% Librarian I01-42$zgzgDhCCC5  ACCESS_TYPESh ACE_FLAGS ACE_FORMATz ACE_TYPES ALARM_ACE AUDIT_ACECONTROL_ACCESS$ CREATOR_ACEP CTRLA_KEYQ CTRLD_KEYQD CTRLH_KEYR CTRLJ_KEYR CTRLR_KEYS CTRLU_KEYT CTRLW_KEYT CTRLZ_KEY DEFAULT_FLAG) DEF_PROT_ACE DELETE_ACCESSN DOWN_ARROWUE1_KEYVE2_KEYVE3_KEYWhE4_KEYXE5_KEYXE6_KEYG ENTER_KEYCOMMANDSEKP0_KEYF KP1_KEYFKP2_KEY WRITE_ACCESS  NOPROP_FLAGKPF1_KEYLPF2_KEYLxPF3_KEYM:PF4_KEY JPROTECTED_FLAG  READ_ACCESSP RIGHT_ARROWER RUBOUT_KEY STARTING_UP= SUBSYSTEM_ACESUCCESS_ACCESSN|UP_ARROW_VT100[>VT200dLVT52 WRITE_ACCESSA ENTER_KEYKP2_KEY NONE_FLAG WRITE_ACCESSH<KP4_KEYHKP5_KEYJ&KP7_KEYJKP8_KEYI KPCOMMA_KEYFL KPERIOD_KEYK KPMINUS_KEYOJ LEFT_ARROW2 NONE_ACCESS NONE_FLAG"EXECUTE_ACCESSYbF10_KEYYF12_KEYZ<F13_KEYZLF15_KEY[fF16_KEY\ FAILED_ACCESS < HIDDEN_FLAG2IDENTIFIER_ACEDKEYPAD_COMMANDSEKP0_KEYF KP1_KEYFKP2_KEY Kz 1 ACE_FORMATD An access control list entry (ACE) consists of a series of fieldsB started and ended by parentheses. The first field indicates theD type of ACE to be entered. The second field indicates any options? that apply to the ACE. The third field indicates the type ofC access to grant or to be monitored (if applicable). In addition,D the second and third fields have several subfields for the actual* options and access types, respectively./ The gen eral format for an ACE is as follows:) (type, option_flags, access_to_grant) wwKz 1 ACE_FLAGS( (type, option_flags, access_to_grant)B The option_flags field defines any options to be applied to the' ACE. It can be any of the following: DEFAULT HIDDEN NONE NOPROPAGATE PROTECTED wwKz 1 NONE_FLAG OPTION=NONE< Indicates that no options apply to an entry. Although you? can creat e an ACL entry with OPTIONS=None, the option is not? displayed. When you specify additional options with the None@ option, the other options take precedence. The None option is$ equivalent to omitting the field. wwKz1 DEFAULT_FLAG OPTION=DEFAULTB Indicates that an ACE is to be included in the ACL of any files@ created within a directory. When the entry is propagated, theA Default attribute is removed from the ACE of the created file.4 This at tribute is valid for directory files only. wwKz1 HIDDEN_FLAG OPTION=HIDDEND Indicates that this ACE should be changed only by the application@ that adds it. Although the HIDDEN option is valid for any ACE> type, its intended use is to hide application ACEs. The ACLD editor displays the ACE only to show its relative position withinA the ACL, not to facilitate editing of the ACE. Unless you haveC the SECURITY privilege, you cannot display a hidden ACE with the DCL command DIRECTORY/ACL.= You cannot display a hidden ACE with the DCL commands SHOWD SECURITY or DIRECTORY/SECURITY, and you cannot modify or delete aD hidden ACE with the SET SECURITY command. To create a hidden ACE,> an application can invoke the $SET_SECURITY system service. wwKz1 PROTECTED_FLAG OPTION=PROTECTEDB Protects the ACE against casual deletion. Protected ACEs can beB deleted only by the following methods: by using the ACL editor;A by specifying the ACE explicitly when deleting it-for example,@ use the command SET SECURITY/ACL=(ace)/DELETE; or by deletingB all ACEs, both protected and unprotected, using the command SET SECURITY/ACL/DELETE=ALL. wwKz1 NOPROP_FLAG OPTION=NOPROPAGATE= Indicates that the ACE cannot be copied by operations that@ usually propagate ACEs. For example, the ACE cannot be copied= by the SET SECURITY/LIKE or SET SECURITY/DEFAULT commands. wwKz1 ACCESS_TYPES( (type, option_flags, access_to_grant)@ The access-to-grant field indicates what type of access is toC be granted, and (depending on the type of ACE) whether or not toA log successful attempts or unsuccessful attempts to access theB object. You can specify any access that is valid for the object9 class. Include the keywords SUCCESS, FAILURE, or both. wwKz1 READ_ACCESS@ The right to read, print, or copy a disk file. With directoryC files, the right to read or list a file and use a file name withD wildcard characters to look up files. Read access implies execute access. wwKz1 WRITE_ACCESS> The right to write to or change the contents of a file, but> not delete it. Write access allows modification of the file? characteristics that describe the contents of the file. With? directory files, the right to make or delete an entry in the catalog of files. wwKz1 EXECUTE_ACCESSB The right to execute a file that contains an executable programC image or DCL command procedure. With a directory file, the right1 to look up files for which you know the names. wwKz1 DELETE_ACCESS@ The right to delete the file. To delete a file, you must haveC delete access to the file and write access to the directory that contains the file. ww'rz1 CONTROL _ACCESS: The right to change file characteristics, including the protection code and ACL.