The access control list editor (ACL editor) creates or modifies
an access control list (ACL) for a specified object.
Format
EDIT/ACL object-spec
1 – Parameter
object-spec
Specifies the object whose access control list is to be created
or edited. If an access control list does not exist, it is
created.
You can specify an object from any of the following object
classes:
Capability
Common event flag cluster
Device
File
Group global section
Logical name table
Queue
Resource domain
Security class
System global section
Volume
The default object class is a file. A file must be a disk file
on a Files-11 On-Disk Structure Level 2 formatted volume. For any
object other than a file, you must specify the object class with
the /CLASS qualifier.
Note that the ACL editor does not provide a default file type
for files. To prevent the ACL editor from using a null file type,
specify the file type on the command line. If the object is a
directory, specify the .DIR file type.
Do not include wildcard characters in the object specification.
1.1 – Qualifiers
Qualifier Description
/CLASS Specifies the class of object whose ACL is being
edited
/JOURNAL Controls whether a journal file is created for the
editing session
/MODE Specifies the use of prompting during the editing
session
/OBJECT_TYPE Superseded by the /CLASS qualifier
/RECOVER Restores an ACL from a journal file at the
beginning of an editing session
2 /CLASS
Specifies the class of the object whose ACL is being edited.
Unless the object is a file, you must specify the object class.
Format
/CLASS =object-class
2.1 – Description
To edit the ACL for an object other than a file, specify the
object class with the /CLASS qualifier. Specify one of the
following classes:
CAPABILITY A system capability, such as the ability to
process vector instructions. Currently, the
only defined object name for the CAPABILITY
class is VECTOR, which governs the ability
of a subject to access a vector processor
on the system. Note that you must supply
the capability name as the object name
parameter.
COMMON_EVENT_ A common event flag cluster.
CLUSTER
DEVICE A device, such as a disk or tape drive.
FILE A file or a directory file. This is the
default.
GROUP_GLOBAL_ A group global section.
SECTION
LOGICAL_NAME_TABLE A logical name table.
QUEUE A batch queue or a device (printer, server,
or terminal) queue.
RESOURCE_DOMAIN A resource domain.
SECURITY_CLASS A security class.
SYSTEM_GLOBAL_ A system global section.
SECTION
VOLUME A disk or tape volume.
2.2 – Examples
1.$ EDIT/ACL/CLASS=DEVICE WORK1
The command in this example specifies that the object WORK1 is
a device.
2.$ EDIT/ACL/CLASS=QUEUE FAST_BATCH
The command in this example creates an ACL for the queue FAST_
BATCH. Note that if you create an ACL for a generic queue, you
must create identical ACLs for all execution queues to which
jobs can be directed.
3 /JOURNAL
Controls whether a journal file is created for the editing
session.
Format
/JOURNAL [=file-spec]
/NOJOURNAL
3.1 – Description
By default, the ACL editor keeps a journal file containing a
copy of modifications made during an editing session. The journal
file is given the name of the object and a .TJL file type. If
you specify a different name for the file, do not include any
wildcard characters.
To prevent the ACL editor from creating a journal file, specify
/NOJOURNAL.
If your editing session ends abnormally, you can recover the
changes made during the aborted session by invoking the ACL
editor with the /RECOVER qualifier.
3.2 – Example
$ EDIT/ACL/JOURNAL=COMMONACL.SAV MECH1117.DAT
With this command, you create a journal file named
COMMONACL.SAV. The file contains a copy of the ACL and
the editing commands used to create the ACL for the file
MECH1117.DAT.
If the editing session is interrupted, you can recover your
edits by specifying the name COMMONACL.SAV with the /RECOVER
qualifier.
$ EDIT/ACL/CLASS=RESOURCE/JOURNAL=ZERO_RESOURCE.TJL [0]
If you edit an ACL for the resource domain [0], the ACL editor
attempts to create the file [0].TJL on the default device
and fails. To create an ACL for the resource [0], you must
specify a different name for the journal file (as shown in this
example) or suppress the creation of a journal file with the
/NOJOURNAL qualifier.
4 /MODE
Specifies the use of prompting during the editing session.
Format
/MODE =option
4.1 – Description
By default, the ACL editor prompts you for each ACE and provides
values for some of the fields within an ACE (/MODE=PROMPT). To
disable prompting, specify /MODE=NOPROMPT on the command line.
4.2 – Example
$ EDIT/ACL/MODE=NOPROMPT WEATHERTBL.DAT
With this command, you initiate an ACL editing session to
create an ACL for the file WEATHERTBL.DAT. The /MODE=NOPROMPT
qualifier specifies that no assistance is required in entering
the ACL entries.
5 /OBJECT_TYPE
The /OBJECT_TYPE qualifier is superseded by the /CLASS qualifier.
6 /RECOVER
Restores an ACL from a journal file at the beginning of an
editing session.
Format
/RECOVER [=file-spec]
/NORECOVER
6.1 – Description
The /RECOVER qualifier specifies that the ACL editor must restore
the ACL from a journal file. The ACL editor restores the ACL
to the state it was in when the last ACL editing session ended
abnormally.
By default the journal file is given the name of the object and
a .TJL file type. If you specify a more meaningful name for the
journal file when you invoke the ACL editor (by using /JOURNAL),
specify that file name with the /RECOVER qualifier.
6.2 – Example
$ EDIT/ACL/JOURNAL=SAVEACL MYFILE.DAT
.
.
.
User creates ACL until system crashes
.
.
.
$ EDIT/ACL/JOURNAL=SAVEACL/RECOVER=SAVEACL MYFILE.DAT
.
.
.
ACL is restored and user proceeds with editing until done
.
.
.
^Z
$
The first command in this example starts the ACL editing
session and specifies that the ACL editor must save the journal
file SAVEACL.TJL if the session ends abnormally. The session
proceeds until it is aborted by a system crash.
The next command restores the lost session with the journal
file SAVEACL.TJL. To end the session, press Ctrl/Z. The ACL
editor saves the edits and deletes the journal file.