GRPPRV

From VSI OpenVMS Wiki
Jump to: navigation, search

GRPPRV is a privilege that gives the process the access rights provided by the object's system protection field when the process;s group matches the group of the owner. GRPPRV also lets a process change the protection or the ownership of any object whose owner group matches the process's group by using the DCL commands SET SECURITY.

Grant this privilege only to users who function as group managers. If this privilege is given to unqualified users who have no need for it, they can modify group UAF records to values equal to those of the group manager. They can increase resource allocations and grant privileges for which they are authorized.

The GRPPRV privilege lets a process perform the following tasks:

Task Interface
Modify object ownership SET SECURITY/OWNER, $QIO request to F11BXQP
Read or modify a user authorization record $GETUAI,$SETUAI
File system operations: override the creation of an owner ACE on a newly created file, clear the directory bit in a directory’s file header, acquire or release a volume lock, force mount verification on a volume, create a file access window with the no access lock bit set, specify a null lock mode for a volume lock, access a locked file, enable or disable disk quotas on a volume $QIO request to F11BXQP