A creator ACE in an Access Control Entry that adds an extra ACE to the ACL for a file created within the directory to which you assign the Creator ACE. The Creator ACE applies only when the following conditions exist:
- The file being created is not owned by the user identification code (UIC) of the process creating the file.
- The process creating the file does not have system privileges.
For example, both of these conditions exist when a process holding a general identifier with the Resource attribute creates a file in a directory owned by that identifier. In this situation, the system adds an extra ACE at the top of the new file's ACL. If a Creator ACE exists in the ACL for the parent directory, the system propagates the access specified in the Creator ACE to the new ACE. If a directory lacks a Creator ACE, the system assigns an extra ACE with a combination of control access and ownership access. A Creator ACE with ACCESS=None suppresses the addition of the extra ACE.
The Creator ACE applies to directory files only.
Specify any of the following options:
|Protected||Protects the ACE against casual deletion. Protected ACEs can be deleted only in the following ways:
Use the command SET SECURITY/ACL=(ace)/DELETE to specify and delete an ACE.
By deleting all ACEs, both protected and unprotected Use the command SET SECURITY/ACL/DELETE=ALL to delete all ACEs.
The following commands do not delete protected ACEs:
SET SECURITY/ACL/DELETE SET SECURITY/LIKE SET SECURITY/DEFAULT
|Nopropagate||Indicates that the ACE cannot be copied by operations that usually propagate ACEs. For example, the ACE cannot be copied by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands.|
|None||Indicates that no attributes apply to an entry. Although you can create an ACL entry with OPTIONS=None, the attribute is not displayed. Whenever you specify additional attributes with the None attribute, the other attributes take precedence. The None attribute is equivalent to omitting the field.|
Specify access types that are valid for files: