Allows you to modify the root file access control list (ACL) for
a database.
A database's root file ACL determines the Oracle RMU commands
that users can execute for the associated database.
1 – Description
The RMU Set Privilege command allows you to manipulate an entire
root file ACL, or to create, modify, or delete access control
entries (ACEs) in a root file ACL. See the Oracle Rdb Guide to
Database Design and Definition for introductory information on
ACEs and ACLs.
Use the RMU Set Privilege command to add ACEs to a root file ACL
by specifying the ACEs with the Acl qualifier.
Privileges Required for Oracle RMU Commands shows the privileges
a user must have to access each Oracle RMU command.
If the database root file you specify with RMU Set Privilege
command does not have an ACL, Oracle RMU creates one.
The RMU Set Privilege command provides the following qualifiers
to manipulate ACEs and ACLs in various ways:
After
Delete
Like
New
Replace
By default, any ACEs you add to a root file ACL are placed at
the top of the ACL. Whenever Oracle RMU receives a request
for Oracle RMU access for a database that has a root file ACL,
it searches each entry in the ACL from the first to the last
for the first match it can find, and then stops searching. If
another match occurs further down in the root file ACL, it has no
effect. Because the position of an ACE in a root file ACL is so
important, you can use the After qualifier to correctly position
an ACE. When you use the After qualifier, any additional ACEs are
added after the specified ACE.
You can delete ACEs from an ACL by including the Delete qualifier
and specifying the ACEs with the Acl qualifier. To delete all the
ACEs, include the Delete qualifier and specify the Acl qualifier
without specifying any ACEs.
You can copy an ACL from one root file to another by using the
Like qualifier. The ACL of the root file specified with the Like
qualifier replaces the ACL of the root file specified with the
root-file-spec parameter.
Use the New qualifier to delete all ACEs before adding any ACEs
specified by the Acl, Like, or Replace qualifiers.
You can replace existing ACEs in a root file ACL by using the
Replace qualifier. Any ACEs specified with the Acl qualifier
are deleted and replaced by those specified with the Replace
qualifier.
The existing ACE can be abbreviated when you use the Delete,
Replace, or After qualifiers.
Use the RMU Set Privilege command with the Edit qualifier to
invoke the ACL editor. You can specify the following qualifiers
only when you specify the Edit qualifier also:
Journal
Keep
Mode
Recover
For more information on the ACL editor, see the OpenVMS
documentation set.
2 – Format
(B)0[mRMU/Set Privilege root-file-spec
[4mCommand[m [4mQualifiers[m x [4mDefaults[m
x
/Acl[=(ace[,...])] x See description
/Acl_File=filename x See description
/After=ace x See description
/Delete[=All] x See description
/Edit x No editor invoked
/[No]Journal[=file-spec] x /Journal
/Keep[=(Recovery_Journal)] x See description
/Like=source-root-file-spec x None
/[No]Log x /Nolog
/Mode=[No]Prompt x /Mode=Prompt
/New x None
/[No]Recover[=file-spec] x /Norecover
/Replace=(ace[,...]) x None
3 – Parameters
3.1 – root-file-spec
The root file for the database whose root file ACL you are
modifying.
4 – Command Qualifiers
4.1 – Acl
Acl[=(ace[,...])]
Specifies one or more ACEs to be modified. When no ACE is
specified, the entire ACL is affected. Separate multiple ACEs
with commas. When you include the Acl qualifier, the specified
ACEs are inserted at the top of the ACL unless you also specify
the After qualifier. You cannot specify the Acl qualifier and the
Acl_File qualifier on the same RMU command line.
The format of an ACE is as follows:
(Identifier=user-id, Access=access_mask)
The user-id must be one of the following types of identifier:
o A user identification code (UIC) in [group-name,member-name]
alphanumeric format
o A user identification code (UIC) in [group-number,member-
number] numeric format
o A general identifier, such as SECRETARIES
o A system-defined identifier, such as DIALUP
o Wildcard characters in [*,*] format
Names are not case sensitive. In addition, the Identifier and
Access keywords can be abbreviated to one character. For example,
the following ACE is valid:
(I=isteward, A=RMU$ALL)
The access_mask can be any of the following:
o One or more of the Oracle RMU privileges listed in the Oracle
Rdb7 Oracle RMU Reference Manual
If more than one privilege is specified, a plus sign (+) must
be placed between the privileges.
o The keyword RMU$ALL
These keywords indicate that you want the user to have all of
the RMU privileges. (This keyword has no effect on system file
privileges.)
o The keyword None
This keyword indicates that you do not want the user
to have any RMU or OpenVMS privileges. If you specify
Acl=(id=username, access=READ+NONE), the specified user will
have no RMU privileges and no READ privileges for the database
files.
