group number and an  octal  member
  number  separated  by  a comma and enclosed by either square brackets
  ([]) or angle brackets (<>).

  You can use the wildcard * in place of the group number  to  identify
  all  group  numbers,  and  in  place  of  the  member number group to
  identify all member numbers.  A /UIC specification of  [*,*]  matches
  all user identification codes.

  An alphanumeric UIC consists of a single text string within brackets.

  A rights identifier consists of a single text string which the system
  manager has defined in the rights database to indicate all members of
  a particular group.

  /RIGHTS performs the same function as /UIC.

3.10    /USERNAME

  Syntax:

      /USERNAME = string

  Use  /USERNAME  to  include  a  specific  username  with   the   user
  identification criteria of an access control list entry.

4    /EDIT

  Syntax:

      SET PROTECTION/EDIT [qualifier] path-name

  Use the SET PROTECTION/EDIT command to invoke the access control list
  keypad editor.

  Instead of using the SET PROTECTION command and  typing  the  command
  qualifiers  for  each  access  control  list  entry, you can edit the
  access control list  with  the  SET  PROTECTION/EDIT  command.   This
  allows  you  to see and test changes before you commit access control
  list modifications.

  The editor  displays  the  access  control  list  for  the  specified
  dictionary  directory, subdictionary, or object.  You use the numeric
  keypad to move the cursor and to modify access control list  entries.
  You  may use the PF2 key (next to the GOLD key on the numeric keypad)
  to display HELP text once you're in the screen editor mode.

  NOTE:  You may use this  command  only  on  VT52,  VT100,  and  VT200
  compatible terminals.  You cannot use it on hardcopy terminals.

  /AUDIT is the only qualifier you can specify in the command  line  of
  SET PROTECTION/EDIT.
Close Help