Jane.doe: Created page with "'''SET SECURITY''' is a DCL command that modifies the security profile of an object. =Syntax= SET SECURITY object-name ==Qualifiers== * /ACL..."

2019-12-03T13:43:08Z

Created page with "'''SET SECURITY''' is a DCL command that modifies the security profile of an object. =Syntax= SET SECURITY object-name ==Qualifiers== * /ACL..."

New page

'''SET SECURITY''' is a [[DCL]] [[Command|command]] that modifies the security profile of an [[Object Class|object]].
=Syntax=
SET SECURITY object-name
==Qualifiers==
* /ACL allows you to modify the [[ACL|Access Control List]] for the object.
* /AFTER positions all ACEs specified with the /ACL qualifier after the ACE named with the /AFTER qualifier.
* [[File Selection Qualifiers#/BACKUP|/BACKUP]]
* [[File Selection Qualifiers#/BEFORE|/BEFORE]]
* [[File Selection Qualifiers#/BY_OWNER|/BY_OWNER]]
* /CONFIRM controls whether SET SECURITY prompts for verification before performing the operation. Valid responses are YES, NO, TRUE, and FALSE. Answers are not case sensitive and can be abbreviated to one letter. To stop processing the command at any point, type QUIT or press Ctrl/Z. To cancel the verification procedure but to proceed with the command, type ALL.
* /COPY_ATTRIBUTE specifies a subset of security elements to transfer from a source object to a target object. Valid keywords include the following:
{| class="wikitable"
! colspan="col" | Keyword
! colspan="col" | Description
|-
| ALL (default)
| Copy all security elements
|-
| ACL
| Copy the access control list
|-
| OWNER
| Copy the owner
|-
| PROTECTION
| Copy the protection code
|}
Use the /COPY_ATTRIBUTE qualifier with the /LIKE qualifier. For example, you can create an ACL for an object and then copy its ACL to new objects.
* [[File Selection Qualifiers#/CREATED|/CREATED]]
* /DELETE deletes [[ACE|ACEs]] according to the following rules:
** The expression /ACL=aces/DELETE deletes the named ACEs.
** The expression /ACL/DELETE deletes all unprotected ACEs.
** The expression /ACL/DELETE=ALL deletes all ACEs including protected ACEs.
** The expression /ACL=aces/DELETE=ALL deletes the existing ACL (if any) and create a new ACL with the ACEs specifies on the /ACL qualifier.
* /DEFAULT regenerates the security profile of a file. The default qualifier changes the [[UIC Protection|protection code]], the [[ACL]], and the owner elements of a file to what it would be if the file had just been created. The profile is recreated according to the following rules:
** The protection code is propagated from the default protection ACE on the directory (if one exists), or else it is propagated from the process default.
** The ACL is propagated from the parent [[Directory|directory]] for those ACEs that have the default option.
** The owner is set to the owner of the parent [[Directory|directory]].
With subdirectory files, SET SECURITY assigns the owner, protection, and ACL elements of the parent directory.
SET SECURITY does not copy any ACE on the source object if the ACE holds the nopropagate attribute nor does it change any ACE on the target object if the ACE holds the protected attribute. To apply new elements to all versions of the file, specify ;* in the object name.
* /EDIT invokes the access control list editor (ACL editor) and allows you to modify an ACL interactively. The ACL editor does not allow the asterisk (*) and the percent sign (%) wildcard characters in an object name. You must specify the object whose ACL you are editing.
* /EXCLUDE excludes the specified files from the SET SECURITY operation. You can include a [[Directory|directory]], but not a [[Device|device]], in the [[File specification|file specification]]. You cannot use [[File version#Relative version numbers|relative version numbers]] to exclude a specific [[File version|version]].
* [[File Selection Qualifiers#/EXPIRED|/EXPIRED]]
