[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
| Title: | Oracle CDD/Repository�nce |
| Notice: | Current versions are V7.0-01 and V6.1-03�eld Test 3 |
| Moderator: | 8292::PJACOB�N |
|
| Created: | Thu Jan 21 1993 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 1094 |
| Total number of notes: | 4913 |
1067.0. "RMU-F-FILACCERR / RMS-E-PRV defining dictionary" by M5::GHODSON () Thu Mar 13 1997 17:12
Hi:
A customer had the following problem creating a dictionary which I reproduced
on a Alpha OpenVMS 6.2, Rdb 6.1-04, CDD 6.1-01 system.
From a privileged account I did:
---------------------------------
$ mount/sys $1$DUA54: test
$ mcr authorize
add/identifier/attributes=resource test$rsrc
add/ident test$access
grant/id/attribute=resource test$rsrc ghodson1
grant/id test$access ghodson1
grant/id cdd$system ghodson1
exit
$ define/sys/exec disk$test $1$DUA54:
$ mcr diskquota
use disk$test
create
add test$rsrc/perm=100000/over=10000
exit
$ create/dir/owner=test$rsrc disk$test:[smith]
$ set acl/acl= -
(identifier=test$access,options=default, -
access=read+write+execute+delete+control) disk$test:[000000]smith.dir
$ set acl/acl= -
(identifier=test$access,access=read+write+execute+control) -
disk$test:[000000]smith.dir
Now log in to ghodson1:
-----------------------
$ show proc/priv
13-MAR-1997 10:47:59.93 User: GHODSON1 Process ID: 2E000ABA
Node: LONGS Process name: "GHODSON1"
Authorized privileges:
NETMBX TMPMBX
Process privileges:
NETMBX may create network device
TMPMBX may create temporary mailbox
Process rights:
INTERACTIVE
REMOTE
TEST$RSRC resource
TEST$ACCESS
CDD$SYSTEM
System rights:
SYS$NODE_LONGS
$! show that I can create/delete a file
$ create disk$test:[smith]tmp.tmp
$ delete disk$test:[smith]tmp.tmp;
$! show that I have access to cdd$template:
$ dir/sec cdd$template:
Directory SYS$COMMON:[CDD$TEMPLATE]
00000000.30000000;1
[1,1] (RWED,RWED,,)
(IDENTIFIER=CDD$SYSTEM,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
(IDENTIFIER=[*,*],ACCESS=NONE)
(IDENTIFIER=[WWS,GHODSON],ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
30000000CDD$PROTOCOLS.40000000;1
[1,1] (RWED,RWED,,)
(IDENTIFIER=CDD$SYSTEM,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
(IDENTIFIER=[*,*],ACCESS=NONE)
CDD$DIRECTORY.CDD;1
[1,1] (RWED,,,)
(IDENTIFIER=CDD$SYSTEM,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
(IDENTIFIER=[*,*],ACCESS=NONE)
CONTEXTS.DIR;1 [1,1] (RWED,RWED,,)
(IDENTIFIER=CDD$SYSTEM,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
(IDENTIFIER=[*,*],ACCESS=READ+EXECUTE)
DELTAFILES.DIR;1 [1,1] (RWED,RWED,,)
(IDENTIFIER=CDD$SYSTEM,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
(IDENTIFIER=[*,*],ACCESS=READ+EXECUTE)
PARTITIONS.DIR;1 [1,1] (RWED,RWED,,)
(IDENTIFIER=CDD$SYSTEM,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
(IDENTIFIER=[*,*],ACCESS=READ+EXECUTE)
Total of 6 files.
$ mcr cdo
Welcome to CDO V6.1
The CDD/Repository V6.1 User Interface
Type HELP for help
CDO> define repository disk$test:[smith.util].
