An operator can use the MP (Mark Program) system command to assign any of several options to an object code file. Some of these options confer special types of security status on a process, and these options are the following:

The MP system command also can be used to mark an object code file with granulated privileges when the PU option is undesirable. Each granulated privilege is a subset of privileged status. Available granulated privileges are CHANGE, CHANGESEC, CREATEFILE, EXECUTE, GETSTATUS, GSDIRECTORY, IDC, LOCALCOPY, LOGINSTALL, LOGOTHERS, READ, REMOVE, SETSTATUS, SYSTEMUSER, UNWRAPRESTRICT, USERDATA, and WRITE. Their effects are described under Privileged Status later in this section.

When an object code file is initiated, the resulting process receives the privileges that were assigned to the object code file. The process can make some of the procedures in the object code file available to other processes by initiating an internal procedure, by initiating a process and passing a procedure parameter, or by becoming a library and exporting procedures. Any of these processes temporarily assumes the privileges assigned to the object code file while it is executing procedures from the object code file.

The following subsections explain how these privileges are propagated to processes from object code files.

Transparent Object Code File Privileges

Most of the options available through the MP (Mark Program) system command have only two states: set or reset. However, the MP command enables you to specify a third state for the PU, SECADMIN, TASKING, and granulated privilege options. This third state is called transparent. The following lists the MP commands and the security categories they assign.

Each option can be in only one state at a time: enabled, disabled, or transparent. However, the four options (PU, SECADMIN, SYSADMIN, and TASKING) do not have to be in the same state. The following command assigns privileged status and security administrator transparent status, and removes tasking status:

MP <file title> + PU, + SECADMIN TRANSPARENT, - TASKING

Setting any granulated privilege option disables the PU option. Setting the PU option disables all granulated privilege options. The USERDATA and IDC options are mutually exclusive of the SECADMIN TRANSPARENT option, and the SECADMIN option is mutually exclusive of the USERDATA TRANSPARENT and IDC TRANSPARENT options. The GETSTATUS and SETSTATUS options are mutually exclusive of the SYSTEMUSER TRANSPARENT option, and the SYSTEMUSER option is mutually exclusive of the GETSTATUS TRANSPARENT and SETSTATUS TRANSPARENT options.

The concept of transparent status is intended primarily for libraries, to enable the actions of a library to be applied with the status of the user program that invokes the library. If a procedure resides in an object code file that has one of these options in the transparent state, then

For example, if a privileged program initiates a procedure in a privileged transparent library, the procedure is executed as nonprivileged. However, if the privileged program enters the same procedure instead of initiating it, the procedure is executed as privileged.

For information about how privileged transparent status applies to file access rights, refer to Using Shared Files.

Delayed Effects of Object Code File Privileges

When you mark an object code file with special privileges, these privileges do not affect any processes that are already running. The privileges take effect the next time you initiate the object code file.

Copying Privileged Object Code Files

If you copy an object code file marked with privileged, security administrator, or compiler status, the copy retains the same privileges as the original. However, the system administrator can limit the ability to copy or execute such object code files by using the RESTRICT (Set Restrictions) system command. For details, refer to the discussion of the RESTRICT command in the Security Operations Guide.