UIC Protection

From VSI OpenVMS Wiki
Jump to: navigation, search

UIC protection refers to object protection settings based on the UIC of the process accessing the object as opposed to identifier-based protection such as in the case of ACLs.

Example

Consider the following file security settings: 

$ SHOW SECURITY 95_FORECAST.TXT
WORK_DISK$:[GREG]95_FORECAST.TXT;1 object of class FILE
      Owner: [ACCOUNTING,GREG]
      Protection: (System: RWED, Owner: RWED, Group: RE, World)
      Access Control List: <empty>

(System: RWED, Owner: RWED, Group: RE, World) is the protection string that defines what users may access WORK_DISK$:[GREG]95_FORECAST.TXT;1. User categories are determined by comparing the UIC of the owner ([ACCOUNTING,GREG]) with the UIC of the process that is trying to access the file:

If [SYSTEM,BACKUP] with the UIC of [1,6] is trying to access the file, they are considered System and get System access to the file (Read, Write, Execute, Delete). If [ACCOUNTING,GREG] tries to access the file, they are labeled as Owner and get Owner access to the file (Read, Write, Execute, Delete). If [ACCOUNTING,GEORGE] tries to access the file, they are labeled as Group and get the Group access to the file (Read and Execute). If [SALES,MARY] tries to access the file, since their group number is above MAXSYSGROUP and does not match the owner's group number, they are labeled as World and get no access to the file.

Access Categories

The four categories of users that can have different protection settings assigned to them include:

  • System
  • Owner
  • Group
  • World

System refers to users with the UIC group of 0 through the value of MAXSYSGROUP (10 by default; bear in mind that numbers in a UIC are octal). If MAXSYSGROUP is set to 10, then a user with a UIC of [1,4] or [10,3] will belong to System, whereas a user with a UIC of [11,4] or [[100,3] will not. Owner refers to users whose UIC exactly matches that of the object's owner. Group refers to users whose UIC group matches that of the objects's owner. For example, if the owner's UIC is [100,10], then a user with a UIC of [100,1] will be considered Group, while a user with a UIC of [200,1] will not be considered Group. World refers to users who are not the Owner, nor do they belong to System or Group.

UIC may be displayed in the numeric format as well as the identifier format; lexical functions can be used to translate UICs to the numeric format if necessary.

See also

Retrieved from "https://wiki.vmssoftware.com/index.php?title=UIC_Protection&oldid=368"