4.2 – Acl File
Acl_File=filename
Specifies a file containing a list of ACEs, with one ACE
specified per line. You can use continuation characters to
continue an ACE on the next line, and you can include commented
lines within the file. Within this file, use the dash (-) as a
continuation character and the exclamation point (!) to indicate
a comment.
You cannot specify the Acl_File qualifier and the Acl qualifier
on the same RMU command line.
4.3 – After
After=ace
Indicates that all ACEs specified with the Acl qualifier are to
be added after the ACE specified with the After qualifier. By
default, any ACEs added to the ACL are always placed at the top
of the list.
You cannot use this qualifier with the Edit qualifier.
4.4 – Delete
Delete[=All]
Indicates that the ACEs specified with the Acl qualifier are
to be deleted. If no ACEs are specified with the Acl qualifier,
the entire ACL is deleted. If you specify an ACE that was not
specified with the Acl qualifier, you are notified that the ACE
does not exist, and the delete operation continues.
You cannot use this qualifier with the Edit qualifier.
4.5 – Edit
Edit
Invokes the ACL editor and allows you to use the Journal,
Keep, Mode, or Recover qualifiers. Oracle RMU ignores any other
qualifiers you specify with the Edit qualifier.
The RMU Set Privilege command with the Edit qualifier only
functions off line. If you attempt it on line, an error message
is generated. This restriction is necessary because the ACL
editor requests exclusive write access to the database.
To use the Edit qualifier, the SYS$SHARE:ACLEDTSHR.EXE image
must be installed at system startup time, or, be installed by
RMONSTART.COM. Contact your system manager if this image is not
installed as needed.
For more information on the ACL editor, see the OpenVMS
documentation set.
4.6 – Journal
Journal[=file-spec]
Nojournal
Controls whether a journal file is created from the editing
session. By default, a journal file is created if the editing
session ends abnormally.
If you omit the file specification, the journal file has the
same name as the root file and a file type of .tjl. You can use
the Journal qualifier to specify a journal file name that is
different from the default. No wildcard characters are allowed in
the Journal qualifier file-spec parameter.
You must specify the Edit qualifier to use this qualifier.
4.7 – Keep
Keep[=(Recovery,Journal)]
Determines whether the journal file, the recovery file, or both,
are deleted when the editing session ends. The options are:
o Recovery-Saves the journal file used for restoring the ACL.
o Journal-Saves the journal file for the current editing
session.
You can shorten the Journal and Recover options to J and R,
respectively. If you specify only one option, you can omit the
parentheses.
You must specify the Edit qualifier to use this qualifier. If you
specify the Edit qualifier but do not specify the Keep qualifier,
both the journal file for the current editing session and the
journal file used for restoring the ACL are deleted when the
editing session ends.
4.8 – Like
Like=source-root-file-spec
Indicates that the ACL of the root file specified with the Like
qualifier is to replace the ACL of the root file specified with
the root-file-spec parameter of the RMU Set Privilege command.
Any existing ACEs are deleted before the root file ACL specified
by the Like qualifier is copied.
You cannot use this qualifier with the Edit qualifier.
4.9 – Log
Log
Nolog
Directs the RMU Set Privilege command to return both the name of
the root file that has been modified by the command and the ACL
associated with the database. The default of Nolog suppresses
this output.
You cannot use this qualifier with the Edit qualifier.
4.10 – Mode
Mode=[No]Prompt
Determines whether the ACL editor prompts for field values. By
default, the ACL editor selects prompt mode.
You must specify the Edit qualifier to use this qualifier.
4.11 – New
New
Indicates that any existing ACE in the ACL of the root file
specified with RMU Set Privilege is to be deleted. To use the
New qualifier, you must specify a new ACL or ACE with the Acl,
Like, or Replace qualifiers.
You cannot use this qualifier with the Edit qualifier.
4.12 – Recover
Recover[=file-spec]
Norecover
Specifies the name of the journal file to be used in a recovery
operation. If the file specification is omitted with the Recover
qualifier, the journal is assumed to have the same name as the
root file and a file type of .tjl. No wildcard characters are
allowed with the Recover qualifier file-spec parameter.
