HP OpenVMS Guide to System Security > Appendix A Assigning Privileges

SYSNAM Privilege (All)

  Table of Contents

  Glossary

  Index

The SYSNAM privilege lets the user's process bypass discretionary access controls on the system logical name table in order to insert names into the system logical name table and delete names from that table by using the Create Logical Name ($CRELNM) and Delete Logical Name ($DELLNM) system services. A process with this privilege can use the DCL commands ASSIGN and DEFINE to add names to the system logical name table in user or executive mode and can use the DEASSIGN command in either mode to delete names from the table.

To mount a system volume or to dismount a system or group volume with the appropriate mount or dismount command or system service, you must have the SYSNAM privilege.

Grant this privilege only to the system operators or to system programmers who need to define system logical names (such as names for user devices, library directories, and the system directory). Note that a process with SYSNAM privilege could redefine such critical system logical names as SYS$SYSTEM and SYSUAF, thus gaining control of the system.

The SYSNAM privilege also lets a process perform the following tasks:

Task Interface

Access a MAIL maintenance record

MAIL

Modify a MAIL forward record

MAIL

Declare a network object

NETACP

Create an IPC association

$IPC

With CMKRNL, add or remove an identifier to system rights list

SET RIGHTS_LIST/SYSTEM, $GRANTID, $REVOKID