HP OpenVMS Guide to System Security: OpenVMS Version 8.4 > Chapter 4 Protecting Data

Understanding Privileges and Control Access

Although an object can be carefully protected by an ACL and a protection code, a user can still gain access through the use of privilege or control access.

How Privileges Affect Protection Mechanisms

Security administrators can assign privileges to users when they create or modify user accounts. The system privileges READALL and BYPASS affect user access, regardless of the access dictated by an ACL for the object or by other elements in its security profile. The privileges SYSPRV and GRPPRV are controlled through the system category of the protection code. The privileges have the following meanings:

BYPASS

A user with BYPASS privilege receives all types of access to the object, regardless of its protection.

GRPPRV

A user with GRPPRV privilege whose UIC group matches the group of the owner of the object receives the same access accorded to users in the system category. Thus, the user with GRPPRV privilege is able to manage any of the group's objects.

READALL

A user with READALL privilege receives read access to the object, even if that access is denied by the ACL and the protection code. In addition, the user can receive any other access granted through the protection code.

SYSPRV

A user with SYSPRV privilege receives the access accorded to users in the system category.

When you define ACLs or protection codes for your objects, remember that users with amplified privileges are entitled to special access to objects throughout the system. For example, there is no way to stop a user with the BYPASS privilege from accessing your files. Users with GRPPRV privilege have the power to perform many system management functions for other members of their UIC group. Protection of your objects depends on the judgment of your security administrator in granting these privileges.

Using Control Access to Modify an Object Profile

Any user with control access to an object can change its protection code and ACL and thereby gain access to an object. For all object classes but files, control access also allows a user to modify the object's owner. To modify the owner of a file generally requires privilege (see “Types of Access”).

You obtain control access in any of the following ways:

  • You hold an identifier to which the object's ACL gives control access.

  • You have the same UIC as the owner of the object.

  • You qualify as a member of the system user category, and the object has an owner with a nonzero UIC. For example, you hold GRPPRV (with a matching group UIC) or SYSPRV. (See the “Controlling Access with Protection Codes” for a full description of system users.)

  • You hold BYPASS privilege.

Sometimes object classes allow control access through other means. See the “Object-Specific Access Considerations” and to the individual descriptions of classes in “Descriptions of Object Classes” for any special conditions that may apply.

Object-Specific Access Considerations

For some objects, access can be granted either by a special privilege (beyond those listed in “How Privileges Affect Protection Mechanisms”) or by an all-inclusive type of access. This is particularly true of a queue. A user with operator (OPER) privilege is granted all types of access to a queue. A user with manage access implicitly possesses the three other types of queue access: read, submit, and delete. “Descriptions of Object Classes” lists each object class with its access types and meanings and any special privilege.