%RMU-F-FILACCERR, error creating database file $1$DUA54:[SMITH.UTIL]CDD$DATABASE
.RDB;1
-RMS-E-PRV, insufficient privilege or file protection violation
%CDD-I-CRECONT, define repository continuing without template
%CDO-E-ERRDEFINE, error defining an object
-CDD-F-ERRCREDIC, error creating dictionary
-SYSTEM-F-NOSUCHID, unknown rights identifier
CDO>
$ dir/sec disk$test:[smith.util]
Directory $1$DUA54:[SMITH.UTIL]
CDD$DATA.RDA;1 TEST$RSRC (RWED,RW,,)
(IDENTIFIER=[GHODSON1],OPTIONS=NOPROPAGATE,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
CDD$DATA.SNP;1 TEST$RSRC (RWED,RW,,)
(IDENTIFIER=[GHODSON1],OPTIONS=NOPROPAGATE,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
CDD$DATABASE.RDA;1 TEST$RSRC (RWED,RW,,)
(IDENTIFIER=[GHODSON1],OPTIONS=NOPROPAGATE,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
CDD$DATABASE.RDB;1 TEST$RSRC (RWED,RW,,)
(IDENTIFIER=[GHODSON1],OPTIONS=NOPROPAGATE,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
CDD$DATABASE.SNP;1 TEST$RSRC (RWED,RW,,)
(IDENTIFIER=[GHODSON1],OPTIONS=NOPROPAGATE,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
CDD$DIRECTORY.CDD;1
insufficient privilege or object protection violation
CONTEXTS.DIR;1 TEST$RSRC (RWE,RWED,RE,E)
(IDENTIFIER=[GHODSON1],OPTIONS=NOPROPAGATE,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+CONTROL)
(IDENTIFIER=TEST$ACCESS,OPTIONS=DEFAULT,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
DELTAFILES.DIR;1 TEST$RSRC (RWE,RWED,RE,E)
(IDENTIFIER=[GHODSON1],OPTIONS=NOPROPAGATE,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+CONTROL)
(IDENTIFIER=TEST$ACCESS,OPTIONS=DEFAULT,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
PARTITIONS.DIR;1 TEST$RSRC (RWE,RWED,RE,E)
(IDENTIFIER=[GHODSON1],OPTIONS=NOPROPAGATE,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+CONTROL)
(IDENTIFIER=TEST$ACCESS,OPTIONS=DEFAULT,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
Total of 9 files.
$ show proc/priv
13-MAR-1997 11:11:16.30 User: GHODSON1 Process ID: 2E000ABA
Node: LONGS Process name: "GHODSON1"
Authorized privileges:
NETMBX TMPMBX
Process privileges:
NETMBX may create network device
TMPMBX may create temporary mailbox
Process rights:
INTERACTIVE
REMOTE
TEST$RSRC resource
TEST$ACCESS
System rights:
SYS$NODE_LONGS
$! Now I no longer have cdd$system identifier and give priv errors accessing
$! cdd$template:
$ dir cdd$template:/sec
Directory SYS$COMMON:[CDD$TEMPLATE]
00000000.30000000;1
insufficient privilege or object protection violation
30000000CDD$PROTOCOLS.40000000;1
insufficient privilege or object protection violation
CDD$DIRECTORY.CDD;1
insufficient privilege or object protection violation
CONTEXTS.DIR;1 [1,1] (RWED,RWED,,)
(IDENTIFIER=CDD$SYSTEM,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
(IDENTIFIER=[*,*],ACCESS=READ+EXECUTE)
DELTAFILES.DIR;1 [1,1] (RWED,RWED,,)
(IDENTIFIER=CDD$SYSTEM,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
(IDENTIFIER=[*,*],ACCESS=READ+EXECUTE)
PARTITIONS.DIR;1 [1,1] (RWED,RWED,,)
(IDENTIFIER=CDD$SYSTEM,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
(IDENTIFIER=[*,*],ACCESS=READ+EXECUTE)
Total of 6 files.