The default is the Norecover qualifier, where no recovery is
attempted when you invoke the ACL editor to edit a root file ACL.
You must specify Edit to use this qualifier.
4.13 – Replace
Replace=(ace[,...])
Deletes the ACEs specified with the Acl qualifier and replaces
them with those specified with the Replace qualifier. Any ACEs
specified with the Acl qualifier must exist and must be specified
in the order in which they appear in the ACL.
This qualifier cannot be used with the Edit qualifier.
5 – Usage Notes
o You must have the RMU$SECURITY privilege in the root file ACL
for a database or the OpenVMS SECURITY or BYPASS privilege
to use the RMU Set Privilege command for the database. The
RMU$SECURITY access is VMS BIT_15 access in the ACE. You can
grant yourself BIT_15 access by using the DCL SET ACL command
if you have (READ+WRITE+CONTROL) access.
o By default, a root file ACL is created for every Oracle Rdb
database. In some cases, the root file ACL may not allow
the appropriate Oracle RMU access for the database to all
Oracle RMU users. In these situations, you must use the RMU
Set Privilege command to modify the root file ACL to give the
appropriate Oracle RMU access to Oracle RMU users. Privileges
Required for Oracle RMU Commands shows the privileges required
to access each Oracle RMU command.
o The root file ACL created by default on each Oracle Rdb
database controls only a user's Oracle RMU access to the
database (by specifying privileges that will allow a user or
group of users access to specific Oracle RMU commands). Root
file ACLs do not control a user's access to the database with
SQL statements.
A user's access to a database with SQL statements is governed
by the privileges granted to the user in the database ACL
(the ACL that is displayed using the SQL SHOW PROTECTION ON
DATABASE command).
o If you find that the root file ACL has changed, or is not
set as expected, it may be because a layered product has
manipulated the OpenVMS directory or file ACLs. This can
result in the unintentional alteration of an Oracle RMU access
right.
For example, Oracle CDD/Repository may use the following ACE:
(IDENTIFIER=[*,*],OPTIONS=DEFAULT+PROPAGATE,ACCESS=NONE)
If this ACE is propagated to an Oracle Rdb database, such
as CDD$DATABASE or CDD$TEMPLATE, OpenVMS privileges may be
required to manage that database. Or, you can use the RMU Set
Privilege command to change the ACL on the affected database.
o If you need to move a database from one system to another, you
should be aware that the identifiers used in the database's
root file ACL on the source system are not likely to be
valid identifiers on the destination system. Thus, if the
database root file ACL from the source system is moved to the
destination system without modification, only those users with
the same identifiers on both systems have the same Oracle RMU
access to the database on the destination system as they had
to the database on the source system.
For example, suppose that the mf_personnel database with the
following root file ACL is moved from its current system to
another node. If the database root file ACL is moved without
modification to the destination node, the users USER, USER2,
USER3, USER4, and USER5 will not have any Oracle RMU access to
the database on the destination node unless they have the same
identities on the destination node.
$ RMU/SHOW PRIVILEGE MF_PERSONNEL.RDB
Object type: file, Object name:SQL_USER:[USER]MF_PERSONNEL.RDB;1,
on 31-MAR-1992 15:48:36.24
(IDENTIFIER=[SQL,USER],ACCESS=READ+WRITE+CONTROL+RMU$ALTER+
RMU$ANALYZE+RMU$BACKUP+RMU$CONVERT+RMU$COPY+RMU$DUMP+RMU$LOAD+
RMU$MOVE+RMU$OPEN+RMU$RESTORE+RMU$SECURITY+RMU$SHOW+RMU$UNLOAD+
RMU$VERIFY)
(IDENTIFIER=[SQL,USER2],ACCESS=RMU$ANALYZE+RMU$OPEN+RMU$VERIFY)
(IDENTIFIER=[SQL,USER3],ACCESS=RMU$SECURITY)
(IDENTIFIER=[RDB,USER4],ACCESS=RMU$BACKUP+RMU$CONVERT+RMU$DUMP+
RMU$RESTORE)
(IDENTIFIER=[RDB,USER5],ACCESS=RMU$LOAD+RMU$SHOW)
(IDENTIFIER=[*,*],ACCESS=NONE)
o The following list describes some ways to move a database from
one node to another and explains what happens to the original
root file ACL in each scenario:
- RMU Restore command
First, use the RMU Backup command to back up the database
on the source node and to create an .rbf file. Then, copy
the .rbf file from the source node to the destination
node. When you use the RMU Restore command to re-create
the database from the source node on the destination node,
the database on the destination node will have the same
root file ACL as the database on the source node. If a
user with the RMU$SECURITY privilege in the root file
ACL on the source node has the same identifier on the
destination node, that user can modify the root file ACL
on the destination node to grant users the privileges they
need for Oracle RMU access to the database. Otherwise, a
user with one of the OpenVMS override privileges (SECURITY
or BYPASS) needs to modify the root file ACL.
