HP OpenVMS Guide to System Security > Chapter 5 Descriptions of Object Classes

Capabilities

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

A capability is a resource to which a site controls access, using the standard access control mechanisms. The ability to execute vector instructions is a capability object. Only sites with a vector processor have such an object.

Naming Rules

The only valid name for a capability object is VECTOR.

Types of Access

The capability class supports the following types of access:

Use

Gives a process the right to make use of the vector processor

Control

Gives you the right to change the protection and ownership elements of the object

Template Profile

The capability class provides the following template profile:

Template Name Owner UIC Protection Code

DEFAULT

[SYSTEM]

S:U,O:U,G:U,W:U

Modifications to the VECTOR template take effect the next time you boot the system. If you want to change the elements of the VECTOR object after the system is booted, you must modify the object directly. For example: 

$ SET SECURITY/CLASS=CAPABILITY/PROTECTION=(S:U,O:U,G:U,W) VECTOR

Kinds of Auditing Performed

The operating system can audit the following type of event:

Event Audited When Audit Occurs

Access

The first time after image activation that the process uses a vector instruction

Permanence of the Object

The capability object's security profile needs to be reset each time the system starts up.



Chapter 5 Descriptions of Object Classes
  		 


Common Event Flag Clusters