The access control list editor (ACL editor) routine,
ACLEDIT$EDIT, allows user-written applications to manipulate
access control lists (ACLs).
1 – ACLEDIT$EDIT
The ACLEDIT$EDIT routine creates and modifies an access control
list (ACL) associated with any protected object.
Format
ACLEDIT$EDIT item_list
1.1 – Returns
OpenVMS usage:cond_value
type: longword (unsigned)
access: write only
mechanism: by value
Longword condition value. Most utility routines return a
condition value in R0. Condition values that this routine can
return are listed under Condition Values Returned.
1.2 – Argument
item_list
OpenVMS usage:item_list_3
type: longword (unsigned)
access: read only
mechanism: by descriptor
Item list used by the callable ACL editor. The item_list argument
is the address of one or more descriptors of arrays, routines,
or longword bit masks that control various aspects of the editing
session.
Each entry in an item list is in the standard format shown in the
following figure:
-----------------------------------------
| Item code | Buffer length |
-----------------------------------------
| Buffer address |
-----------------------------------------
| Return length address |
-----------------------------------------
The following table provides a detailed description of each item
list entry:
Item Identifier Description
ACLEDIT$C_OBJNAM Specifies the name of the object whose ACL is
being edited.
ACLEDIT$C_OBJTYP A longword value that specifies the object
type code for the type or class of the object
whose ACL is being edited. These type codes are
defined in $ACLDEF. The default object type is
FILE (ACL$C_FILE).
ACLEDIT$C_ Represents a longword bit mask of the various
OPTIONS options available to control the editing
session.
Flag Function
ACLEDIT$V_ Indicates that the editing
JOURNAL session is to be journaled.
ACLEDIT$V_ Indicates that the editing
RECOVER session is to be recovered
from an existing journal file.
ACLEDIT$V_ Indicates that the journal
KEEP_RECOVER file used to recover the
editing session is not to
be deleted when the recovery
is complete.
ACLEDIT$V_ Indicates that the journal
KEEP_JOURNAL file used for the editing
session is not to be deleted
when the session ends.
ACLEDIT$V_ Indicates that the session
PROMPT_MODE is to use automatic text
insertion (prompting) to
build new access control list
entries (ACEs).
ACLEDIT$C_BIT_ Specifies a vector of 32 quadword string
TABLE descriptors of strings that define the names
of the bits present in the access mask. (The
first descriptor defines the name of bit 0;
the last descriptor defines the name of bit
31.) These descriptors are used in parsing or
formatting an ACE. The buffer address field
of the item descriptor contains the address of
this vector.
ACLEDIT$C_CLSNAM A string descriptor that points to the class
name of the object whose ACL is being modified.
The following are valid class names:
o COMMON_EVENT_FLAG_CLUSTER
o DEVICE
o FILE
o GROUP_GLOBAL_SECTION
o LOGICAL_NAME_TABLE
o QUEUE
o RESOURCE_DOMAIN
o SECURITY_CLASS
o SYSTEM_GLOBAL_SECTION
o VOLUME
If both OBJTYP and CLSNAM are omitted, the
object is assumed to belong to the FILE class.
1.3 – Description
Use the ACLEDIT$EDIT routine to create and modify an ACL
associated with any security object.
Under normal circumstances, the application calls the ACL
editor to modify an object's ACL, and control is returned to
the application when you finish or abort the editing session.
If you also want to use a customized version of the ACL editor
section file, the logical name ACLEDT$SECTION should be defined.
See the HP OpenVMS System Management Utilities Reference Manual
for more information.
1.4 – Condition Values Returned
SS$_NORMAL Normal successful completion.
RMS$_xxx See the OpenVMS Record Management Services
Reference Manual for a description of OpenVMS
RMS status codes.