> Special restrictions apply to changing the owner of a file.? Usually, you need privileges. However, if a file is owned by@ a general identifier, you can change the file owner under the following conditions:* o You have control access to the file.? o You hold the identifier currently owning the file and theD identifier intended to own the file, and both identifiers have the Resource attribute. ww'rz1 NONE_ACCESS NONE5 Indicates that no access is allowed to the object. ww'rz1 SUCCESS_ACCESS SUCCESSA Indicates that all successful attempts at accessing the object1 are to be logged by the security audit logger. ww'rz1 FAILED_ACCESS FAILUREC Indicates that all unsuccessful attempts at accessing the objectA are to be logged by the security audit logger. For example, ifB the auditing criteria is a failure to obtain write access to an+ object, specify the following Alarm ACE:) (ALARM=SECURITY, ACCESS=WRITE+FAILURE)  ww'rz1 STARTING_UP> The steps for adding an ACE to a file's ACL are as follows:D 1. If you are not already at the "(IDENTIFIER=" prompt, press theC INSERT key. The ACL editor responds by displaying the prompt.A 2. Enter the UIC (and any identifiers such as BATCH or REMOTE)D that identify to whom the ACE applies. Or, use the ITEM key to" select a different ACE type.D 3. Press the FIELD key to advance to the next portion of the ACE.@ 4. Press the ITEM key to select the desired option or access.B 5. Repeat steps 3 and 4 until you have selected all options andC access modes. Then, press the ENTER key to add the ACE to the file's ACL.D 6. Repeat steps 2 to 7 until you have added all ACEs. Then, press= Ctrl/Z to finish the editing session and return to DCL.9 To return to the keypad diagram, press the Return key. ww'rz 1 ACE_TYPES?You can use the ACL editor to edit the following types of ACEs:2 o Alarm ACE for security auditing of an object2 o Audit ACE for security auditing of an objectC o Creator ACE to set the ownership access for new files created in a directory= o Default Protection ACE to set a default protection code# through a directory structure. o Identifier ACE for object access control: o Subsystem ACE for protected subsystem access control ww'rz 1 ALARM_ACEB Specifies the access criteria that cause an alarm message to be+ sent to all security operator terminals.= ACL alarms are enabled by default; however, alarms are not= written to the system security audit log file. If you haveC existing files or resources protected by Alarm ACEs and you wantB messages to be recorded in the log file, replace the Alarm ACEs with Audit ACEs. FormatP (ALARM=SECURITY [,OPTIONS=attributes], ACCESS=access-type[+access-type...]) 2 Parameters options+ Specify any of the following attributes:> Default Indicates that an ACE is to be included in theA ACL of any files created within a directory. When> the entry is propagated, the Default attributeA is removed from the ACE of the created  file. This< attribute is valid for directory files only.A Hidden Indicates that this ACE should be changed only byA the application that adds it. Although the HiddenA attribute is valid for any ACE type, its intendedD use is to hide Application ACEs. To delete or modifyD a hidden ACE, you must use the SET SECURITY command.> Users need the SECURITY privilege to display a> hidd en ACE with the DCL commands SHOW SECURITYA or DIRECTORY/SECURITY. SECURITY privilege is alsoB required to modify or delete a hidden ACE with theA DCL command SET SECURITY. The ACL editor displaysA the ACE only to show its relative position withinA the ACL, not to facilitate editing of the ACE. ToB create a hidden ACE, an application can invoke the- $SET_SECURITY system service.C Protected Protects the ACE against casual deletion. Protected? ACEs can be deleted only in the following ways:* o By using the ACL editorD o By specifying the ACE explicitly when deleting itC Use the command SET SECURITY/ACL=(ace)/DELETE to- specify and delete an ACE.; o By deleting all ACEs, both protected and unprotectedA Use the command SET S ECURITY/ACL/DELETE=ALL to# delete all ACEs.D The following commands do not delete protected ACEs:* SET SECURITY/ACL/DELETE$ SET SECURITY/LIKE' SET SECURITY/DEFAULT: Nopropagate Indicates that the ACE cannot be copied byD operations that usually propagate ACEs. For example,D the ACE cannot be copied by the SET SECURITY/LIKE or. SET SECURITY/DEFAULT com mands.? None Indicates that no attributes apply to an entry.9 Although you can create an ACL entry with= OPTIONS=None, the attribute is not displayed.? Whenever you specify additional attributes with= the None attribute, the other attributes take? precedence. The None attribute is equivalent to# omitting the field. accessA Specify any access that is valid for the object class. See theA OpenVMS Guide