- RMU Restore command with the Noacl qualifier
First, use the RMU Backup command to back up the database
on the source node and to create an .rbf file. Then, copy
the .rbf file from the source node to the destination
node. When you use the RMU Restore command with the Noacl
qualifier to re-create the database from the source node on
the destination node, the database on the destination node
is created with an empty root file ACL. A user with one of
the OpenVMS override privileges (SECURITY or BYPASS) needs
to modify the root file ACL to grant users the privileges
they need for Oracle RMU access to the database.
- SQL IMPORT statement
First, use the SQL EXPORT statement on the source node
to create an .rbr file. Then, copy the .rbr file from the
source node to the destination node. When you use the SQL
IMPORT statement on the destination node, the imported
database is created with the same root file ACL as existed
on the database on the source node. If a user with the
RMU$SECURITY privilege in the root file ACL on the source
node has the same identifier on the destination node, that
user can modify the root file ACL on the destination node
to grant users the privileges they need for Oracle RMU
access to the database. Otherwise, a user with one of the
OpenVMS override privileges (SECURITY or BYPASS) needs to
modify the root file ACL to grant users the privileges they
need for Oracle RMU access to the database.
- SQL IMPORT NO ACL statement
First, use the SQL EXPORT statement on the source node to
create an .rbr file. Then, copy the .rbr file from the
source node to the destination node. When you use the
SQL IMPORT NO ACL statement on the destination node, the
imported database is created with a root file ACL that
contains one ACE. The single ACE will grant the OpenVMS
READ, WRITE, and CONTROL privileges plus all the Oracle RMU
privileges to the user who performed the IMPORT operation.
The user who performed the IMPORT operation can modify the
root file ACL to grant users the privileges they need for
Oracle RMU access to the database.
6 – Examples
Example 1
The following example assumes that the user with a user
identification code (UIC) of [SQL,USER] has created the mf_
test_db database and is therefore the owner of the database.
After creating the mf_test_db database, the owner displays the
root file ACL for the database. Then the owner grants Oracle RMU
privileges to database users. The Oracle RMU privileges granted
to each type of user depend on the type of Oracle RMU access the
user needs to the database.
$! Note that by default the owner (the user with a UIC of [SQL,USER])
$! is granted all the Oracle RMU privileges in the root file
$! ACL and no other users are granted any Oracle RMU privileges.
$ RMU/SHOW PRIVILEGE MF_TEST_DB.RDB
Object type: file, Object name: SQL_USER:[USER]MF_TEST_DB.RDB;1,
on 30-MAR-1996 15:51:55.79
(IDENTIFIER=[SQL,USER],ACCESS=READ+WRITE+CONTROL+RMU$ALTER+
RMU$ANALYZE+RMU$BACKUP+RMU$CONVERT+RMU$COPY+RMU$DUMP+RMU$LOAD+
RMU$MOVE+RMU$OPEN+RMU$RESTORE+RMU$SECURITY+RMU$SHOW+RMU$UNLOAD+
RMU$VERIFY)
$!
$! The owner uses the RMU Set Privilege command and the After
$! qualifier to grant the RMU$ANALYZE, RMU$OPEN, and
$! RMU$VERIFY privileges to a user with a UIC of [SQL,USER2].
$! This user will serve as the database administrator for the
$! mf_test_db database.
$ RMU/SET PRIVILEGE/ACL=(IDENTIFIER=[SQL,USER2],ACCESS=RMU$ANALYZE -
_$ +RMU$OPEN+RMU$VERIFY) -
_$ /AFTER=(IDENTIFIER=[SQL,USER])/LOG MF_TEST_DB.RDB
%RMU-I-MODIFIED, SQL_USER:[USER]MF_TEST_DB.RDB;1 modified
$!
