HP OpenVMS Guide to System Security: OpenVMS Version 8.4 > Chapter 4 Protecting DataUnderstanding Privileges and Control AccessAlthough an object can be carefully protected by an ACL and a protection code, a user can still gain access through the use of privilege or control access. Security administrators can assign privileges to users when they create or modify user accounts. The system privileges READALL and BYPASS affect user access, regardless of the access dictated by an ACL for the object or by other elements in its security profile. The privileges SYSPRV and GRPPRV are controlled through the system category of the protection code. The privileges have the following meanings:
When you define ACLs or protection codes for your objects, remember that users with amplified privileges are entitled to special access to objects throughout the system. For example, there is no way to stop a user with the BYPASS privilege from accessing your files. Users with GRPPRV privilege have the power to perform many system management functions for other members of their UIC group. Protection of your objects depends on the judgment of your security administrator in granting these privileges. Any user with control access to an object can change its protection code and ACL and thereby gain access to an object. For all object classes but files, control access also allows a user to modify the object's owner. To modify the owner of a file generally requires privilege (see “Types of Access”). You obtain control access in any of the following ways:
Sometimes object classes allow control access through other means. See the “Object-Specific Access Considerations” and to the individual descriptions of classes in “Descriptions of Object Classes” for any special conditions that may apply. For some objects, access can be granted either by a special privilege (beyond those listed in “How Privileges Affect Protection Mechanisms”) or by an all-inclusive type of access. This is particularly true of a queue. A user with operator (OPER) privilege is granted all types of access to a queue. A user with manage access implicitly possesses the three other types of queue access: read, submit, and delete. “Descriptions of Object Classes” lists each object class with its access types and meanings and any special privilege. |