to System Security for a listing of valid accessC types. For an Alarm ACE to have any effect, you must include the@ keywords SUCCESS, FAILURE, or both with the access types. ForB example, if the auditing criterion is a failure to obtain write8 access to an object, specify the following Alarm ACE:) (ALARM=SECURITY, ACCESS=WRITE+FAILURE) ww'rz 1 AUDIT_ACE? Specifies the access criteria that cause an audit message toA be written to the system security audit log file. A message isD recorded by default. A message is recorded only if ACL audits are; enabled with the DCL command SET AUDIT/AUDIT/ENABLE=ACL. FormatP (AUDIT=SECURITY [,OPTIONS=attributes], ACCESS=access-type[+access-type...]) 2 Parameters options+ Specify one of the following attributes:> Default Indicates that an ACE is to be included in theA ACL of any files created within a directory. Whe n> the entry is propagated, the Default attributeA is removed from the ACE of the created file. This< attribute is valid for directory files only.A Hidden Indicates that this ACE should be changed only byA the application that adds it. Although the HiddenA attribute is valid for any ACE type, its intendedD use is to hide Application ACEs. To delete or modifyD a hidden ACE, you must use the SET SECURITY command.> Users need the SECURITY privilege to display a> hidden ACE with the DCL commands SHOW SECURITYA or DIRECTORY/SECURITY. SECURITY privilege is alsoB required to modify or delete a hidden ACE with theA DCL command SET SECURITY. The ACL editor displaysA the ACE only to show its relative position withinA the ACL, not to facilitate editing of the ACE. ToB ! create a hidden ACE, an application can invoke the- $SET_SECURITY system service.C Protected Protects the ACE against casual deletion. Protected? ACEs can be deleted only in the following ways:* o By using the ACL editorD o By specifying the ACE explicitly when deleting itC Use the command SET SECURITY/ACL=(ace)/DELETE to- specify and delete an ACE.; " o By deleting all ACEs, both protected and unprotectedA Use the command SET SECURITY/ACL/DELETE=ALL to# delete all ACEs.D The following commands do not delete protected ACEs:* SET SECURITY/ACL/DELETE$ SET SECURITY/LIKE' SET SECURITY/DEFAULT: Nopropagate Indicates that the ACE cannot be copied byD operations that usually propagate ACEs. Fo #r example,D the ACE cannot be copied by the SET SECURITY/LIKE or. SET SECURITY/DEFAULT commands.? None Indicates that no attributes apply to an entry.9 Although you can create an ACL entry with= OPTIONS=None, the attribute is not displayed.? Whenever you specify additional attributes with= the None attribute, the other attributes take? precedence. The None attribute is equiva$lent to# omitting the field. accessA Specify any access that is valid for the object class. See theA OpenVMS Guide to System Security for a listing of valid accessC types. For an Audit ACE to have any effect, you must include the@ keywords SUCCESS, FAILURE, or both with the access types. ForB example, if the auditing criterion is a failure to obtain write8 access to an object, specify the following Audit ACE:( (AUDIT=SECURITY,ACCESS=WRITE+FAILURE)% ww'rz1 CREATOR_ACE= Adds an extra ACE to the ACL for a file created within theA directory to which you assign the Creator ACE. The Creator ACE4 applies only when the following conditions exist:D o The file being created is not owned by the user identification2 code (UIC) of the process creating the file.D o The process creating the file does not have system privileges.= For example, both of these conditions exist when a process; holding& a general identifier with the Resource attributeB creates a file in a directory owned by that identifier. In this@ situation, the system adds an extra ACE at the top of the newB file's ACL. If there is a Creator ACE in the ACL for the parent? directory, the system propagates the access specified in theB Creator ACE to the new ACE. If a directory lacks a Creator ACE,@ the system assigns an extra ACE with a combination of control> access and ownership access. A Creator ACE with A'CCESS=NONE, suppresses the addition of the extra ACE.3 The Creator ACE applies to directory files only.A See the OpenVMS Guide to System Security for more information. Format1 (CREATOR [,OPTIONS=attribute[+attribute...]]