Access Authority by Class

Valid access values depend on the class the resource belongs to. The following table lists valid access values by class in the AC environment.
capamsc141
Valid access values depend on the class the resource belongs to. The following table lists valid access values by class in the AC environment.
Class
Valid Access Values
Lets Accessors...
All classes
all
Perform
all
valid operations for the class.
 
none
Perform
no
valid operations for the class.
ADMIN
create
Create records in this class.
 
delete
Delete records in this class.
 
join
Add a group to a USER record and to complete the linking of a user to a group.
Note:
The accessor must also have
modify
access.
 
modify
Modify existing records.
Note:
To link a user to a group (add user names to GROUP records) the accessor must also have
join
access.
 
password
Change the passwords of other users.
Note:
This access type affects only the USER class.
 
read
List records in this classes
AUTHHOST
read
Login from an authenticated host.
CONNECT
read
Connect to the remote host.
CONTAINER
inherited
Note:
Valid access values for this class are the valid values for the class of the contained objects.
DOMAIN
chmod
Create and delete trust relationships between one domain and another.
Note:
Both domains must have this access type.
 
execute
Add or delete members from the domain.
 
read
List domain members.
FILE, GFILE
chdir
Access the directory with the equivalent of read and execute permissions.
 
chmod
Change file system modes.
Note:
Only applicable on UNIX hosts.
 
chown
Change the owner of the record.
 
control
Perform
all
valid operations except
delete
and
rename
.
 
create
Create records in this class.
 
delete
Delete records in this class.
 
execute
Execute a program.
Note:
The accessor must also have
read
access.
 
read
Use a file or directory without changing it.
Note:
On UNIX, if you want
read
privileges to control whether users can perform operations that obtain information about the file (such as ls -l), set the STAT_intercept configuration setting to 1. For more information, see the
Reference Guide
.
 
rename
Rename to a record in this class.
 
sec
Change the ACL of records in this class.
 
update
Perform the combined operations of
read
,
write
, and
execute
.
 
utime
Change the modification time of a file.
Note:
Only applicable on UNIX hosts.
 
write
Change the file or directory.
HNODE
read
List records in the class.
 
write
Edit the details of the record.
HOLIDAY
read
Log in during the specified holiday.
KMODULE
load
Load a kernel module.
 
unload
Unload a kernel module.
MFTERMINAL
read
Log in from the Mainframe terminal.
 
write
Administer from the Mainframe terminal.
POLICY
delete
Delete the policy.
 
execute
Deploy the policy.
 
read
View policy details.
 
write
Edit the details of the record.
 
undeploy
Perform the combined operations of
delete
and
execute
.
PROCESS
read
Kill the process.
PROGRAM, SUDO, GSUDO
execute
Execute a program.
REGKEY
delete
Delete a Windows registry key.
 
read
List the contents of the Windows registry key.
 
write
Change the Windows registry key.
REGVAL
delete
Delete a Windows registry value.
 
read
Read a Windows registry value.
 
write
Change a Windows registry value.
RULESET
read
View the details of the record.
 
write
Edit the details of the record.
SURROGATE
execute
Surrogate to the user.
TCP
read
Access TCP services from remote hosts or host groups.
TERMINAL, GTERMINAL
read
Log in to the terminal.
 
write
Administer the terminal.
UACC
inherited
Note:
Valid access values for this class are the valid values for the class it is defining.
WINSERVICE
read
View the properties of the Windows service.
 
start
Start the Windows service.
 
modify
Change the properties of the Windows service.
 
resume
Resume a paused Windows service.
 
stop
Stop a Windows service.
 
pause
Pause a Windows service.
The values none and all are applicable to all classes. The value all represents the entire group of access values, other than none, for a particular class. For more information about access authority, see the
Endpoint Administration Guide
for your OS
.