skip book previous and next navigation links
go up to top of book: HP OpenVMS Guide to System Security HP OpenVMS Guide to System Security
go to beginning of part: Security for the System Administrator Security for the System Administrator
go to beginning of appendix: Assigning Privileges Assigning Privileges
go to previous page: GRPPRV Privilege (Group) GRPPRV Privilege (Group)
go to next page: IMPORT Privilege (Objects)IMPORT Privilege (Objects)
end of book navigation links

IMPERSONATE Privilege (All) (Formerly DETACH)  



Processes can create detached processes that have their own UIC without the IMPERSONATE privilege, provided the processes do not exceed their MAXJOBS and MAXDETACH quotas. However, the IMPERSONATE privilege becomes valuable when a process wants to specify a different UIC for the detached process. There is no restriction on the UIC that can be specified for a detached process if you have the IMPERSONATE privilege. Thus, there are no restrictions on the files, directories, and other objects to which a detached process can gain access. The IMPERSONATE privilege also lets a process create a detached process with unrestricted quotas. A process can create detached processes by executing the Create Process ($CREPRC) system service.

In addition, IMPERSONATE grants the ability to create a trusted server process using the DCL command RUN/DETACH. Trusted processes are exempt from the normal system security auditing policy.

Detached processes remain in existence even after the user who created them has logged out of the system.

NoteThe IMPERSONATE privilege was formerly called the DETACH privilege. For backwards compatability, if you specify DETACH in a command line, the command continues to work properly.
go to previous page: GRPPRV Privilege (Group) GRPPRV Privilege (Group)
go to next page: IMPORT Privilege (Objects)IMPORT Privilege (Objects)