* ,ACCESS=access-type[+access-type...]) 2 Parameters options+ Specify any of the following attributes:C Protected Protects the ACE against casual deletion. Protected? ACEs can be deleted only in the fo(llowing ways:* o By using the ACL editorD o By specifying the ACE explicitly when deleting itC Use the command SET SECURITY/ACL=(ace)/DELETE to- specify and delete an ACE.; o By deleting all ACEs, both protected and unprotectedA Use the command SET SECURITY/ACL/DELETE=ALL to# delete all ACEs.D The following commands do not )delete protected ACEs:* SET SECURITY/ACL/DELETE$ SET SECURITY/LIKE' SET SECURITY/DEFAULT: Nopropagate Indicates that the ACE cannot be copied byD operations that usually propagate ACEs. For example,D the ACE cannot be copied by the SET SECURITY/LIKE or. SET SECURITY/DEFAULT commands.? None Indicates that no attributes apply to an entry.9 Although you can create *an ACL entry with= OPTIONS=None, the attribute is not displayed.? Whenever you specify additional attributes with= the None attribute, the other attributes take? precedence. The None attribute is equivalent to# omitting the field. access> Specify access types that are valid for files (read, write,! execute, delete, and control). ww7z1 DEF_PROT_ACE? Defines a UIC-based p +rotection to be propagated to new files> throughout a directory tree. The protection code in the ACEA is assigned to new files created in the directory. The Default2 Protection ACE applies to directory files only.? Although the system propagates the Default Protection ACE toA new subdirectories, the protection code is not assigned to theA subdirectories. Instead, the subdirectories receive a modifiedA copy of the parent directory's protection code in which delete acces,s is not granted.8 An example of a Default Protection ACE is as follows:) (DEFAULT_PROTECTION,S:RWED,O:RWED,G,W)B The ACE grants read, write, execute, and delete access to usersD in the system (S) and owner (O) categories but no access to usersC in the group and world categories. For more information, see the$ OpenVMS Guide to System Security. FormatC (DEFAULT_PROTECTION[,OPTIONS=attribute[+attribute...]],access) 2 Parameters options+ Spe -cify any of the following attributes:A Hidden Indicates that this ACE should be changed only byA the application that adds it. Although the HiddenA attribute is valid for any ACE type, its intendedD use is to hide Application ACEs. To delete or modifyD a hidden ACE, you must use the SET SECURITY command.> Users need the SECURITY privilege to display a> hidden ACE with the DCL commands SHOW .SECURITYA or DIRECTORY/SECURITY. SECURITY privilege is alsoB required to modify or delete a hidden ACE with theA DCL command SET SECURITY. The ACL editor displaysA the ACE only to show its relative position withinA the ACL, not to facilitate editing of the ACE. ToB create a hidden ACE, an application can invoke the- $SET_SECURITY system service.C Protected Protects the ACE against/ casual deletion. Protected? ACEs can be deleted only in the following ways:* o By using the ACL editorD o By specifying the ACE explicitly when deleting itC Use the command SET SECURITY/ACL=(ace)/DELETE to- specify and delete an ACE.; o By deleting all ACEs, both protected and unprotectedA Use the command SET SECURITY/ACL/DELETE=ALL to# 0 delete all ACEs.D The following commands do not delete protected ACEs:* SET SECURITY/ACL/DELETE$ SET SECURITY/LIKE' SET SECURITY/DEFAULT: Nopropagate Indicates that the ACE cannot be copied byD operations that usually propagate ACEs. For example,D the ACE cannot be copied by the SET SECURITY/LIKE or. SET SECURITY/DEFAULT commands.? None Indicates 1that no attributes apply to an entry.9 Although you can create an ACL entry with= OPTIONS=None, the attribute is not displayed.? Whenever you specify additional attributes with= the None attribute, the other attributes take? precedence. The None attribute is equivalent to# omitting the field. access? Specify access in the format of a UIC-based protection code, which is as follows: 21 [category: list of access allowed (, category: list of access allowed,...)]@ o User categories include system (S), owner (O), group (G),> and world (W). See the OpenVMS Guide to System SecurityB for a definition of these categories. Access types for filesA include read (R), write (W), execute (E), and delete (D).C The access type is assigned to each ownership category and is7 separated from its access types with a colon (:).D o A null acces3s list means no access, so when you omit an accessD type for a user category, that category of user is denied thatD type of access. To deny all access to a user category, specify@ the user category without any access types. Omit the colonC after the user category when you deny access to a category of users.? o When you omit a user category from a protection code, the? current access allowed that category of user is set to no access. ww 47z1 IDENTIFIER_ACED Controls the type of access allowed to a particular user or group; of users. An example of an Identifier ACE is as follows:' (IDENTIFIER=SALES,ACCESS=READ+WRITE)@ A system manager can use the Authorize utility (AUTHORIZE) toD grant the SALES identifier to a specific group of users. Read andB write access to the file INVENTORY.DAT is then granted to users! who hold the SALES identifier.B For more information, see the OpenVMS Guide to 5System Security. Format+ (IDENTIFIER=identifier[+identifier...]