Access type

From VSI OpenVMS Wiki
Jump to: navigation, search

Access Types with Disk File Protection.

Access type Gives you the right to...
Read Read, print, or copy a disk file. Read access automatically includes execute access to a specified file or group of files on disk.
Write Write to or change the contents of a file, but not delete it. Write access allows modification of the file characteristics that describe the contents of the file.
Execute Execute a file that contains an executable program image or DCL command procedure.
Delete Delete the file. To delete a file, you must have delete access to the file and write access to the directory that contains the file.
Control Change file characteristics, including the protection code and ACL. Special restrictions apply to changing the owner of a file.

Access Types for Directory Protection

Access type Gives you the right to...
Read Examine, print, or copy a file. If you have read access to a directory, you can display the contents of the directory with the DIRECTORY command.
          For example, if you have read access to the directory [JONES], you can enter the following command: 
          $ DIRECTORY [JONES]
          This command displays the files contained in the [JONES] directory. With read access, you can access any file listed in the directory, unless the protection on 
          that file denies you access. If the protection applied to the whole directory denies you read access, then you cannot access even those files in the directory 
          that permit access to users in your group.
Write Modify or write to a directory. However, you must have both read and write access to a directory to create files in the directory, to rename files in the directory,
          or to perform any file operation that involves changes to the directory file.
Execute Access files by name but not list all the entries in a directory (that is, to use specific or implied wildcards) when applied to directories.
            For example, assume that you have execute access to the [JONES] directory, and you enter the following command:
            $ DIRECTORY [JONES]
            The system responds with an error message of "insufficient privilege or file protection violation" and does not list the files in the [JONES] directory. However, 
            if you know that the file DATAFILE.DAT resides in the [JONES] directory, you can enter the following command:
            The system displays the contents of the file. Thus, with execute access, you can perform some, but not all, of the operations that you can with read access. 
            (Access to individual files is still controlled by their file protection.)
            As another example, to display the contents of the EXPENSES.DAT file, you must have read or execute access to each directory in the directory tree, 
            that is, to the JONES, REPORTS, and JUNE directories:
Delete Delete a directory file. You must remove all entries from a directory before you can delete the directory file. When you create a directory with the CREATE/DIRECTORY command,
           you do not, by default, get delete access. If you want to be able to delete a directory file, you must use the DCL command SET SECURITY/PROTECTION to explicitly assign delete 
           access to the owner category.
Control Change the characteristics of a directory.