A.ERIC@GSB-HOW.STANFORD.EDU (Eric M. Berg) (06/25/87)
We are currently a TOPS-20 site and have just purchased a Vax on which we plan to run VMS. Most of the Vaxen on our campus run Unix/Ultrix, so there isn't much VMS expertise here. One question we're facing with the new system is the assignment of privileges. Under TOPS-20 (or Unix), this hasn't been much of an issue, since there's only one meaningful level of privilege, and most of our computer facility staff have ended up with privileged accounts for one reason or another. VMS is clearly a different story, and we're trying to figure what privileges to assign to who. Unfortunately, the VMS documentation I've seen describes what the privileges are, but does not explain what their \implications/ are. I'm interested in hearing what other VMS users (esp. other University users) have done about this. In particular, we have the following general categories of staff, and would like to know what level of privileges to assign them: System manager System programmer Software development co-ordinator (resp. for applications and user software) several general programmers tape operators engineering/hardware staff (who may need to change system terminal or device characteristics, manipulate queues, etc.) office staff (who may do some of the work of establishing accounts) user services staff (who might find it useful to have access to files of users they're trying to help) Also, I have several general questions: --are there certain privileges which are typically only given to system processes, and not to users? --what difference does the ability to install images as privileged make to the need to assign privileges to specific users? --are there certain privileges which imply other privileges? For example, does BYPASS allow you to write to the UAF, thus in effect implying SETPRIV ? I would welcome responses to me (and I'll summarize to the net if there's general interest), responses to the net, and/or pointers to places in the DEC (or third-party, for that matter) documentation which will allow me to figure this kind of stuff out myself. Thanks in advance to anyone who takes the time to reply. Eric Berg Computer Facility Grad. School of Business Stanford -------