Choose the Set ACL... menu item to manipulate the access
control list (ACL) on various objects in the library. An
ACL consists of access control entries (ACEs) that grant
or deny access to a command or other object to specified
users.
Generally, there are two ways in which you can use ACLs
on objects:
o To control and restrict access to commands
For example, you can create an ACL specifying
certain users who are not allowed to use certain
commands, or other users who are allowed to use
only certain commands.
o To control and restrict access to other objects
(elements, groups, classes, the element list,
the group list, the class list, library history,
and library attributes)
For example, you can create an ACL specifying
certain users who are not allowed to insert or
modify a particular element.
When there is no ACL on a command or other object, access
to the command or other object is unrestricted.
Assigning an ACL to an object limits access strictly to
the specified user or users.
The use of ACLs could possibly cause unintended
restrictions. You should fully understand the composition
of both OpenVMS and CMS ACLs before using CMS ACLs. See the
"Guide to DIGITAL Code Management System for OpenVMS
Systems" for more information on using ACLs.
1 – Ac db
The Set ACL dialog box allows you to enter information about access control lists (ACLs) and access control entries (ACEs).
1.1 – Ac sf
If you click on an object or objects before choosing the Set ACL... menu item, the Selected box contains those objects. CMS performs the set ACL transaction you specify on the selected objects.
1.2 – Ac ob
Fill in the Object field with the name of one or more
objects whose access control lists (ACLs) are to be
created, modified, or deleted. Wildcards and a comma
list are allowed.
The name in the Object field depends on the Object type.
For example, if the Object type is Class, the object name
must be the name of a class in the CMS library. The same
principle applies to elements and groups.
If the Object type is Library, the Object field must
contain one or more of the following keywords:
ELEMENT_LIST
CLASS_LIST
GROUP_LIST
HISTORY
LIBRARY_ATTRIBUTES
If the Object type is Command, the Object field must
contain the name of a CMS command. Commands that
contain two words must be specified with an underscore;
for example, INSERT_ELEMENT.
1.3 – Ac obj
The Object type indicates the type of object whose access control list (ACL) is being modified. The Object type is required. Double click on the Object Field or on the object lists from the additional topics below for more information on object types.
1.3.1 – E_L
You can conceptually think of element, group, and class lists as generic objects representing, respectively, all the elements, groups, and classes that already exist, or have yet to be created in the CMS library. You use the object lists with access control lists (ACLs) to grant or deny access to objects already created in the library, or objects that will be created in the library. See the "Guide to DIGITAL Code Management System for OpenVMS Systems" for a more detailed explanation of object lists.
1.3.2 – H_L
By specifying a CMS ACL on the CMS library or the library history, you can restrict users from certain types of access to the library or the library history. You can restrict users from the following types of access to the library: MODIFY, REPAIR, VERIFY. You can restrict users from the following types of access to the library history: DELETE, REMARK. See the "Guide to DIGITAL Code Management System for OpenVMS Systems" for a more detailed explanation of using ACLs on the library or library history.
1.4 – Ac rf
Fill in the Remark field with text to be associated with the transaction and logged in the history file with this transaction.
1.5 – Ac ace
One or more access control entries (ACEs) comprise an
access control list (ACL). You can use two types of ACLs
in CMS: Identifier ACEs and Action ACEs.
o Identifier ACEs control which users can perform
which CMS operations on a specified object.
o Action ACEs define CMS events and specify actions
to be taken based on these events.
This Help entry describes Identifier ACEs; see the "Guide
to DIGITAL Code Management System for OpenVMS Systems" for
more information on Action ACEs.
Fill in the ACEs box with one or more ACEs. Identifier
ACEs must have the following format:
(IDENTIFIER=identifier[,OPTIONS=options][,ACCESS=access])
For example, (ID=PROJ_LEADER, ACCESS=MODIFY+DELETE).
This ACE indicates that both the modify and delete
operations are allowed for the user holding the
PROJ_LEADER identifier. To specify multiple ACEs,
enclose the ACEs in parentheses. For example:
((ID=JONES,ACCESS=CONTROL+EXECUTE),(ID=BOB,ACCESS=FETCH))
See the "Guide to DIGITAL Code Management System for OpenVMS
Systems" for more information on ACLs.
1.6 – Ac new
Click on the Add ACEs in Front button to direct CMS to add the ACEs in the ACEs box to the beginning of the ACL. By default, ACEs added to the ACL are always placed at the top of the list.
1.7 – Ac aft
Click on the Add ACEs After ACE button to direct CMS to add the ACEs in the ACEs box to the ACL after the ACE you specify in the accompanying text field.
1.8 – Ac r
Click on the Remove ACEs button to direct CMS to delete the ACE (or ACEs) specified in the ACEs box from the ACL. If you do not specify any ACEs in the ACEs box, CMS deletes the entire ACL. If you specify an ACE that does not exist, CMS notifies you, then continues on to delete the next specified ACE.
1.9 – Ac rep
Click on the Supersede ACL button to direct CMS to replace any existing ACL on the object with the new ACEs you specify in the ACEs box.
1.10 – Ac mda
Click on the Make Default ACL button to direct CMS to propagate the DEFAULT option ACEs in the ACL of the object list to the ACL of the specified object. This option can be used only with object lists. For example, click on this option if you assign or modify an ACL on a group list. The ACEs would then be assigned to any newly-created groups.
1.11 – Ac lik
Click on the Copy ACL From Object button to direct CMS to replace the ACL of the object specified in the Object name field with an ACL copied from another object. You must specify the ACL to be copied in the text field. No wildcards are allowed.