(B)0DEFINE PROTECTION FOR qqqqk
                            x
       lqqqqqq<qqqqqqqqqqqqqj
       mqqqqwqqq> DATABASE qqqqqqqqqqq>qqqqqqqqqqqqqqqqqk
            tqqq> RELATION qq> relation-name qqqqqqqqqqqu
            tqqq> VIEW qqqqqq> view-name qqqqqqqqqqqqqqqu
            mqqq> FIELD q> field-name IN relation-name qu
        lqqqqqqqqqqqqqqq<qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
        mqqqwqqqqqqqqqqq>qqqqqqqqqqqqqqqqqqwqk
            tq> AFTER qqq> identifier qqqqqu x
            mq> POSITION qq> n qqqqqqqqqqqqj x
          lqqqqqqqqqqqqqqq<qqqqqqqqqqqqqqqqqqj
          mqqq> IDENTIFIER qqwqq> identifier qqwqk
                             mqq<qqqq + <qqqqqqj x
          lqqqqqqqqqqqqqqqqqqqq<qqqqqqqqqqqqqqqqqj
          mqqq> ACCESS qqqwqqq>qqqqqqqqqqqqqqqqqwqqqqqqqqqq> .
                          mqwq> access-right qwqj
                            mq<qqqqqq + <qqqqqj

1  –  relation-name

    The name of the Oracle Rdb relation for which you want to insert an
    ACL entry (ACE).

    A user with MODIFY rights on the relation automatically gets
    the same rights on all fields in the relation. However, you can
    restrict MODIFY rights by defining them only on specific fields
    you want users to be able to modify and thus remove the right
    from the relation entry.

2  –  view-name

    The name of the Oracle Rdb view for which you want to insert an ACL
    entry.

3  –  field-name

    The name of the local field in a specified relation for which you
    want to insert an ACL entry.

    Rights on a field are determined by the rights defined on the
    field combined with those specified for the specific relation
    ACL.

    Only MODIFY rights can be granted to fields. All other rights are
    not applicable.

4  –  AFTER

    Locates the new ACL entry relative to an existing entry. When you
    specify an identifier, Oracle Rdb searches the access control list
    for an existing entry that matches. It then inserts the new entry
    after the existing one. If you use the AFTER clause, you cannot
    use the POSITION clause.

5  –  POSITION

    Locates a new ACL entry relative to its position in the list.
    Use an unsigned integer greater than zero to specify the position
    in the access control list where Oracle Rdb places a newly created
    entry. If you use the POSITION clause, you cannot use the AFTER
    clause.

    When this statement executes, Oracle Rdb automatically reassigns
    sequence numbers to entries in the ACL, starting with number one.

6  –  IDENTIFIER

    Identifies the user or users for whom an entry is being added.
    You can specify any valid OpenVMS identifier in the identifier
    clause:

    o  UIC identifier

       You cannot specify more than one UIC identifier in a DEFINE
       PROTECTION statement.

    o  General identifier

    o  System-defined identifier

6.1  –  More

    You can specify multiple identifiers in the identifier clause
    when combining an identifier with a system-defined identifier.
    However, you should regard the six system-defined identifiers
    as mutually exclusive. Do not attempt to use them in combination
    with each other. You can combine them with other identifiers
    (UICs and general identifiers). When you specify multiple
    identifiers, separate them with a plus sign (+).

    If you specify multiple identifiers in the identifier clause,
    you define one ACE that determines the access rights that users
    will receive when they hold ALL the identifiers specified in the
    identifier clause. Users who do not hold all of the identifiers
    specified in the identifier clause will not be governed by the
    ACE that is created.

    For example, the first of the two RDO statements in the
    following example defines a single ACE for users with both the
    [CLERK,DAVIES] and REMOTE identifiers, not one ACE for users with
    the [CLERK,DAVIES] identifier and another ACE for users with the
    REMOTE identifier. The second statement shows the ACE created
    in the second position in the ACL, as specified in the DEFINE
    PROTECTION statement:

    DEFINE PROTECTION FOR RELATION A1
    POSITION 2
    IDENTIFIER [CLERKS,DAVIES]+REMOTE
    ACCESS READ+WRITE+MODIFY.
    !
    SHOW PROTECTION FOR RELATION A1
     (IDENTIFIER=[DBS,RICK],ACCESS=READ+WRITE+MODIFY+ERASE+SHOW+DEFINE+
       CHANGE+DELETE+CONTROL+OPERATOR+ADMINISTRATOR+REFERENCES+SECURITY)
     (IDENTIFIER=[CLERK,DAVIES]+REMOTE,ACCESS=READ+WRITE+MODIFY)
     (IDENTIFIER=[*,*],ACCESS=READ+MODIFY)

    To control which users have the ability to create databases, use
    the RDBVMS$CREATE_DB logical name and system rights identifier.
    See the "Oracle Rdb Guide to Database Design and Definition" for
    more information on the RDBVMS$CREATE_DB logical name and system
    rights identifier.

7  –  ACCESS

    Grants or denies access rights to the user identified in an ACL
    entry. For more information on access rights, ask for HELP on
    Access_rights.

    Specify only those access rights that you want to grant access
    to.