Copyright Digital Equipment Corp. All rights reserved.

Protection_Codes

   A protection code controls the type of access allowed (or denied)
   to a particular user or group of users. It has the following
   format:

   [category:list of access allowed(,category:list of access allowed,...)]

   o  Category

      User categories include system (S), owner (O), group (G),
      and world (W). Each category can be abbreviated to its first
      character. Categories have the following definition:

      System      Any user process or application whose UIC is
                  in the range 1 through 10 (octal), has SYSPRV
                  privilege, or is in the same group as the owner
                  and holds GRPPRV.
      Owner       Any user process or application whose UIC is
                  identical to the UIC of the object.
      Group       Any user process or application whose Group UIC is
                  identical to the group UIC of the object.
      World       Any user process or application on the system.

      When specifying more than one user category, separate the
      categories with commas, and enclose the entire code in
      parentheses. You can specify user categories and access types
      in any order.

      A null access specification means no access, so when you omit
      an access type for a user category, that category of user
      is denied that type of access. To deny all access to a user
      category, specify the user category without any access types.
      Omit the colon after the user category when you are denying
      access to a category of users.

   o  access-list

      For files, the access types include read (R), write (W),
      execute (E), or delete (D). The access type is assigned
      to each ownership category and is separated from its
      access types with a colon (:); for example, SET SECURITY
      /PROTECTION=(S:RWE,O:RWE,G:RE,W). File access types have the
      following meanings:

      Read     Gives you the right to read, print, or copy a disk
               file. With directory files, the right to read or list
               a file and use a file name with wildcard characters
               to look up files. Read access implies execute access.
      Write    Gives you the right to write to or change the
               contents of a file, but not delete it. Write access
               allows modification of the file characteristics that
               describe the contents of the file. With directory
               files, the right to make or delete an entry in the
               catalog of files.
      Execute  Gives you the right to execute a file that contains
               an executable program image or DCL command procedure.
               With a directory file, the right to look up files
               whose names you know.
      Delete   Gives you the right to delete the file. To delete
               a file, you must have delete access to the file and
               write access to the directory that contains the file.
      Control  Gives you the right to file characteristics,
               including the protection code and ACL. Special
               restrictions apply to changing the owner of a file.