HP OpenVMS Guide to System Security: OpenVMS Version 8.4 > Chapter 5 Descriptions of Object Classes

Logical Name Tables

Logical name assignments are maintained in logical name tables. A logical name table can be accessible to only one process, or it can be shareable if its parent table is shareable. All shareable name tables are listed in the LNM$SYSTEM_DIRECTORY, the system directory table. It is shareable logical name tables that the operating system protects.

Naming Rules

The name of a logical name table is a string of 1 to 32 characters.

Types of Access

The logical name table class supports the following types of access:

Read

Gives you the right to look up (translate) logical names in the table

Write

Gives you the right to create and delete logical names in the table

Create

Gives you the right to create a descendant logical name table, including the right to use a subset of the dynamic memory allocated to the parent logical name table when creating the descendant logical name table

Delete

Gives you the right to delete the table

Control

Gives you the right to modify the protection elements and owner of the table

Template Profile

The logical name table class provides the following template profiles. Although the template assigns an owner UIC of [0,0], this value is only temporary. As soon as the object is created, the operating system replaces a 0 value with the value in the corresponding field of the creating process's UIC.

Template Name Owner UIC Protection Code

DEFAULT

[0,0]

S:RW,O:RW,G:R,W:R

GROUP

[0,*]

S:RWCD,O:R,G:R,W

JOB

[0,0]

S:RWCD,O:RWCD,G,W

Privilege Requirements

The operating system allows read and write access to the group logical name tables with GRPNAM privilege and to the system logical name table with SYSNAM privilege.

Deletion of a shared table from the system directory requires SYSNAM privilege, and deletion of a logical name from the group directory requires GRPNAM privilege. Deletion of a parent logical name table results in the deletion of all its descendant logical name tables.

Creation or deletion of an inner-mode logical name or logical name table requires SYSNAM privilege (or being in an inner mode).

Kinds of Auditing Performed

The following events can be audited, provided the security administrator enables auditing for the event class:

Event Audited When Audit Occurs

Access

When translating a name, when creating a name or a descendent table, or when deleting a name or a descendent table

Creation

During access to a parent table for the right to create a table or when the table itself is created

Permanence of the Object

A logical name table and its security profile must be reset each time the system is rebooted.