Accessing Files Programmer's Guide (32650-90885)
162 Chapter13
Maintaining File Security
Access Control Definition Security (ACD)
of ACD attributes.
HPACDINFO Returns security attributes.
HPFOPEN Permits the creation of of an ACD.
The intrinsic FOPEN cannot be modified to give it the option of creating an ACD. You must
use HPFOPEN.
Detailed discussions of these intrinsics are found in the MPE/iX Intrinsics Reference
Manual.
Preserving ACDs
Device ACDs are not permanent objects; you must redefine them every time that the
system is rebooted. The easiest way to do this is to put ALTSEC commands into the
SYSSTART file, either directly or in a command file.
File ACDs are permanent objects; they do survive a reboot. When you store files to tape,
FCOPY and STORE save the files' ACDs, too–unless you specify otherwise. If you are not an
owner of the file and you do not have RACD permission, you get an error if you try to copy
the ACD. Instead, choose the NOACD parameter.
Managing ACDs
You may manage ACDs interactively through MPE/iX commands or programmatically
through MPE/iX intrinsics.
Creating ACDs
Examples
To assign Read access to user SAM.DOE, Write access to JOE.DOE, no access (None) to all
users in the DESIGN account, and Execute access to all users in all accounts (except those
users in the DESIGN account, enter this:
ALTSEC
FILEA.XX.DESIGN;NEWACD=(R:SAM.DOE;W:JOE.DOE;NONE:@.DESIGN;X:@.@)
To add an ACD that prevents any user except OPERATOR.SYS from accessing LDEV 7 (a
tape drive), enter this:
ALTSEC 7,LDEV;NEWACD=(R,W:OPERATOR.SYS)
The user must have SM capability to do this.
This short program uses HPACDPUT in creating an ACD for a file called TARGET:
program acdput(input, output);
Command Intrinsic Purpose
ALTSEC Create an ACD for an existing device or file
HPACDPUT Create an ACD for an existing device or file