* [,OPTIONS=attributes[+attributes...]]* ,ACCESS=access-type[+access-type...]) 2 Parameters identifier@ Specifies a user or groups of users whose access to an object= is defined in the ACE. A system manager creates or removes; identifiers and assigns users to hold these identifiers.' Types of identifiers are as follows:B UIC Identifiers in alphanumeric format th 6at are basedA on the user identification codes (UICs) and thatA uniquely identify each user on the system. UsersB with accounts on the system automatically receiveA a UIC identifier, for example, [GROUP1,JONES] or? [JONES]. Thus, each UIC identifier specifies a! particular user.B General Identifiers defined by the security administratorB in the rights list to identify gr 7oups of users onD the system. A general identifier is an alphanumericB string of 1 to 31 characters, containing at least= one alphabetic character. It can include theD letters A to Z, dollar signs ($), underscores (_),? and the numbers 0 to 9, for example, 92SALES$,* ACCOUNT_3, or PUBLISHING.@ Environmental Identifiers describing different types of users> based on their initial 8entry into the system.B Environmental identifiers are also called system-? defined identifiers. Environmental identifiersC correspond directly to the login classes described> in the OpenVMS Guide to System Security. TheyD include batch, network, interactive, local, dialup, and remote.B For more information, see the OpenVMS Guide to System Security. options+ Specify any of the foll 9owing attributes:> Default Indicates that an ACE is to be included in theA ACL of any files created within a directory. When> the entry is propagated, the Default attributeA is removed from the ACE of the created file. This< attribute is valid for directory files only.< Note that an Identifier ACE with the Default2 attribute has no effect on access.A Hidden Indicates that this ACE sh :ould be changed only byA the application that adds it. Although the HiddenA attribute is valid for any ACE type, its intendedD use is to hide Application ACEs. To delete or modifyD a hidden ACE, you must use the SET SECURITY command.> Users need the SECURITY privilege to display a> hidden ACE with the DCL commands SHOW SECURITYA or DIRECTORY/SECURITY. SECURITY privilege is alsoB ; required to modify or delete a hidden ACE with theA DCL command SET SECURITY. The ACL editor displaysA the ACE only to show its relative position withinA the ACL, not to facilitate editing of the ACE. ToB create a hidden ACE, an application can invoke the- $SET_SECURITY system service.C Protected Protects the ACE against casual deletion. Protected? ACEs can be deleted only in the follow<ing ways:* o By using the ACL editorD o By specifying the ACE explicitly when deleting itC Use the command SET SECURITY/ACL=(ace)/DELETE to- specify and delete an ACE.; o By deleting all ACEs, both protected and unprotectedA Use the command SET SECURITY/ACL/DELETE=ALL to# delete all ACEs.D The following commands do not dele =te protected ACEs:* SET SECURITY/ACL/DELETE$ SET SECURITY/LIKE' SET SECURITY/DEFAULT: Nopropagate Indicates that the ACE cannot be copied byD operations that usually propagate ACEs. For example,D the ACE cannot be copied by the SET SECURITY/LIKE or. SET SECURITY/DEFAULT commands.? None Indicates that no attributes apply to an entry.9 Although you can create an A>CL entry with= OPTIONS=None, the attribute is not displayed.? Whenever you specify additional attributes with= the None attribute, the other attributes take? precedence. The None attribute is equivalent to# omitting the field. accessD Specify access types that are valid for the object class. See theA OpenVMS Guide to System Security for a listing of valid access types. wwGz?1 SUBSYSTEM_ACEA Grants additional identifiers to a process while it is runningC the image to which the Subsystem ACE applies. Users with executeC access to the image can access objects that are in the protectedA subsystem, such as data files and printers, but only when theyD run the subsystem images. The Subsystem ACE applies to executable images only./ An example of a Subsystem ACE is as follows:% (SUBSYSTEM, IDENTIFIER=ACCOUNTING) FormatH (SU@BSYSTEM,[OPTIONS=attribute[+attribute...],]IDENTIFIER=identifierC [,ATTRIBUTES=attribute[+attribute...]] [,IDENTIFIER=identifier1 [,ATTRIBUTES=attribute[+attribute...]],...]) 