Manualshelf

HP System Dictionary/XL General Reference Manual Vol 1 (32256-90004)

ManualsBrandsHP ManualsSoftwareMPE/iX 7.5 Operating System
41424344454647484950
5- 49
Access Rights.
The access rights of a scope to a domain are determined by whether the scope owns the domain or is just
associated with it. Association and ownership are discussed below.
DOMAIN OWNERSHIP
When a scope owns a domain, it has all rights to that domain, and can therefore modify it, transfer its
ownership to another scope, or even delete it. It can also allow another scope access to the domain by
associating the domain with that scope. Note that the DA scope always has all rights to all domains.
The security of a domain applies indirectly to all versions within that domain. Although the version itself
does not have security, the current scope must have access to the domain containing the version it is trying
to access.
DOMAIN/SCOPE ASSOCIATION
An association between a domain and a scope is an explicit access capability granted to that scope by the
owner scope of that domain. However, even though a scope has access to a given domain, it cannot do
operations within that domain (create, access, or delete occurrences, for example) unless it also has the
necessary scope rights for those operations.
A scope can delete domain associations it has created from any domain/scope association. It can also delete
domain/scope associations from itself.
Sensitivity.
The security of a domain is actually set by its Sensitivity. Domain sensitivity is set to one of two values
when you create a domain, and can be changed only by its owner scope or the DA scope. The two values
are:
1 1. = Private sensitivity: Only the DA scope or the scope that owns the domain is allowed access to
it, unless the DA scope or owner scope assigns access to other scopes through domain/scope asso-
ciations.
2 2. = Public sensitivity: Any scope may access the domain.
When using the intrinsics to create a domain, you must specify the sensitivity of that domain, as no default
exists except when using SDMAIN. Note that the sensitivity of a domain should be carefully determined.
If you change the sensitivity from public to private, all scopes that previously had access to this domain
will no longer have access, unless that domain is explicitly associated with them.
NOTE The sensitivity of the common domain is set to public, and cannot be modified.
Domain Restrictions
System Dictionary provides the following security for domains.
Only the DA scope or a scope with domain capability is allowed to create new domains.
When a scope creates a new domain, it becomes the owner of that domain.
Only the DA scope or the owner scope can delete or rename a domain or change its owner scope.
Version Restrictions
System Dictionary provides the following security for versions: