The SYSNAM privilege lets the user's process
bypass discretionary access controls on the system logical name table
in order to insert names into the system logical name table and delete
names from that table by using the Create Logical Name ($CRELNM) and
Delete Logical Name ($DELLNM) system services. A process with this
privilege can use the DCL commands ASSIGN and DEFINE to add names
to the system logical name table in user or executive mode and can
use the DEASSIGN command in either mode to delete names from the table.
To mount a system volume or to dismount a system
or group volume with the appropriate mount or dismount command or
system service, you must have the SYSNAM privilege.
Grant this privilege only to the system operators
or to system programmers who need to define system logical names (such
as names for user devices, library directories, and the system directory).
Note that a process with SYSNAM privilege could redefine such critical
system logical names as SYS$SYSTEM and SYSUAF, thus gaining control
of the system.
The SYSNAM privilege also lets a process perform
the following tasks:
| Task | Interface |
|---|
Access
a MAIL maintenance record | MAIL |
Modify
a MAIL forward record | MAIL |
Declare
a network object | NETACP |
Create
an IPC association | $IPC |
With CMKRNL, add
or remove an identifier to system rights list | SET RIGHTS_LIST/SYSTEM, $GRANTID, $REVOKID |
