A privileged process has the capabilities of a nonprivileged process, as well as the ability to:
-
Access physical files stored under other usercodes, regardless of the SECURITYTYPE, SECURITYUSE, SECURITYGUARD, and SECURITYMODE file attribute values. Note that logical access to a database guarded by a guardfile is not affected by privileged status.
-
Use the following WFL statements on files regardless of their usercode:
ADD
COPY
RUN
ALTER
MODIFY
RESTORE
ARCHIVE
MOVE
RESTOREADD
CATALOG
PRINT
SECURITY
CHANGE
REMOVE
START
-
Use the following WFL statements:
VOLUME ADD
VOLUME DELETE
VOLUME DESTROYED
VOLUME OFFSITE
VOLUME ONSITE
-
Create files stored under other usercodes and to create nonusercoded files.
-
Set the value of the USERCODE task attribute to a null string.
-
Set the GROUP file attribute to any group code, not just the group codes specified by the GROUPCODE task attribute or the SUPPLEMENTARYGRPS task attribute.
-
Survive most task attribute access errors.
-
Use the MAKEUSER utility to change selected usercode attributes. A privileged process can change attributes of any usercode. However, the process can change only those attributes marked with a status of PU by a PRIVILEGES segment in the USERDATAFILE.
Privileged status also grants several other capabilities on systems where the Security Services for ClearPath MCP security administrator feature is not enabled. On systems where the security administrator feature is enabled, these capabilities are wholly or partially reserved for processes with security administrator status. (Refer to Security Administrator Status later in this section.) The following are the capabilities:
-
The ability to access certain system interfaces, including the DCKEYIN, GETSTATUS, and SETSTATUS functions in DCALGOL.
-
The ability to create, modify, and delete usercode definitions in the USERDATAFILE.
Note that the following types of file access are not granted by privileged status: the ability to remove or change the titles of most system files and the ability to write to object code files. Further security restrictions can apply if the privileged process accesses the file through a shared logical file, as discussed in Using Shared Files.
A process is automatically considered privileged if it is running under a privileged usercode. The usercode of a process is stored in the USERCODE task attribute. An operator can assign privileged status to a usercode by running the MAKEUSER utility or using the MU (Make User) system command. A usercode can also be assigned privileged status by a program that uses the USERDATA function in ALGOL, DCALGOL, or NEWP. For further information about these features, refer to the Security Operations Guide.
A process usually inherits the usercode of the session or process that initiated it. A different usercode can be assigned by task attribute assignment, use of the USERDATA function, or use of the WFL USER statement. However, in each of these cases, the statement that assigns the usercode must also specify a password, which is checked for validity. Only processes with special privileges can assign a usercode without specifying a password. Message control systems (MCSs) and processes with tasking status use this feature when assigning a usercode to a process initiated by a session.
If a process is not running under a privileged usercode, then the ability of a process to perform a privileged action is determined by the privilege status of the object code file that contains the request.
A process can execute code from several different object code files. This is the case if the process has entered either a library procedure or a passed external procedure. (For an introduction to external procedures, refer to Understanding Basic Tasking Concepts.) The various object code files might not have the same privilege status. The current privilege status for the process is determined by the privilege status of the object code file containing the procedure that was most recently entered. This procedure contains the code that is currently being executed. For further details about this concept, refer to Object Code File earlier in this section.
Note that a privileged program has no special privileges when accessing files on a remote host. For example, suppose a process sets the HOSTNAME attribute of a file to specify a remote host, and then attempts to open that file. This action is executed with privilege on the remote host only if the process usercode is privileged on that host.
