Volume and file protection is specified as follows:

         (SYSTEM:RWED,OWNER:RWED,GROUP:RWED,WORLD:RWED)

    There are four categories of protection: one for system
    processes, one for the owner of the file, one for other members
    of the owner's group, and one for members of other groups. For
    each category, any combination of four different types of access
    may be specified:

       R    read access
       W    write access
       E    execute access (for execution of images)
       D    delete access

    If you want to deny all access to a category, you must specify
    the category name without a colon, for example:

         /PROTECTION=(OWNER:RWE,GROUP,WORLD)

    For complete information on setting protections, see the VSI OpenVMS
    Guide to System Security.