Path: utzoo!utgpu!attcan!uunet!lll-winken!lll-tis!ames!nrl-cmf!cmcl2!rutgers!bellcore!faline!thumper!ulysses!ucbvax!GRIN1.BITNET!MCGUIRE
From: MCGUIRE@GRIN1.BITNET ("The Sysco Kid ", McGuire,Ed)
Newsgroups: comp.os.vms
Subject: ACL behavior
Message-ID: <8807270825.AA02680@ucbvax.berkeley.edu>
Date: 20 Jul 88 22:27:53 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 23

> Date: Thursday, July 14, 1988 at 8:24 am pdt
> From: PLS REPLY TO TENCATI@GPVAX.JPL.NASA.GOV <tencati@VLSI.JPL.NASA.GOV>
> Subj: ACL behavior
>
> Can anyone confirm or deny the rumor that "Access=None" does not mean
> "DENY access"?

In general, ACCESS=NONE denies access.  There are a few exceptions.

ACCESS=NONE is ignored and the protection code is checked instead, if the
requester is in one or more of the following categories.

 -  owns the object
 -  is in the same group as the object's owner and has GRPPRV privilege
 -  has SYSPRV privilege
 -  has a system UIC

BYPASS (or READALL for a read-only request) grants access regardless of ACL or
protection code.

See the flowchart on p. 4-45--4-48 of the Guide to VAX/VMS System Security,
July 1985.

Ed