Also, from the privileged account I can successfully create the same
dictionary:
$ delete disk$test:[smith.util]*.*;*
$ mcr cdo
Welcome to CDO V6.1
The CDD/Repository V6.1 User Interface
Type HELP for help
CDO> define repository disk$test:[smith.util].
%RMU-W-PREVACL, Restoring the root ACL over a pre-existing ACL.
This is a normal condition if you are using the CDO utility.
%RMU-I-AIJRSTAVL, 0 after-image journals available for use
%RMU-I-AIJISOFF, after-image journaling has been disabled
%RMU-W-USERECCOM, Use the RMU RECOVER command. The journals are not available.
CDO>exit
GHODSON_$ directory/sec disk$test:[smith.util]*.*;*
Directory $1$DUA54:[SMITH.UTIL]
00000000.30000000;1
TEST$RSRC (RWED,,,)
(IDENTIFIER=CDD$SYSTEM,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
(IDENTIFIER=[*,*],ACCESS=NONE)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
30000000CDD$PROTOCOLS.40000000;1
TEST$RSRC (RWED,,,)
(IDENTIFIER=CDD$SYSTEM,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
(IDENTIFIER=[*,*],ACCESS=NONE)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
CDD$DATA.RDA;1 TEST$RSRC (RWED,RW,,)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
CDD$DATA.SNP;1 TEST$RSRC (RWED,RW,,)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
CDD$DATABASE.RDA;1 TEST$RSRC (RWED,RW,,)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
CDD$DATABASE.RDB;1 TEST$RSRC (RWED,RW,,)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
(IDENTIFIER=CDD$SYSTEM,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL+BIT_5+
BIT_6+BIT_7+BIT_8+BIT_9+BIT_10+BIT_11+BIT_12+BIT_13+BIT_14+BIT_15+
BIT_16+BIT_17+BIT_18)
(IDENTIFIER=[*,*],ACCESS=READ+BIT_7+BIT_8+BIT_14)
(IDENTIFIER=[WWS,JAKUHN],ACCESS=READ+WRITE+CONTROL+BIT_5+BIT_6+BIT_7+
BIT_8+BIT_9+BIT_10+BIT_11+BIT_12+BIT_13+BIT_14+BIT_15+BIT_16+BIT_17+
BIT_18)
CDD$DATABASE.SNP;1 TEST$RSRC (RWED,RW,,)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
CDD$DIRECTORY.CDD;1
TEST$RSRC (RWED,,,)
(IDENTIFIER=CDD$SYSTEM,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
(IDENTIFIER=[*,*],ACCESS=NONE)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
CONTEXTS.DIR;1 TEST$RSRC (RWE,RWED,RE,E)
(IDENTIFIER=CDD$SYSTEM,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
(IDENTIFIER=[*,*],ACCESS=READ+EXECUTE)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+CONTROL)
(IDENTIFIER=TEST$ACCESS,OPTIONS=DEFAULT,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
DELTAFILES.DIR;1 TEST$RSRC (RWE,RWED,RE,E)
(IDENTIFIER=CDD$SYSTEM,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
(IDENTIFIER=[*,*],ACCESS=READ+EXECUTE)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+CONTROL)
(IDENTIFIER=TEST$ACCESS,OPTIONS=DEFAULT,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
PARTITIONS.DIR;1 TEST$RSRC (RWE,RWED,RE,E)
(IDENTIFIER=CDD$SYSTEM,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
(IDENTIFIER=[*,*],ACCESS=READ+EXECUTE)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+CONTROL)
(IDENTIFIER=TEST$ACCESS,OPTIONS=DEFAULT,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
Total of 11 files.
From the privileged account, I noticed that this process also no
longer had the cdd$system identifier after the "define repository...".
(It appears that CDO grants the cdd$system identifer to the process
so that it can create a dictionary and then removes it when done, without
checking to see if the process initially already had that identifier?)
Since from the nonpriv account I can create/delete files in this directory
from DCL, how come cdo can't create a repository in that directory? And
why does the "define repository..." remove the cdd$system identifier from
the process?
