/sys$common/syshlp/ACLEDT.HLB  —  DEF_PROT_ACE, Parameters
 options

    Specify any of the following attributes:

    Hidden       Indicates that this ACE should be changed only by
                 the application that adds it. Although the Hidden
                 attribute is valid for any ACE type, its intended
                 use is to hide Application ACEs. To delete or modify
                 a hidden ACE, you must use the SET SECURITY command.

                 Users need the SECURITY privilege to display a
                 hidden ACE with the DCL commands SHOW SECURITY
                 or DIRECTORY/SECURITY. SECURITY privilege is also
                 required to modify or delete a hidden ACE with the
                 DCL command SET SECURITY. The ACL editor displays
                 the ACE only to show its relative position within
                 the ACL, not to facilitate editing of the ACE. To
                 create a hidden ACE, an application can invoke the
                 $SET_SECURITY system service.
    Protected    Protects the ACE against casual deletion. Protected
                 ACEs can be deleted only in the following ways:

                 o  By using the ACL editor

                 o  By specifying the ACE explicitly when deleting it

                    Use the command SET SECURITY/ACL=(ace)/DELETE to
                    specify and delete an ACE.

                 o  By deleting all ACEs, both protected and
                    unprotected

                    Use the command SET SECURITY/ACL/DELETE=ALL to
                    delete all ACEs.

                 The following commands do not delete protected ACEs:

                    SET SECURITY/ACL/DELETE
                    SET SECURITY/LIKE
                    SET SECURITY/DEFAULT

    Nopropagate  Indicates that the ACE cannot be copied by
                 operations that usually propagate ACEs. For example,
                 the ACE cannot be copied by the SET SECURITY/LIKE or
                 SET SECURITY/DEFAULT commands.
    None         Indicates that no attributes apply to an entry.
                 Although you can create an ACL entry with
                 OPTIONS=None, the attribute is not displayed.
                 Whenever you specify additional attributes with
                 the None attribute, the other attributes take
                 precedence. The None attribute is equivalent to
                 omitting the field.

 access

    Specify access in the format of a UIC-based protection code,
    which is as follows:

    [category: list of access allowed (, category:

     list of access allowed,...)]

    o  User categories include system (S),  owner (O), group (G),
       and world (W).  See the OpenVMS Guide to System Security
       for a definition of these categories. Access types for files
       include read (R),  write (W), execute (E),  and delete (D).
       The access type is assigned to each ownership category and is
       separated from its access types with a colon (:).

    o  A null access list means no access, so when you omit an access
       type for a user category, that category of user is denied that
       type of access. To deny all access to a user category, specify
       the user category without any access types. Omit the colon
       after the user category when you deny access to a category of
       users.

    o  When you omit a user category from a protection code, the
       current access allowed that category of user is set to no
       access.
Close Help