For the most part, the OpenVMS operating system
bases its security controls on user identity. Protected objects, such
as files and devices, are accessible to individual users or groups
of users. If an object's ACL or protection code allows a user
the necessary access, then the user can use that object by using any
available software. (See the “Protecting Data” chapter for a description of OpenVMS
In a protected subsystem, an application protected
by normal access controls serves as a gatekeeper to objects belonging
to the subsystem. Users have no access to the subsystem's objects
unless they execute the application serving as gatekeeper. Once users
run the application, their process rights list acquires identifiers
giving them access to objects owned by the subsystem. As soon as they
exit from the application, these identifiers and, therefore, the users'
access rights to objects are taken away.
This chapter describes protected subsystems and
explains how to build them.