VMS Help  —  System Services, $GET SECURITY, Arguments
 clsnam

    OpenVMS usage:char_string
    type:         character-coded text string
    access:       read only
    mechanism:    by descriptor
    Name of the object class. The clsnam argument is the address of a
    descriptor pointing to a string containing the name of the object
    class.

    The following is a list of protected object class names:

       CAPABILITY
       COMMON_EVENT_CLUSTER
       DEVICE
       FILE
       GLXSYS_GLOBAL_SECTION
       GLXGRP_GLOBAL_SECTION
       GROUP_GLOBAL_SECTION
       ICC_ASSOCIATION
       LOGICAL_NAME_TABLE
       QUEUE
       RESOURCE_DOMAIN
       SECURITY_CLASS
       SYSTEM_GLOBAL_SECTION
       VOLUME

 objnam

    OpenVMS usage:char_string
    type:         character-coded text string
    access:       read only
    mechanism:    by descriptor
    Name of the protected object whose associated security profile
    is going to be retrieved. The objnam argument is the address
    of a descriptor pointing to a string containing the name of the
    protected object.

    The format of an object name is class specific. The following
    table lists object names and describes their formats:

    Object Class        Object Name Format

    CAPABILITY          A character string. Currently, the only
                        capability object is VECTOR.
    COMMON_EVENT_       Name of the event flag cluster, as defined
    CLUSTER             in the Associate Common Event Flag Cluster
                        ($ASCEFC) system service.
    DEVICE              Standard device specification, described in
                        the OpenVMS User's Manual.
    FILE                Standard file specification, described in the
                        OpenVMS User's Manual.
    GROUP_GLOBAL_       Section name, as defined in the Create and
    SECTION             Map Section ($CRMPSC) system service.
    ICC_ASSOCIATION     ICC security object name node::association_
                        name. The special node name, ICC$::, refers
                        to entries in the clusterwide registry. For
                        registry entries, the Access Access Type does
                        not apply.
    LOGICAL_NAME_TABLE  Table name, as defined in the Create Logical
                        Name Table ($CRELNT) system service.
    QUEUE               Standard queue name, as described in the Send
                        to Job Controller ($SNDJBC) system service.
    RESOURCE_DOMAIN     An identifier or octal string enclosed in
                        brackets.
    SECURITY_CLASS      Any class name shown in column 1, or a
                        class name followed by a period (.) and
                        the template name. Use the DCL command SHOW
                        SECURITY to display possible template names.
    SYSTEM_GLOBAL_      Section name, as defined in the Create and
    SECTION             Map Section ($CRMPSC) system service.
    VOLUME              Volume name or name of the device on which
                        the volume is mounted.

 objhan

    OpenVMS usage:object_handle
    type:         longword (unsigned)
    access:       read only
    mechanism:    by reference
    Data structure identifying the object whose associated
    characteristics are going to be retrieved. The objhan argument
    is an address of a longword containing the object handle. You can
    use the objhan argument as an alternative to the objnam argument;
    for example, channel number clearly specifies the file open on
    the channel and can serve as an object handle.

    The following table shows the format of the object classes:

    Object Class           Object Handle Format

    COMMON_EVENT_CLUSTER   Event flag number
    DEVICE                 Channel number
    FILE                   Channel number
    RESOURCE_DOMAIN        Resource domain identifier
    VOLUME                 Channel number

 flags

    OpenVMS usage:flags
    type:         mask_longword
    access:       read only
    mechanism:    by value
    Mask specifying processing options. The flags argument is a
    longword bit vector wherein a bit, when set, specifies the
    processing option. The flags argument requires the contxt
    argument.

    The following table describes each flag:

    Symbolic Name   Description

    OSS$M_RELCTX    Release the context structure at the completion
                    of this request.

    OSS$M_WLOCK     Maintain a write lock on the security profile
                    at the completion of this request. $GET_SECURITY
                    ignores the flag if the context has already been
                    established.

    These symbolic names are defined in the $OSSDEF macro. You
    construct the flags argument by specifying the symbolic names
    of each flag.

 itmlst

    OpenVMS usage:item_list_3
    type:         longword (unsigned)
    access:       read only
    mechanism:    by reference
    Item list specifying which information about the process or
    processes is to be returned. The itmlst argument is the address
    of a list of item descriptors, each of which describes an item
    of information. The list of item descriptors is terminated by a
    longword of 0.

    With the item list, the user retrieves the protected object's
    characteristics. The user defines which security characteristics
    to retrieve. If this argument is not present, only the flags
    argument is processed. Without the itmlst argument, you can only
    manipulate the security profile lock or release contxt resources.

    Refer to the VSI OpenVMS System Services Reference Manual to view
    the item code diagram and descriptor fields table.

 contxt

    OpenVMS usage:context
    type:         longword (unsigned)
    access:       modify
    mechanism:    by reference
    Value used to maintain the processing context when dealing with
    a single protected object across multiple $GET_SECURITY/$SET_
    SECURITY calls. Whenever the context value is nonzero, the class
    name, object name, or object handle arguments are disregarded.
    An input value of 0 indicates that a new context should be
    established.

    Because an active context block consumes process memory, be sure
    to release the context block by setting the RELCTX flag when the
    profile processing is complete. $GET_SECURITY sets the context
    argument to 0 once the context is released.

 acmode

    OpenVMS usage:access_mode
    type:         longword (unsigned)
    access:       read only
    mechanism:    by reference
    Access mode to be used in the object protection check. The acmode
    argument is the address of a longword containing the access mode.
    The acmode argument defaults to kernel mode; however, the system
    compares acmode with the caller's access mode and uses the least
    privileged mode. The access modes are defined in the system macro
    $PSLDEF library. VSI recommends that this argument be omitted
    (passed as zero).
Close Help