$! Next, the owner grants the RMU$SECURITY privilege to a user with a
$! UIC of [SQL,USER3]. This gives the user USER3 the ability
$! to grant other users the appropriate privileges they need for
$! accessing the database with Oracle RMU commands. Because both
$! the database creator and user USER3 have the RMU$SECURITY
$! privilege, both of them can modify the root file ACL for the
$! database.
$ RMU/SET PRIVILEGE/ACL=(IDENTIFIER=[SQL,USER3],ACCESS=RMU$SECURITY) -
_$ /AFTER=(IDENTIFIER=[SQL,USER2])/LOG MF_TEST_DB.RDB
%RMU-I-MODIFIED, SQL_USER:[USER]MF_TEST_DB.RDB;1 modified
$!
$! The user with a UIC of [RDB,USER4], who will serve as the database
$! operator, is granted the RMU$BACKUP, RMU$CONVERT, RMU$DUMP, and
$! RMU$RESTORE privileges:
$ RMU/SET PRIVILEGE/ACL=(IDENTIFIER=[RDB,USER4],ACCESS=RMU$BACKUP -
_$ +RMU$CONVERT+RMU$DUMP+RMU$RESTORE) -
_$ /AFTER=(IDENTIFIER=[SQL,USER3])/LOG MF_TEST_DB.RDB
%RMU-I-MODIFIED, SQL_USER:[USER]MF_TEST_DB.RDB;1 modified
$!
$! The RMU$LOAD and RMU$SHOW privileges are granted to the user
$! with a UIC of [RDB,USER5]. This user will be writing programs
$! that load data into the database.
$ RMU/SET PRIVILEGE/ACL=(IDENTIFIER=[RDB,USER5],ACCESS=RMU$LOAD -
_$ +RMU$SHOW) /AFTER=(IDENTIFIER=[RDB,USER4]) MF_TEST_DB.RDB
%RMU-I-MODIFIED, SQL_USER:[USER]MF_TEST_DB.RDB;1 modified
$!
$! No privileges are granted to all other users.
$ RMU/SET PRIVILEGE/ACL=(IDENTIFIER=[*,*],ACCESS=NONE) -
_$ /AFTER=(IDENTIFIER=[RDB,USER5])/LOG MF_TEST_DB.RDB
%RMU-I-MODIFIED, SQL_USER:[USER]MF_TEST_DB.RDB;1 modified
$!
$! The RMU/SHOW PRIVILEGE command displays the root file ACL for the
$! mf_test_db database.
$ RMU/SHOW PRIVILEGE MF_TEST_DB.RDB
Object type: file, Object name: SQL_USER:[USER]MF_TEST_DB.RDB;1,
on 30-MAR-1996 15:52:17.03
(IDENTIFIER=[SQL,USER],ACCESS=READ+WRITE+CONTROL+RMU$ALTER+
RMU$ANALYZE+RMU$BACKUP+RMU$CONVERT+RMU$COPY+RMU$DUMP+RMU$LOAD+
RMU$MOVE+RMU$OPEN+RMU$RESTORE+RMU$SECURITY+RMU$SHOW+RMU$UNLOAD+
RMU$VERIFY)
(IDENTIFIER=[SQL,USER2],ACCESS=RMU$ANALYZE+RMU$OPEN+RMU$VERIFY)
(IDENTIFIER=[SQL,USER3],ACCESS=RMU$SECURITY)
(IDENTIFIER=[RDB,USER4],ACCESS=RMU$BACKUP+RMU$CONVERT+RMU$DUMP+
RMU$RESTORE)
(IDENTIFIER=[RDB,USER5],ACCESS=RMU$LOAD+RMU$SHOW)
(IDENTIFIER=[*,*],ACCESS=NONE)
Example 2
The following command adds an ACE for the user with a UIC of
[RDB,USER1] to the root file ACL for the personnel database. This
ACE grants [RDB,USER1] the RMU$BACKUP privilege for the personnel
database. The RMU$BACKUP privilege allows user [RDB,USER1]
to access the RMU Backup, RMU Backup After_Journal, and RMU
Checkpoint commands for the personnel database.
