skip book previous and next navigation links
go up to top of book: HP OpenVMS Guide to System Security HP OpenVMS Guide to System Security
go to beginning of part: Security for the System Administrator Security for the System Administrator
go to beginning of chapter: Controlling Access to System Data and Resources Controlling Access to System Data and Resources
go to previous page: Naming Individual Users in ACLs Naming Individual Users in ACLs
go to next page: Conditionalizing Identifiers for Different UsersConditionalizing Identifiers for Different Users
end of book navigation links

Defining Sharing of Rights  



Many users often share the same access needs, and an ACL consisting strictly of UIC identifiers can become too lengthy. To shorten the ACL, you can include environmental identifiers, which are system-defined, or create general identifiers (see Major Types of Rights IdentifiersTable 4-1).

When creating general identifiers, you design the names of the identifiers you want on your system and compose the set of holders for the identifiers. Then you add the identifiers to the rights database and assign the identifiers to the intended users.

For example, the Rainbow Paint Company decided to add the identifier PAYROLL to the rights database. The holders of that identifier were all users who needed read, write, execute, and delete access to PAYROLL.DAT: OWESTWOOD, CRUIZ, and RSMITH.

Once the identifier and its holders were defined, the security administrator used the following ACL to specify the same type of access to PAYROLL.DAT:

(IDENTIFIER=PAYROLL,ACCESS=READ+WRITE+EXECUTE+DELETE)
(IDENTIFIER=JSIMON,ACCESS=READ)
(IDENTIFIER=SGIBSON,ACCESS=READ)
go to previous page: Naming Individual Users in ACLs Naming Individual Users in ACLs
go to next page: Conditionalizing Identifiers for Different UsersConditionalizing Identifiers for Different Users