The SYSNAM privilege lets the user's process bypass discretionary
access controls on the system logical name table in order to insert
names into the system logical name table and delete names from that
table by using the Create Logical Name ($CRELNM) and Delete Logical
Name ($DELLNM) system services. A process with this privilege can
use the DCL commands ASSIGN and DEFINE to add names to the system
logical name table in user or executive mode and can use the DEASSIGN
command in either mode to delete names from the table.
To mount a system volume or to dismount a system or group
volume with the appropriate mount or dismount command or system
service, you must have the SYSNAM privilege.
Grant this privilege only to the system operators or to system
programmers who need to define system logical names (such as names
for user devices, library directories, and the system directory).
Note that a process with SYSNAM privilege could redefine such critical
system logical names as SYS$SYSTEM and SYSUAF, thus gaining control
of the system.
The SYSNAM privilege also lets a process perform the following
tasks:
Task
Interface
Access a MAIL
maintenance record
MAIL
Modify a MAIL
forward record
MAIL
Declare a network
object
NETACP
Create an IPC
association
$IPC
With CMKRNL, add or remove
an identifier to system rights list
HP OpenVMS Guide to System Security
Security for the System Administrator