2 Parameters options+ Specify any of the following attributes:C Protected Protects the ACE against casual deletion. Protected? ACEs can be deleted only in the following ways:* o By using the ACL editorD o By specifying the ACE eAxplicitly when deleting itC Use the command SET SECURITY/ACL=(ace)/DELETE to- specify and delete an ACE.; o By deleting all ACEs, both protected and unprotectedA Use the command SET SECURITY/ACL/DELETE=ALL to# delete all ACEs.D The following commands do not delete protected ACEs:* SET SECURITY/ACL/DELETE$ SET SECURITY/LIKE B' SET SECURITY/DEFAULT: Nopropagate Indicates that the ACE cannot be copied byD operations that usually propagate ACEs. For example,D the ACE cannot be copied by the SET SECURITY/LIKE or. SET SECURITY/DEFAULT commands.? None Indicates that no attributes apply to an entry.9 Although you can create an ACL entry with= OPTIONS=None, the attribute is not displayed.? Whenev Cer you specify additional attributes with= the None attribute, the other attributes take? precedence. The None attribute is equivalent to# omitting the field. identifierC A general identifier specifying the users or groups of users whoC are allowed or denied access to an object. It is an alphanumeric= string of 1 through 31 characters, containing at least oneB alphabetic character. It can include the letters A to Z, dollar@ D signs ($), underscores (_), and the numbers 0 to 9. For more9 information, see the OpenVMS Guide to System Security.? A Subsystem ACE can have multiple pairs of identifiers, withD special attributes assigned to the identifiers. A subsystem might= require several identifiers to work properly. For example:T(SUBSYSTEM,IDENTIFIER=MAIL_SUBSYSTEM,ATTRIBUTE=NONE,IDENTIFIER=BLDG5,ATTRIBUTE=NONE) attribute: The identifier characteristics you specify when you add@ identifieErs to the rights list or grant identifiers to users.+ You can specify the following attribute:A Resource Allows holders of the identifier to charge disk= space to the identifier. Used only for file objects.wwGz1 KEYPAD_COMMANDSB By default, the access control list editor (ACL editor) promptsB you for each access control entry (ACE) and provides values forD some of the fields within an ACE. You can navigate the FACE fields4 by using keypad commands, such as FIELD and ITEM. wwGz 1 RUBOUT_KEY Delete Key3 Deletes the character to the left of the cursor. wwGz 1 KP0_KEY OVER ACE (KP0)< Moves the cursor to the beginning of the next ACE (if theC direction is set to ADVANCE) or to the beginning of the previous+ ACE (if the direction is set to BACKUP). INSERT (GOLD-KP0)@ Moves all text from the current line down one line,G leaving a- blank line where an ACE is to be inserted. wwGz1 KPERIOD_KEY ITEM (period key)> Selects the next item for the current ACE field. If the ACL5 editor is not in prompt mode, this key is ignored. wwGz 1 KP1_KEY WORD (KP1)@ Moves the cursor one word forward (if the direction is set to< ADVANCE) or backward (if the direction is set to BACKUP). wwGz 1 KP2_KEY EOL (KP2)3 Moves tHhe cursor to the end of the current line. DELETE EOL (GOLD-KP2)B Deletes text from the current cursor position to the end of the0 line and stores it in the delete-line buffer. wwGz 1 ENTER_KEY Enter= Indicates that the current ACE is complete. The ACL editor? terminates the insertion and verifies that the syntax of theC ACE is complete. You can press the Enter key while the cursor isC located at any position within the ACE. (Pressing the RIeturn key produces the same results.) wwGz 1 KP4_KEY ADVANCE (KP4)@ Sets the current direction forward for the FIND, FNDNXT, MOVEB SCREEN, OVER ACE, and WORD commands. Movement is toward the end of the ACL. BOTTOM (GOLD-KP4)@ Positions the cursor after the last line of the last ACE. Any4 entries you add are placed at the end of the ACL. wwGz 1 KP5_KEY BACKUP (KP5)D Reverses the current direction for the JFIND, FNDNXT, MOVE SCREEN,C OVER ACE, and WORD keys. Movement is toward the beginning of the ACL. TOP (GOLD-KP5)D Moves the cursor position to the first character of the first ACE in the access control list. wwGz1 KPCOMMA_KEY DEL C (,)> Deletes the character on which the cursor is positioned and, stores it in the delete character buffer. UND C (GOLD-comma)B Inserts the contents of the delete character buffer directly in fKront of the cursor. wwGz 1 KP7_KEY FIELD (KP7)> Completes the current ACE field and moves the cursor to the? next ACE field or subfield, inserting text as needed. If theC ACL editor is not in prompt mode, the ACL editor advances to the! next field in the current ACE. ADV FIELD (GOLD-KP7)C Completes the current ACE field and moves the cursor to the next ACE field. wwWz 1 KP8_KEY MOVE SCREEN (KP8)D MovLes the cursor one screen in the current direction (see ADVANCED or BACKUP). A screen is defined as two-thirds the number of lines in the display. wwWz1 KPMINUS_KEY DEL W (-); Deletes the text from the current cursor position to the> beginning of the next word and stores it in the delete-word buffer. UND W (GOLD-minus)C Inserts the contents of the delete-word buffer directly in front of the cursor. wwWz 