Overview

DATA SECURITY IS AN IMPORTANT ASPECT of many applications, particularly those involving the confidential data of your organization. OpenVMS provides a data protection facility, which allows you to control which users can access a collection of data and which operations those users can perform on the data. The data protection facility is composed of two independent protection mechanisms: user identification code (UIC) protection and access control list (ACL) protection.

The UIC-based protection mechanism was the original data protection mechanism in OpenVMS. It is grounded in the idea that each protected object is owned by a particular UIC. The relation between the owner UIC and the UIC of the user who is attempting to access the object determines if and how the user can access the object. UIC-based protection can be applied to the following kinds of objects:

• Devices

• Data volumes

• Files and directories

• Logical name tables

• Queues

• Global sections

The ACL-based protection mechanism was introduced in OpenVMS Version 4 to provide a more flexible data security facility. The acronym ACL stands for access control list: an arbitrary list of associations between user identifiers and access capabilities. When the user who is attempting to access the object appears in the object's ACL, then the ACL determines if and how the user can access the object. An ACL can be associated with all the kinds of objects listed above except for data volumes.

This chapter describes those features of the two protection mechanisms that are most often needed by...