HP OpenVMS Guide to System Security > Chapter 8 Controlling Access to System Data and Resources

Defining Sharing of Rights

  Table of Contents

  Glossary

  Index

Many users often share the same access needs, and an ACL consisting strictly of UIC identifiers can become too lengthy. To shorten the ACL, you can include environmental identifiers, which are system-defined, or create general identifiers (see Table 4-1 “Major Types of Rights Identifiers”Table 4-1).

When creating general identifiers, you design the names of the identifiers you want on your system and compose the set of holders for the identifiers. Then you add the identifiers to the rights database and assign the identifiers to the intended users.

For example, the Rainbow Paint Company decided to add the identifier PAYROLL to the rights database. The holders of that identifier were all users who needed read, write, execute, and delete access to PAYROLL.DAT: OWESTWOOD, CRUIZ, and RSMITH.

Once the identifier and its holders were defined, the security administrator used the following ACL to specify the same type of access to PAYROLL.DAT:

(IDENTIFIER=PAYROLL,ACCESS=READ+WRITE+EXECUTE+DELETE)
(IDENTIFIER=JSIMON,ACCESS=READ)
(IDENTIFIER=SGIBSON,ACCESS=READ)