|
VMS Help SET, SECURITY, Examples *Conan The Librarian |
1.$ SHOW SECURITY LNM$GROUP /CLASS=LOGICAL_NAME_TABLE
LNM$GROUP object of class LOGICAL_NAME_TABLE
Owner: [SYSTEM]
Protection: (System: RWCD, Owner: R, Group: R, World: R)
Access Control List:
(IDENTIFIER=[USER,VARANESE],ACCESS=CONTROL)
$ SET SECURITY LNM$GROUP /CLASS=LOGICAL_NAME_TABLE -
_$ /ACL=((IDENTIFIER=CHEKOV,ACCESS=CONTROL), -
_$ (IDENTIFIER=WU,ACCESS=READ+WRITE)) -
_$ /DELETE=ALL -
_$ /PROTECTION=(S:RWCD, O:RWCD, G:R, W:R)
$ SHOW SECURITY LNM$GROUP /CLASS=LOGICAL_NAME_TABLE
LNM$GROUP object of class LOGICAL_NAME_TABLE
Owner: [SYSTEM]
Protection: (System: RWCD, Owner: RWCD, Group: R, World: R)
Access Control List:
(IDENTIFIER=[USER,CHEKOV],ACCESS=CONTROL)
(IDENTIFIER=[USER,WU],ACCESS=READ+WRITE)
This example shows how to make a straightforward change to the
security elements of an object. The first SHOW SECURITY command
displays the current settings of the LNM$GROUP logical name
table. The SET SECURITY command resets the ACL to allow control
access for user Chekov, and to allow read and write access
for user Wu. Note that without the /DELETE=ALL qualifier,
these ACEs would have been added to the existing ACL rather
than superseding it. The protection is also changed to allow
read, write, create, and delete access for the owner. The last
command displays the results of the changes.
2.$ SHOW SECURITY LNM$GROUP /CLASS=LOGICAL_NAME_TABLE
LNM$GROUP object of class LOGICAL_NAME_TABLE
Owner: [SYSTEM]
Protection: (System: RWCD, Owner: R, Group: R, World: R)
Access Control List:
(IDENTIFIER=[USER,FERNANDEZ],ACCESS=CONTROL)
$ SHOW SECURITY LNM$JOB /CLASS=LOGICAL_NAME_TABLE
LNM$JOB object of class LOGICAL_NAME_TABLE
Owner: [USER,WEISS]
Protection: (System: RWCD, Owner: RWCD, Group, World)
Access Control List: <empty>
$ SET SECURITY LNM$JOB /CLASS=LOGICAL_NAME_TABLE -
_$ /LIKE=(NAME=LNM$GROUP, CLASS=LOGICAL_NAME_TABLE) -
_$ /COPY_ATTRIBUTES=PROTECTION
$ SET SECURITY LNM$JOB /CLASS=LOGICAL_NAME_TABLE -
_$ /ACL=(IDENTIFIER=FERNANDEZ, ACCESS=READ)
$ SHOW SECURITY LNM$JOB /CLASS=LOGICAL_NAME_TABLE
LNM$JOB object of class LOGICAL_NAME_TABLE
Owner: [USER,WEISS]
Protection: (System: RWCD, Owner: R, Group: R, World: R)
Access Control List:
(IDENTIFIER=[USER,FERNANDEZ],ACCESS=READ)
This example shows how to copy security access information
from one object to another and, at the same time, set some
elements explicitly. The first SHOW SECURITY commands display
the current settings for the LNM$GROUP and LNM$JOB logical name
tables. The SET SECURITY command copies the protection code
from the LNM$GROUP logical name table to the LNM$JOB logical
name table and adds an ACE to allow read access to another
user. The final SHOW SECURITY command shows the effect of the
changes.
3.$ SHOW SECURITY SECURITY_CLASS /CLASS=SECURITY_CLASS
SECURITY_CLASS object of class SECURITY_CLASS
Owner: [SYSTEM]
Protection: (System: RWED, Owner: RWED, Group: R, World: R)
Access Control List: <empty>
Template: DEFAULT
Owner: [SYSTEM]
Protection: (System: RWED, Owner: RWED, Group, World: RE)
Access Control List: <empty>
$ SET SECURITY SECURITY_CLASS /CLASS=SECURITY_CLASS -
_$ /PROFILE=TEMPLATE=DEFAULT -
_$ /PROTECTION=(S:RWE, O:RWE, G:RE)
$ SHOW SECURITY SECURITY_CLASS /CLASS=SECURITY_CLASS
SECURITY_CLASS object of class SECURITY_CLASS
Owner: [SYSTEM]
Protection: (System: RWED, Owner: RWED, Group: R, World: R)
Access Control List: <empty>
Template: DEFAULT
Owner: [SYSTEM]
Protection: (System: RWE, Owner: RWE, Group: RE, World: RE)
Access Control List: <empty>
This example demonstrates how to change the security elements
for the template of a security class object. The first command
shows the current settings for the SECURITY_CLASS object. The
second command changes the DEFAULT template of the SECURITY_
CLASS object such that the protection is (S:RWE, O:RWE, G:RE).
The change is shown in the display of the last command. The
world protection of RE remains unchanged.
4.$ DIRECTORY/SECURITY
Directory DKA200:[DATA]
FILE001.DAT;1 [SYSTEM] (RWED,RWED,RE,)
Total of 1 file.
$ SET SECURITY/CLASS=FILE/PROTECTION=(WORLD:RE)/LOG FILE001.DAT
%SET-I-MODIFIED, DKA200:[DATA]FILE001.DAT;1 modified
$ DIRECTORY/SECURITY
Directory DKA200:[DATA]
FILE001.DAT;1 [SYSTEM] (RWED,RWED,RE,RE)
Total of 1 file.
$
This example shows how to set UIC-based protection codes on
an object. The first DIRECTORY command displays the current
security settings on the file FILE001.DAT. The SET SECURITY
command changes the protection codes on the file to allow read
and execute access for all users. The last command displays the
results of the change.
|
|