$ RMU/SET PRIVILEGE/ACL=(IDENTIFIER=[RDB,USER1],ACCESS=RMU$BACKUP) -
_$ PERSONNEL.RDB
Example 3
The Replace qualifier in the following example causes the ACE
in the root file ACL for the user with a UIC of [RDB,USER4]
to be replaced by the ACE specified for the user with a UIC of
[SQL,USER6]:
$ RMU/SET PRIVILEGE/ACL=(IDENTIFIER=[RDB,USER4]) -
_$ /REPLACE=(IDENTIFIER=[SQL,USER6],ACCESS=RMU$BACKUP+RMU$CONVERT -
_$ +RMU$DUMP+RMU$RESTORE)/LOG MF_TEST_DB.RDB
%RMU-I-MODIFIED, SQL_USER:[USER]MF_TEST_DB.RDB;1 modified
$!
$ RMU/SHOW PRIVILEGE MF_TEST_DB.RDB
Object type: file, Object name: SQL_USER:[USER]MF_TEST_DB.RDB;1,
on 30-MAR-1996 15:52:23.92
(IDENTIFIER=[SQL,USER],ACCESS=READ+WRITE+CONTROL+RMU$ALTER+
RMU$ANALYZE+RMU$BACKUP+RMU$CONVERT+RMU$COPY+RMU$DUMP+RMU$LOAD+
RMU$MOVE+RMU$OPEN+RMU$RESTORE+RMU$SECURITY+RMU$SHOW+RMU$UNLOAD+
RMU$VERIFY)
(IDENTIFIER=[SQL,USER2],ACCESS=RMU$ANALYZE+RMU$OPEN+RMU$VERIFY)
(IDENTIFIER=[SQL,USER3],ACCESS=RMU$SECURITY)
(IDENTIFIER=[SQL,USER6],ACCESS=RMU$BACKUP+RMU$CONVERT+RMU$DUMP+
RMU$RESTORE)
(IDENTIFIER=[RDB,USER5],ACCESS=RMU$LOAD+RMU$SHOW)
(IDENTIFIER=[*,*],ACCESS=NONE)
Example 4
The Delete qualifier in the following example causes the ACE for
the user with a UIC of [RDB,USER5] to be deleted from the root
file ACL for the mf_test_db database:
$ RMU/SET PRIVILEGE/ACL=(IDENTIFIER=[RDB,USER5]) -
_$ /DELETE/LOG MF_TEST_DB.RDB
%RMU-I-MODIFIED, SQL_USER:[USER]MF_TEST_DB.RDB;1 modified
$!
$ RMU/SHOW PRIVILEGE MF_TEST_DB.RDB
Object type: file, Object name: SQL_USER:[USER]MF_TEST_DB.RDB;1,
on 30-MAR-1996 15:52:29.07
(IDENTIFIER=[SQL,USER],ACCESS=READ+WRITE+CONTROL+RMU$ALTER+
RMU$ANALYZE+RMU$BACKUP+RMU$CONVERT+RMU$COPY+RMU$DUMP+RMU$LOAD+
RMU$MOVE+RMU$OPEN+RMU$RESTORE+RMU$SECURITY+RMU$SHOW+RMU$UNLOAD+
RMU$VERIFY)
(IDENTIFIER=[SQL,USER2],ACCESS=RMU$ANALYZE+RMU$OPEN+RMU$VERIFY)
(IDENTIFIER=[SQL,USER3],ACCESS=RMU$SECURITY)
(IDENTIFIER=[SQL,USER6],ACCESS=RMU$BACKUP+RMU$CONVERT+RMU$DUMP+
RMU$RESTORE)
(IDENTIFIER=[*,*],ACCESS=NONE)
Example 5
In the following example, the Like qualifier copies the root file
ACL from the mf_test_db database to the test_db database. As part
of this operation, the original root file ACL for the test_db
database is deleted.
$ RMU/SHOW PRIVILEGE TEST_DB.RDB
Object type: file, Object name: SQL_USER:[USER]TEST_DB.RDB;1, on
30-MAR-1996 15:52:31.48
(IDENTIFIER=[SQL,USER],ACCESS=READ+WRITE+CONTROL+RMU$ALTER+
RMU$ANALYZE+RMU$BACKUP+RMU$CONVERT+RMU$COPY+RMU$DUMP+RMU$LOAD+
RMU$MOVE+RMU$OPEN+RMU$RESTORE+RMU$SECURITY+RMU$SHOW+RMU$UNLOAD+
RMU$VERIFY)
$ !