Thanks for any help.
--Gary Hodson
| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 1067.1 | More info... | M5::GHODSON | | Thu Mar 13 1997 18:57 | 11 |
| After further reading and help from a coworker, I know why the
define repository removed the cdd$system identifier. In the
"Using CDD/Repository on VMS Systems" manual, it says:
You should not assign the CDD$SYSTEM identifier to any users.
CDD/Repository will grand and revoke the identifier as needed.
The main question about why the nonpriv account can not create
the dictionary still remains a mystery. Thanks for any help.
--Gary
|
| 1067.2 | | NOVA::SMITHI | Don't understate or underestimate Rdb! | Thu Mar 13 1997 19:10 | 9 |
| I expect that the changes being made to the ACL's will effectively remove
access from the user. i.e. they will lose CONTROL privilege. Therefore, this
operation is forbidden by VMS. However, there is then no way for RMU to give
the CDD Rdb database appropriate access. So it fails.
This was a hot topic around Rdb V4.2 time... You might be able to find
further discussions in some of the older Rdb notes conferences.
Ian
|
| 1067.3 | Problem summary | M5::GHODSON | | Fri Mar 14 1997 19:54 | 186 |
| This entry is for bug # 465978
Problem:
--------
If a disk is set up with a disk quota entry and a directory that is owned
by a resource identifier and protected via acl's, then a nonprivileged
user who is granted the resource identifer can not create a cdd dictionary
in that specific directory. They will get this error:
CDO> define repository DISK$TEST:[SMITH.util].
%RMU-F-FILACCERR, error creating database file ...CDD$DATABASE.RDB;1
-RMS-E-PRV, insufficient privilege or file protection violation
%CDD-I-CRECONT, define repository continuing without template
%CDO-E-ERRDEFINE, error defining an object
-CDD-F-ERRCREDIC, error creating dictionary
-SYSTEM-F-NOSUCHID, unknown rights identifier
Analysis:
---------
This has been seen with Alpha OpenVMS 6.2, Rdb 6.1-04 and CDD 6.1-01.
From a privileged account do the following. This assumes user user1 is
a nonprivileged account (only netmbx and tmpmbx privs).
$ mount/sys $1$DUA54: test
$ mcr authorize
add/identifier/attributes=resource test$rsrc
add/ident test$access
grant/id/attribute=resource test$rsrc user1
grant/id test$access user1
grant/id cdd$system user1
exit
$ define/sys/exec disk$test $1$DUA54:
$ mcr diskquota
use disk$test
create
add test$rsrc/perm=100000/over=10000
exit
$ create/dir/owner=test$rsrc disk$test:[smith]
$ set acl/acl= -
(identifier=test$access,options=default, -
access=read+write+execute+delete+control) disk$test:[000000]smith.dir
$ set acl/acl= -
(identifier=test$access,access=read+write+execute+control) -
disk$test:[000000]smith.dir
Now log in to user1:
$ show proc/priv
13-MAR-1997 10:47:59.93 User: USER1 Process ID: 2E000ABA
Node: LONGS Process name: "USER1"
Authorized privileges:
NETMBX TMPMBX
Process privileges:
NETMBX may create network device
TMPMBX may create temporary mailbox
Process rights:
INTERACTIVE
REMOTE
TEST$RSRC resource
TEST$ACCESS
$! show that the process can create/delete a file
$ create disk$test:[smith]tmp.tmp
$ delete disk$test:[smith]tmp.tmp;
$ mcr cdo
Welcome to CDO V6.1
The CDD/Repository V6.1 User Interface
Type HELP for help
CDO> define repository disk$test:[smith.util].
