From VSI OpenVMS Wiki
Jump to: navigation, search

IMPERSONATE is a privilege that allows a process to create detached processes with a UIC other than the process's UIC.

Processes can create detached processes that have their own UIC without the IMPERSONATE privilege, provided the processes do not exceed their MAXJOBS and MAXDETACH quotas. However, the IMPERSONATE privilege becomes valuable when a process wants to specify a different UIC for the detached process. There is no restriction on the UIC that can be specified for a detached process if you have the IMPERSONATE privilege. Thus, there are no restrictions on the files, directories, and other objects to which a detached process can gain access. The IMPERSONATE privilege also lets a process create a detached process with unrestricted quotas. A process can create detached processes by executing the Create Process ($CREPRC) system service.

In addition, IMPERSONATE grants the ability to create a trusted server process using the DCL command RUN/DETACH. Trusted processes are exempt from the normal system security auditing policy. Detached processes remain in existence even after the user who created them has logged out of the system. The IMPERSONATE privilege was formerly called the DETACH privilege. For backwards compatability, if you specify DETACH in a command line, the command continues to work properly.