$ RMU/SHOW PRIVILEGE MF_TEST_DB.RDB
Object type: file, Object name: SQL_USER:[USER]MF_TEST_DB.RDB;1,
on 30-MAR-1996 15:52:33.86
(IDENTIFIER=[SQL,USER],ACCESS=READ+WRITE+CONTROL+RMU$ALTER+
RMU$ANALYZE+RMU$BACKUP+RMU$CONVERT+RMU$COPY+RMU$DUMP+RMU$LOAD+
RMU$MOVE+RMU$OPEN+RMU$RESTORE+RMU$SECURITY+RMU$SHOW+RMU$UNLOAD+
RMU$VERIFY)
(IDENTIFIER=[SQL,USER2],ACCESS=RMU$ANALYZE+RMU$OPEN+RMU$VERIFY)
(IDENTIFIER=[SQL,USER3],ACCESS=RMU$SECURITY)
(IDENTIFIER=[SQL,USER6],ACCESS=RMU$BACKUP+RMU$CONVERT+RMU$DUMP+
RMU$RESTORE)
(IDENTIFIER=[*,*],ACCESS=NONE)
$!
$ RMU/SET PRIVILEGE/LIKE=MF_TEST_DB.RDB/LOG TEST_DB.RDB
%RMU-I-MODIFIED, SQL_USER:[USER]TEST_DB.RDB;1 modified
$!
$ RMU/SHOW PRIVILEGE TEST_DB.RDB
Object type: file, Object name: SQL_USER:[USER]TEST_DB.RDB;1, on
30-MAR-1996 15:52:41.36
(IDENTIFIER=[SQL,USER],ACCESS=READ+WRITE+CONTROL+RMU$ALTER+
RMU$ANALYZE+RMU$BACKUP+RMU$CONVERT+RMU$COPY+RMU$DUMP+RMU$LOAD+
RMU$MOVE+RMU$OPEN+RMU$RESTORE+RMU$SECURITY+RMU$SHOW+RMU$UNLOAD+
RMU$VERIFY)
(IDENTIFIER=[SQL,USER2],ACCESS=RMU$ANALYZE+RMU$OPEN+RMU$VERIFY)
(IDENTIFIER=[SQL,USER3],ACCESS=RMU$SECURITY)
(IDENTIFIER=[SQL,USER6],ACCESS=RMU$BACKUP+RMU$CONVERT+RMU$DUMP+
RMU$RESTORE)
(IDENTIFIER=[*,*],ACCESS=NONE)
Example 6
The New qualifier in the following example deletes all the
existing ACEs and the Acl qualifier specifies a new ACE for the
root file ACL for the mf_test_db database. Note that after the
RMU Set Privilege command in this example is issued, only the
user with a UIC of [SQL,USER2] or a user with an OpenVMS override
privilege would be able to display the root file ACL for the mf_
test_db database.
$ RMU/SHOW PRIVILEGE MF_TEST_DB.RDB
Object type: file, Object name: SQL_USER:[USER]MF_TEST_DB.RDB;1,
on 30-MAR-1996 15:52:44.50
(IDENTIFIER=[SQL,USER],ACCESS=READ+WRITE+CONTROL+RMU$ALTER+
RMU$ANALYZE+RMU$BACKUP+RMU$CONVERT+RMU$COPY+RMU$DUMP+RMU$LOAD+
RMU$MOVE+RMU$OPEN+RMU$RESTORE+RMU$SECURITY+RMU$SHOW+RMU$UNLOAD+
RMU$VERIFY)
(IDENTIFIER=[SQL,USER2],ACCESS=RMU$ANALYZE+RMU$OPEN+RMU$VERIFY)
(IDENTIFIER=[SQL,USER3],ACCESS=RMU$SECURITY)
(IDENTIFIER=[SQL,USER6],ACCESS=RMU$BACKUP+RMU$CONVERT+RMU$DUMP+
RMU$RESTORE)
(IDENTIFIER=[*,*],ACCESS=NONE)
$!
$ RMU/SET PRIVILEGE/NEW -
_$ /ACL=(IDENTIFIER=[SQL,USER2],ACCESS=READ+WRITE+CONTROL+ -
_$ RMU$ALTER+RMU$ANALYZE+RMU$BACKUP+RMU$CONVERT+RMU$COPY+ -
_$ RMU$DUMP+RMU$LOAD+RMU$MOVE+RMU$OPEN+RMU$RESTORE+RMU$SHOW+ -
_$ RMU$UNLOAD+RMU$VERIFY)/LOG MF_TEST_DB.RDB
%RMU-I-MODIFIED, SQL_USER:[USER]MF_TEST_DB.RDB;1 modified