Privileges

From VSI OpenVMS Wiki
Jump to: navigation, search

Privileges are permissions that a process can have on an OpenVMS system to access system objects and resources. Privileges are stored in each user's user record in the SYSUAF file.

Types of process privileges

A process can have default and authorized privileges. Default privileges are granted as soon as the user logs in and can be used immegiately. Authorized privileges need to be enabled with the SET PROCESS/PRIVILEGE command.

Categories of privilege

Privileges are divided into the following seven categories according to the damage that the user possessing them could cause the system:

  • None: No privileges
  • Normal: Minimum privileges to effectively use the system
  • Group: Potential to interfere with members of the same group
  • Devour: Potential to consume noncritical systemwide resources
  • System: Potential to interfere with normal system operation
  • Object: Potential to compromise object security
  • All: Potential to control the system