* /LIKE=(NAME=source-object-name [,CLASS=source-object-class] [,PROFILE=TEMPLATE=template-name]) identifies the object from which SET SECURITY should copy security elements. The /LIKE qualifier replaces an object's existing elements with those of the source object. Nopropagate ACEs are not transferred and protected ACEs on the target object are not deleted. Use the /COPY_ATTRIBUTE qualifier with the /LIKE qualifier to copy an object's elements. The object class of the source object defaults to the class of the target object. When the /CLASS qualifier is omitted, the CLASS keyword defaults to FILE. The PROFILE keyword applies to security class objects. It identifies which template of the security class you want to copy and modify. See /PROFILE for more information.
* /LOG controls whether the SET SECURITY command displays the name of the object that has been modified by the command. The qualifier is invalid with the /EDIT qualifier.
* [[File Selection Qualifiers#/MODIFIED|/MODIFIED]]
* /OWNER modifies the owner element of an object. Specify the [[UIC|user identification code (UIC)]] or general [[Identifier|identifier]] in the standard format. Modifying the owner element of a file usually requires [[Privileges|privileges]]. Requires [[GRPPRV]] (group privilege) to set the owner to another member of the same group. Requires [[SYSPRV]] (system privilege) to set the owner to any user identification code (UIC) outside your group.
* /PROFILE identifies which template profile of a security class object you want to modify. All [[Object Class|object classes]] except FILE have at least one template profile. These template profiles define the basis of the profile of new objects. Use the DCL command [[SHOW SECURITY]]/CLASS=SECURITY_CLASS to display template names. When no value is given for template-name, SET SECURITY uses the template named DEFAULT. Include the /CLASS=SECURITY_CLASS qualifier to identify which profile you want to modify.
* /PROTECTION modifies the protection code of an object. The protection code defines the type of access allowed to users, based on their relationship to the object's owner. Cannot be used to change the protection on a file by using DECnet software. Specify the ownership parameter as system (S), owner (O), group (G), or world (W). [[Object access type|Access types]] are class specific.
* /REPLACE eliminates entries listed with the /ACL qualifier and adds entries listed with the /REPLACE qualifier. SET SECURITY inserts the entries listed with /REPLACE in the position of the last deleted ACE.
* /SECRECY reserved for use by [[VSI]].
* [[File Selection Qualifiers#/SINCE|/SINCE]]
* /STYLE=keyword specifies the file name format for display purposes. The valid keywords for this qualifier are CONDENSED and EXPANDED. Descriptions are as follows:
{| class="wikitable"
! colspan="col" | Keyword
! colspan="col" | Explanation
|-
| CONDENSED (default)
| Displays the file name representation of what is generated to fit into a 255-length character [[String|string]]. This file name may contain a [[DID]] or [[FID]] abbreviation in the [[File Specification|file specification]].
|-
| EXPANDED
| Displays the file name representation of what is stored on disk. This file name does not contain any [[DID]] or [[FID]] abbreviations.
|}
The keywords CONDENSED and EXPANDED are mutually exclusive. This qualifier specifies which file name format is displayed in the output message, along with the confirmation if requested. File errors are displayed with the CONDENSED file specification unless the EXPANDED keyword is specified.
* /SYMLINK=keyword specifies how symlinks are treated during wildcard searches. Descriptions are as follows:
{| class="wikitable"
! colspan="col" | Keyword
! colspan="col" | Explanation
|-
| WILDCARD
| Indicates that symlinks are enabled during wildcard searches.
|-
| NOWILDCARD
| Indicates that symlinks are disabled during directory wildcard searches.
|-
| ELLIPSIS
| Equivalent to WILDCARD (included for command symmetry).
|-
| NOELLIPSIS
| Indicates that symlinks are matched for all wildcard fields except for ellipsis.
|}
If the file named in the SET SECURITY command is a symlink, the command operates on the symlink itself.
=See also=
* {{Template:Sec}}
[[Category:DCL Commands]]
[[Category:Security]]

SET SECURITY - Revision history

Jane.doe: Created page with "'''SET SECURITY''' is a DCL command that modifies the security profile of an object. =Syntax= SET SECURITY object-name ==Qualifiers== * /ACL..."