1 PMF1_KEY GOLD (PF1)? When pressed before another keypad key, specifies the second> key's alternate function (the bottom function on the keypad diagram). wwWz 1 PF2_KEY HELP (PF2)7 Displays information about using the editing keypad. HELP FMT (GOLD-PF2)* Displays information about ACE formats. wwWz 1 PF3_KEY FNDNXT (PF3)C Searches for the next occurrence of the search string previously entered by Nthe FIND key. FIND (GOLD-PF3)A Searches for an occurrence of a string. Press the FIND key andD then enter the string from the main keyboard. Press the ENTER keyD to search for the string in the current direction, or the ADVANCE0 or BACKUP key to change the search direction. wwWz 1 PF4_KEY DEL ACE (PF4)? Deletes the entire ACE in which the cursor is positioned and& stores it in the delete-ACE buffer. UND ACE (GOLD-PF4)D Inserts tOhe contents of the delete-ACE buffer in front of the ACE/ in which the cursor is currently positioned. wwWz 1 UP_ARROW Up Arrow? Moves the cursor to the character directly in line above it.? If the ACE in which the cursor is positioned is new, the ACLB editor processes the ACE before moving the cursor. If the entryB is incomplete or formatted incorrectly, an error occurs and the cursor does not move. wwWz 1 DOWN_ARROWP Down Arrow? Moves the cursor to the character directly in line below it.? If the ACE in which the cursor is positioned is new, the ACLB editor processes the ACE before moving the cursor. If the entryB is incomplete or formatted incorrectly, an error occurs and the cursor does not move. wwWz 1 LEFT_ARROW Left ArrowB Moves the cursor one character to the left. If the cursor is atC the left margin, moves it to the rightmost character in tQhe line above. SHIFT LEFT (GOLD-left arrow)B Shifts the text in the display window 8 characters to the left. wwWz1 RIGHT_ARROW Right Arrow: Positions the cursor to the next character in the line.! SHIFT RIGHT (GOLD-right arrow)@ Shifts the text in the display window eight characters to the right. wwWz 1 CTRLA_KEY INSERT/OVERSTRIKE (Ctrl/A)B Changes the current mode from insert mode to overstrikeR mode orA from overstrike mode to insert mode. Insert mode (the default)< inserts a character to the left of the current character.2 Overstrike mode replaces the current character. wwWz 1 CTRLD_KEY TPU COMMAND (Ctrl/D)) Allows you to execute one TPU command. wwWz 1 CTRLH_KEY* BEGINNING OF LINE (Ctrl/H or backspace)D Moves the cursor to the beginning of the line. (Performs the same" function as the backspace key.) SwwWz 1 CTRLJ_KEY3 DELETE TO BEGINNING OF WORD (Ctrl/J or linefeed)@ Deletes the text from the cursor back to the beginning of the: word. (Performs the same function as the linefeed key.) wwWz 1 CTRLR_KEY REFRESH (Ctrl/R)? Refreshes the screen display. Clears and redraws the screen,A deleting any extraneous characters or messages that might have= appeared on the screen but are not part of the ACL you are3 editing. (PerTforms the same function as Ctrl/W.) RESET (GOLD-Ctrl/R)B Returns the ACL to its original state before the ACL editor was8 invoked. (Performs the same function as GOLD Ctrl/W.) wwWz 1 CTRLU_KEY' DELETE TO BEGINNING OF LINE (Ctrl/U)A Deletes the text from the cursor to the beginning of the line. UNDELETE LINE (GOLD-Ctrl/U)C Inserts the contents of the deleted line buffer into the line at; the current position. The line might wrap automatUically. wwWz 1 CTRLW_KEY REFRESH (Ctrl/W)? Refreshes the screen display. Clears and redraws the screen,A deleting any extraneous characters or messages that might have= appeared on the screen but are not part of the ACL you are3 editing. (Performs the same function as Ctrl/R.) RESET (Gold-Ctrl/W)B Returns the ACL to its original state before the ACL editor was8 invoked. (Performs the same function as GOLD-Ctrl/R.) wwWVz 1 CTRLZ_KEY EXIT (Ctrl/Z)B Ends the editing session and updates the ACL. (Unless otherwise: specified, any recovery and journal files are deleted.) QUIT (GOLD-Ctrl/Z)= Ends (quits) the editing session without saving any of the< changes made to the ACL. (Unless otherwise specified, any+ recovery and journal files are deleted.) wwWz 1 E1_KEY Find (E1)? Elicits the Search for: prompt as the first step in the FIND< operationW. Type the search string after the prompt; then,B press either the Do key or the Enter key to process the search.9 Performs the same function as the FIND keypad command. wwWz 1 E2_KEY Insert Here (E2)C Indicates where an ACE is to be inserted, or, if support for theA PASTE buffer is enabled, indicates the line where the selected. text in the PASTE buffer is to be inserted. wwgz 1 E3_KEY Remove (E3)? Removes the sXelected text to the PASTE buffer. Each time you< press the Remove key, the ACL editor deletes the previous contents of the PASTE buffer. COPY (GOLD-Remove or