%RMU-F-FILACCERR, error creating database file $1$DUA54:[SMITH.UTIL]CDD$DATABASE
.RDB;1
-RMS-E-PRV, insufficient privilege or file protection violation
%CDD-I-CRECONT, define repository continuing without template
%CDO-E-ERRDEFINE, error defining an object
-CDD-F-ERRCREDIC, error creating dictionary
-SYSTEM-F-NOSUCHID, unknown rights identifier
CDO>
$ dir/sec disk$test:[smith.util]
Directory $1$DUA54:[SMITH.UTIL]
CDD$DATA.RDA;1 TEST$RSRC (RWED,RW,,)
(IDENTIFIER=[USER1],OPTIONS=NOPROPAGATE,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
CDD$DATA.SNP;1 TEST$RSRC (RWED,RW,,)
(IDENTIFIER=[USER1],OPTIONS=NOPROPAGATE,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
CDD$DATABASE.RDA;1 TEST$RSRC (RWED,RW,,)
(IDENTIFIER=[USER1],OPTIONS=NOPROPAGATE,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
CDD$DATABASE.RDB;1 TEST$RSRC (RWED,RW,,)
(IDENTIFIER=[USER1],OPTIONS=NOPROPAGATE,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
CDD$DATABASE.SNP;1 TEST$RSRC (RWED,RW,,)
(IDENTIFIER=[USER1],OPTIONS=NOPROPAGATE,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
CDD$DIRECTORY.CDD;1
insufficient privilege or object protection violation
CONTEXTS.DIR;1 TEST$RSRC (RWE,RWED,RE,E)
(IDENTIFIER=[USER1],OPTIONS=NOPROPAGATE,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+CONTROL)
(IDENTIFIER=TEST$ACCESS,OPTIONS=DEFAULT,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
DELTAFILES.DIR;1 TEST$RSRC (RWE,RWED,RE,E)
(IDENTIFIER=[USER1],OPTIONS=NOPROPAGATE,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+CONTROL)
(IDENTIFIER=TEST$ACCESS,OPTIONS=DEFAULT,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
PARTITIONS.DIR;1 TEST$RSRC (RWE,RWED,RE,E)
(IDENTIFIER=[USER1],OPTIONS=NOPROPAGATE,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+CONTROL)
(IDENTIFIER=TEST$ACCESS,OPTIONS=DEFAULT,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
Total of 9 files.
From the VMS security auditing system, it can be seen the the prv error
occurs with:
Auditable event: Object access
Event information: directory entry creation request (IO$_ACCESS, IO$_CREA
TE, or IO$_ENTER)
...
Image name: $10$DKA0:[SYS0.SYSCOMMON.][SYSEXE]RMU.EXE
Object class name: FILE
Object owner: TEST$RSRC
Object protection: SYSTEM:RWE, OWNER:RWED, GROUP:RE, WORLD:E
Directory name: _$1$DUA54:[SMITH]UTIL.DIR;1
Directory ID: (15,4,0)
Directory entry: CDD$DATABASE.RDB;1
Access requested: READ,WRITE
Matching ACE: (IDENTIFIER=[*,*],ACCESS=READ+EXECUTE)
Sequence key: 02485F5D
Status: %SYSTEM-F-NOPRIV, insufficient privilege or object pro
tection violation
The reason is that in the process of creating the util.dir, cdd put these
two acl's on the directory:
(IDENTIFIER=CDD$SYSTEM,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
(IDENTIFIER=[*,*],ACCESS=READ+EXECUTE)
before the acl's that VMS would apply to the same util.dir file:
(IDENTIFIER=[USER1],OPTIONS=NOPROPAGATE,ACCESS=READ+WRITE+EXECUTE+
DELETE+CONTROL)
(IDENTIFIER=TEST$ACCESS,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
Workaround:
-----------
Before the user goes into CDO to create the dictionary, from DCL do
the following commands:
$ create/dir disk$test:[smith.util]
$ set security/acl/delete disk$test:[smith]util.dir
Then the user can go into CDO define the repository.
The customer thinks this workaround is messy and CDD should allow a
dictionary to be created just like VMS allows a file to be created.
|