Displays the name, class, and profile of a protected object.
Format
SHOW SECURITY object-name
1 – Parameter
object-name
Specifies the name of an object whose security profile is to
be displayed. If the object class is SECURITY_CLASS, you can
specify an asterisk (*) as object-name to see a display of
all security class objects. An object name of the FILE class
(explicitly or implicitly specified) can include the asterisk
(*) and the percent sign (%) wildcard characters; however,
wildcard characters are not allowed in any class other than FILE
or SECURITY_CLASS.
2 – Qualifiers
2.1 /BACKUP
Modifies the time value specified with the /BEFORE or the /SINCE
qualifier. The /BACKUP qualifier selects files according to the
dates of their most recent backups (rather than by the creation,
expiration, or modification date). By default, SHOW SECURITY
selects files according to their creation date.
2.2 /BEFORE
/BEFORE[=time]
Selects only those files dated prior to the specified time.
You can specify time as absolute time, as a combination of
absolute and delta times, or as one of the following keywords:
BOOT, LOGIN, TODAY (default), TOMORROW, or YESTERDAY. Specify
the /CREATED or the /MODIFIED qualifier to indicate the time
attribute to be used as the basis for selection. The /CREATED
qualifier is the default.
For complete information on specifying time values, see the
OpenVMS User's Manual or the online help topic Date.
2.3 /BY_OWNER
/BY_OWNER[=uic]
Selects files whose owner's UIC matches the UIC specified with
uic. The default UIC is that of the current process.
Specify the UIC by using the standard format described in the VSI
OpenVMS Guide to System Security.
2.4 /CLASS
/CLASS=class
Specifies the class of the object whose profile is to be
displayed. By default, the command assumes the object class is
FILE. Object class keywords are as follows:
CAPABILITY LOGICAL_NAME_TABLE
COMMON_EVENT_CLUSTER QUEUE
DEVICE RESOURCE_DOMAIN
FILE SECURITY_CLASS
GROUP_GLOBAL_SECTION SYSTEM_GLOBAL_SECTION
ICC_ASSOCIATION VOLUME
2.5 /CREATED
Modifies the time value specified with the /BEFORE or the /SINCE
qualifier. The /CREATED qualifier selects files according to the
date they were created (rather than by the backup, expiration,
or modification date). By default, SHOW SECURITY selects files
according to their creation date.
2.6 /EXCLUDE
/EXCLUDE=(filespec[,...])
Excludes the specified files from the SHOW SECURITY operation.
You can include a directory, but not a device, in the file
specification. You cannot use relative version numbers to exclude
a specific version.
2.7 /EXPIRED
Modifies the time specified with the /BEFORE or the /SINCE
qualifier. The /EXPIRED qualifier selects files according to
their expiration dates rather than by the backup, creation,
or modification date. (The expiration date is set with the SET
FILE/EXPIRATION_DATE command.) By default, files are selected
according to their creation date.
2.8 /MODIFIED
Modifies the time value specified with the /BEFORE or the /SINCE
qualifier. The /MODIFIED qualifier selects files according to
the dates on which they were last modified, rather than by the
backup, creation, or expiration date. By default, files are
selected according to their creation date.
2.9 /SINCE
/SINCE[=time]
Selects only those files dated on or after the specified time.
You can specify time as absolute time, as a combination of
absolute and delta times, or as one of the following keywords:
BOOT, JOB_LOGIN, LOGIN, TODAY (default), TOMORROW, or YESTERDAY.
Specify the /CREATED or the /MODIFIED qualifier to indicate
the time attribute to be used as the basis for selection. The
/CREATED qualifier is the default.
For complete information on specifying time values, see the
OpenVMS User's Manual or the online help topic Date.
2.10 /SYMLINK
/SYMLINK=keyword
The valid keywords for this qualifier are [NO]WILDCARD,
[NO]ELLIPSIS, and [NO]TARGET. Descriptions are as follows:
Keyword Explanation
NOWILDCARD Indicates that symlinks are disabled during directory
wildcard searches.
WILDCARD Indicates that symlinks are enabled during wildcard
searches.
NOELLIPSIS Indicates that symlinks are matched for all wildcard
fields except for ellipsis.
ELLIPSIS Equivalent to WILDCARD (included for command
symmetry).
TARGET Indicates that if the target file of the file
specification is a symlink, then the target file
is followed.
NOTARGET Indicates that the command operates on the target
file even if it is a symlink.
If the file named in the SHOW SECURITY command is a symlink, the
command by default operates on the symlink itself.
3 – Examples
1.$ SHOW SECURITY LNM$SYSTEM_TABLE /CLASS=LOGICAL_NAME_TABLE
LNM$SYSTEM_TABLE object of class LOGICAL_NAME_TABLE
Owner: [SYSTEM]
Protection: (System: RWC, Owner: RWC, Group: R, World: R)
Access Control List:
(IDENTIFIER=[USER,SVENSEN],ACCESS=CONTROL)
This example shows a typical request to display the security
elements of an object. The logical name table LNM$SYSTEM_TABLE
is displayed with the settings of the security elements owner,
protection, and ACL.
2.$ SHOW SECURITY/CLASS=DEVICE $99$DUA22
_$99$DUA22: object of class DEVICE
Owner: [SALES,TSUTTER]
Protection: (System: RWPL, Owner: RWPL, Group: R, World)
Access Control List: <empty>
RES17SEP object of class VOLUME
Owner: [FEAST,FY93]
Protection: (System: RWCD, Owner: RWCD, Group: RWCD, World: RWCD)
Access Control List: <empty>
$ SHOW DEVICE $99$DUA22
Device Device Error Volume Free Trans Mnt
Name Status Count Label Blocks Count Cnt
$99$DUA22: (KUDOS) Mounted 0 RES17SEP 649904 1 2
This example shows a request for the security profile of a disk
device. The resulting display provides both the profiles of the
disk $99$DUA22 and the volume RES17SEP that is mounted on it.
The subsequent SHOW DEVICE command confirms that the volume is
mounted on the device $99$DUA22.
3.$ SHOW SECURITY LOGICAL_NAME_TABLE /CLASS=SECURITY_CLASS
LOGICAL_NAME_TABLE object of class SECURITY_CLASS
Owner: [SYSTEM]
Protection: (System: RWCD, Owner: RWCD, Group: R, World: R)
Access Control List: <empty>
Template: GROUP
Owner: [SYSTEM]
Protection: (System: RWCD, Owner: R, Group: R, World: R)
Access Control List: <empty>
Template: JOB
Owner: [SYSTEM]
Protection: (System: RWCD, Owner: RWCD, Group, World)
Access Control List: <empty>
Template: DEFAULT
Owner: [SYSTEM]
Protection: (System: RW, Owner: RW, Group: R, World: R)
Access Control List: <empty>
This example shows the output for the special case of a
security class object. The security class object LOGICAL_NAME_
TABLE is displayed with the security profile. In addition,
three templates are displayed.
4.$ SHOW SECURITY * /CLASS=SECURITY_CLASS
SECURITY_CLASS object of class SECURITY_CLASS
Owner: [SYSTEM]
Protection: (System: RWCD, Owner: RWCD, Group: R, World: R)
Access Control List: <empty>
LOGICAL_NAME_TABLE object of class SECURITY_CLASS
Owner: [SYSTEM]
Protection: (System: RWCD, Owner: RWCD, Group: R, World: R)
Access Control List: <empty>
.
.
.
This example shows the output for the special case of showing
all the security classes currently registered. The asterisk
(*) wildcard character is used; any other form of wildcard
characters is not accepted. Security profiles are shown for
each security class. Note that template information is not
shown.