SYSPRV Privilege (All)
» Table of Contents |  | | » Glossary | | | » Index | | |
| | |
| ||
| ||
The SYSPRV privilege lets a process access protected objects by the system protection field and also read and modify the owner (UIC), the UIC-based protection code, and the ACL of an object. Even if an object is protected against system access, a process with SYSPRV privilege can change the object's protection to gain access to it. Any process with SYSPRV privilege can add, modify, or delete entries in the system user authorization file (SYSUAF.DAT).
Exercise caution when granting this privilege. Normally, grant this privilege only to system managers and security administrators. If unqualified users have system access rights, the operating system and service to others can be easily disrupted. Such disruptions can include failure of the system, destruction of all system and user data, and exposure of confidential information.
The SYSPRV privilege also lets a process perform the following tasks:
| Task | Interface |
|---|---|
Modify a file's expiration date | SET FILE/EXPIRATION |
Modify the number of interlocked queue retries | $QIO request to an Ethernet 802 driver (DEBNA/NI) |
Set the spin-wait time on the port command register | $QIO request to an Ethernet 802 driver (DEBNA) |
Set the FROM field in a mail message | MAIL routines |
Access a MAIL maintenance record | |
Modify or delete a MAIL database record | |
Modify the group number and password of a local area cluster | CLUSTER_AUTHORIZE component of SYSMAN |
Perform transaction recovery, join a transaction as coordinator, transition a transaction | DECdtm software |
A process whose group UIC is less than or equal to the system parameter MAXSYSGRP has implied SYSPRV. When a process has SYSPRV or implied SYSPRV, it can also perform the following tasks:
| Task | Interface |
|---|---|
Initialize a magnetic tape | $INIT_VOL |
Override creation of an owner ACE on a newly created file | $QIO request to F11BXQP |
Clear the directory bit in a directory's file header | $QIO request to the F11BXQP, SET FILE/NODIRECTORY |
Acquire or release a volume lock | $QIO request to F11BXQP |
Force mount verification on a volume | $QIO request to F11BXQP |
Create a file access window with the no access lock bit set | $QIO request to F11BXQP |
Specify null lock mode for a volume lock | $QIO request to F11BXQP |
Access a locked file | $QIO request to F11BXQP |
Disable disk quotas on volume | $QIO request to F11BXQP |
Enable disk quotas on volume | $QIO request to F11BXQP |