HP OpenVMS Guide to System Security > Appendix A Assigning Privileges

GRPPRV Privilege (Group)

 » Table of Contents

 » Glossary

 » Index

When the process's group matches the group of the object owner, the GRPPRV privilege gives a process the access rights provided by the object's system protection field. GRPPRV also lets a process change the protection or the ownership of any object whose owner group matches the process's group by using the DCL commands SET SECURITY.

Grant this privilege only to users who function as group managers. If this privilege is given to unqualified users who have no need for it, they can modify group UAF records to values equal to those of the group manager. They can increase resource allocations and grant privileges for which they are authorized.

The GRPPRV privilege lets a process perform the following tasks:

Task Interface

Modify object ownership

SET SECURITY/OWNER, $QIO request to F11BXQP

Read or modify a user authorization record

$GETUAI, $SETUAI

File system operations:

$QIO request to F11BXQP

  • Override the creation of an owner ACE on a newly created file

  • Clear the directory bit in a directory's file header

  • Acquire or release a volume lock

  • Force mount verification on a volume

  • Create a file access window with the no access lock bit set

  • Specify a null lock mode for a volume lock

  • Access a locked file

  • Enable or disable disk quotas on a volume