The user identification criteria form the first part of an ACL
entry. The user identification criteria determine the user or
class of users to whom the entry applies. The dictionary compares
the user identification criteria with the characteristics of the
user's process and with any passwords appended to the given name
of the object or directory.
An ACL on a directory or object in the DMU format dictionary
can identify you by your username, your UIC (User Identification
Code), a password, your terminal number or job class.
An ACL on a CDO format dictionary or object can identify you by
your username, your UIC (User Identification Code), or your job
class.
In an ACL entry, you can specify one option from each available
category. You can include one username, one UIC, one password
(DMU only), and one terminal number (DMU only) or job class. You
must include at least one user identification criterion per ACL
entry.
1 – Password
You can also specify a password as an identification criterion
in an ACL entry on a directory or object in the DMU format
dictionary. If an ACL entry for a directory or object in the
dictionary defines a password, the password can be specified
as part of the given name of the directory or object. Using
a password identifies the user or group of users who know the
password.
1.1 – Examples
When you need the access privileges to a directory or object
granted by an ACL entry containing a password, you can specify
the password in two ways:
o You can enter the password, enclosed in parentheses, after the
given name of the directory or object:
- With only the given name:
YACHTS;1(SAILOR)
- In a full dictionary path name:
CDD$TOP.INVENTORY(SECRET).YACHTS;1(SAILOR)
o You can also enter an asterisk in parentheses after the given
name of the directory or object. This asterisk in place of the
password causes DEC DATATRIEVE to prompt you for the password.
When you respond, DEC DATATRIEVE does not echo the characters
on your terminal. This prompting protects your password and,
as a result, your data and data definitions:
- In place of the password in parentheses, enter (_*):
DTR> SHOWP YACHTS (_*)
- DEC DATATRIEVE responds with a prompt for the password:
Enter password for YACHTS:
2 – Terminal
You can also identify users by their terminal line numbers
(DMU format dictionary only) or their job class (either format
dictionary):
o In an ACL entry on an object or directory in the DMU format
dictionary you can identify users who work from a particular
terminal line. You specify the terminal number in the format
TTnn[:]. For example:
TERMINAL = TTH6
o You can identify all users whose terminal lines are hard-wired
to your local system. Use the keyword LOCAL:
TERMINAL = LOCAL
o You can identify all users whose processes are running on
anything other than a hard-wired line. By using the keyword
NONLOCAL you can identify all processes using dial-up lines,
running in batch mode, using DECnet and running as remote
terminals, and using the Distributed Data Manipulation
Facility (DDMF) to run DEC DATATRIEVE from a remote node in
a network of Digital computers. For example:
TERMINAL = NONLOCAL
o You can identify all batch processes by using the keyword
BATCH:
TERMINAL = BATCH
o You can identify all processes using DDMF to run DEC
DATATRIEVE from a remote node in a network of Digital
computers. Use the keyword NETWORK:
TERMINAL = NETWORK
3 – UIC
The UIC (User Identification Code) is a 2-part number or
text string that identifies a user and determines his or her
relationship to other users on the system. The UIC determines the
ownership of files and is assigned by your system manager. UICs
can be either numeric or alphanumeric:
o A numeric UIC consists of an octal group number and an octal
member number.
You can use the asterisk (*) wildcard in place of the group
number to identify all group numbers and in place of the
member number group to identify all member numbers.
o An alphanumeric UIC is a text string consisting of a member
name and, optionally, a group name.
You can use the asterisk (*) wildcard in place of the member
name in an alphanumeric UIC but not in place of the group
name.
The UIC is enclosed in square brackets or angle brackets. A comma
separates the two parts of the UIC. The first part of the UIC
identifies the group of users a person belongs to. Group members
share the same first number or group name in their UICs. You can
control access to files according to UIC group numbers or group
names. The second part of the UIC identifies the individual user
in a group.
3.1 – Examples
In an ACL entry, you can use three types of UIC to identify
users:
o By specifying all the digits of both parts of the UIC, you
can identify one or more users who log in with the same UIC
associated with their process. For example:
UIC = [240,240]
o By using an asterisk (_*) as a wildcard in place of the second
part of the UIC, you can identify users who belong to the same
group and share the first part of their UICs. For example,
the following specification can identify users with UICs
[240,101], [240,300], [240,544], [240,777]:
UIC = [240,*]
o By using asterisks in place of both groups of digits in the
UIC, you identify all users, regardless of their UICs:
UIC = [*,*]
You must include the comma and enclose the UIC specification
in square brackets or angle brackets. If you specify no
UIC for an ACL entry, the dictionary supplies [_*,_*] as a
default.
4 – Username
Specifying a username in an ACL entry limits the entry to one
user or to a group of users who log in with the same username.
For example:
USER = WEAVER