GOLD-E3)B Copies the selected text to the PASTE buffer. Each time you useD the COPY command, the ACL editor deletes the previous contents of the PASTE buffer. wwgz 1 E4_KEY Select (E4)D Marks the beginning of a range of text to be removed or copied toC the PASTE buffer. Press the SYelect key. Then, move the cursor toD include the desired amount of text to be removed or copied. PressA either Remove or GOLD-Remove (COPY) to complete the operation. wwgz 1 E5_KEY Prev (Previous Screen or E5)C Moves the cursor to the previous screen. By default, a screen is< defined as two-thirds the number of lines in the display. wwgz 1 E6_KEY Next (Next Screen or E6)? Moves the cursor one screen forward. By defZault, a screen is< defined as two-thirds the number of lines in the display. wwgz 1 F10_KEY EXIT (F10 or EXIT)? Ends the editing session and deletes the recover and journal files. QUIT (GOLD-F10 or EXIT)B Ends the editing session without saving any of the changes made> to the object's ACL. Also, deletes the recovery and journal files. wwgz 1 F12_KEY' BEGINNING OF LINE (F12 or backspace)9 Moves the cur[sor to the beginning of the current line. wwgz 1 F13_KEY0 DELETE TO BEGINNING OF WORD (F13 or linefeed)C Deletes all characters from the cursor position to the beginningD of the word containing the cursor. All the characters deleted are$ stored in the delete word buffer. wwgz 1 F15_KEY HELP (F15 or HELP)' Displays help on the editing keypad. HELP FMT (GOLD-F15 or HELP)B Displays help on the ACE. (You can also g\et help on ACE formats; by pressing the HELP key and then pressing the Tab key.) wwgz 1 F16_KEY DO KeyD Indicates that the current ACE is complete and ready for parsing.@ This terminates an insertion. You can press the Do key at any position within the ACE.wwgz1 VT200T)0lqqqqqqqqwqqqqqqqqwqqqqqqqqk lqqqqqqqqwqqqqqqqqwqqqqqqqqwqqqqqqqqk^x (E1) x (E2) x (E3) x x (PF1) x (PF2) x (PF]3) x (PF4) xex Find x Insert x Remove x x Gold x Help x Fndnxt x Del ACEx{x x x Copy x x xHelp Fmtx Find x Und ACExPtqqqqqqqqnqqqqqqqqnqqqqqqqqu tqqqqqqqqnqqqqqqqqnqqqqqqqqnqqqqqqqquVx (E4) x (E5) x (E6) x x (7) x (8) x (9) x (-) x\x Select x Prev x Next x x Field x Move x x Del ^W xhx x Screen x Screen x xAdvFieldx Screen x x Und W xPmqqqqqqqqnqqqqqqqqnqqqqqqqqj tqqqqqqqqnqqqqqqqqnqqqqqqqqnqqqqqqqquR x ^ x x x Word x Eol x x x_x Left x v x Right x x x Del Eolx x xRmqqqqqqqqqqqqqqqqqvqqqqqqqqj tqqqqqqqqvqqqqqqqqnqqqqqqqqu Enter xRCTRL/A Insert/Overstrike mode x (0) x (.) x xVCTRL/U ` Delete to BOL x Over ACE x Item x x[CTRL/W Refresh screen x Insert x x xSCTRL/Z Exit the ACL editor mqqqqqqqqqqqqqqqqqvqqqqqqqqvqqqqqqqqj^Press ? for help on getting started. Press a key for help on that key.cTo exit, press the spacebar. Press tab key for help on ACE format.wwgz1 VT100Z)0lqqqqqaqqqwqqqqqqqqwqqqqqqqqwqqqqqqqqk lqqqqqqqqwqqqqqqqqwqqqqqqqqwqqqqqqqqkZx ^ x Down x x x x (PF1) x (PF2) x (PF3) x (PF4) x_x x x x x x x Gold x Help x Fndnxt x Del ACExvx x x x x Left x Right x x xHelp Fmtx Find x Und ACExTx Up x v x x x tqqqqqqqqnqqqqqqqqnqqqqqqqqnqqqqqqqquPmqqqqqqqqvqqqqqqqqvqqqqqqqqvqqqqqqbqqj x (7) x (8) x (9) x (-) xV x Field x Move x x Del W xd xAdvFieldx Screen x x Und W xRDelete Rubout character tqqqqqqqqnqqqqqqqqnqqqqqqqqnqqqqqqqquRLinefeed Rubout word x (4) x (5) x (6) x (,) xXBackspace Backup to BOL x Advancex Backup x x Del C xk c x Bottom x Top x x Und C xRCTRL/A Insert/Overstrike mode tqqqqqqqqnqqqqqqqqnqqqqqqqqnqqqqqqqquRCTRL/U Delete to BOL x (1) x (2) x (3) x xVCTRL/W Refresh screen x Word x Eol x x x[CTRL/Z Exit the ACL editor x x Del Eolx x xR tqqqqqqqqvqqqdqqqqqnqqqqqqqqu Enter xP x (0) x (.) x xT x Over ACE x Item x xY x Insert x x xQ mqqqqqqqqqqqqqqqqqvqqqqqqqqvqqqqqqqqj^Press ? for help on getting started. Press a key for help on that key.cTo exit, press the spacebar.[ em Press tab key for help on ACE format.wwgz1 VT52P +--------+--------+--------+--------+P | (Blue) | (Red) | (Gray) | ^ |P | Gold | Help | Del ACE| | |P | |Help Fmt| Und ACE| Up |P +--------+--------+--------+--------+fP | (7) | (8) | (9) | | |P | Field | Fndnxt | Del W | v |Y |AdvField| | Find | Und W | Down |PDelete Rubout character +--------+--------+--------+--------+PLinefeed Rubout word | (4) | (5) | (6) | ----> |PBackspace Backup to BOL | Advance| Backup | Del C | Right |P g | Bottom | Top | Und C | |PCTRL/A Insert/Overstrike mode +--------+--------+--------+--------+PCTRL/U Delete to BOL | (1) | (2) | (3) | <--- |PCTRL/W Refresh screen | Word | Eol | | Left |PCTRL/Z Exit the ACL editor | | Del Eol| | |P +--------+--------+--------+--------|PPress ? for help on getting started. | (0) | (.) | |PPress a key for help on that key. | Over ACE | Item | Enter |PPress the tab key for help on ACE format. | Insert | | |PTo exit, press the spacebar. +-----------------+--------+--------+ww