The Question is:
I have an application that makes use of LIB$SPAWN to provide access to DCL from
within the application. I have the need to disable LIB$SPAWN access for a
certain group of users. We don't have direct access to change the application
code. Is there a way I
can disable LIB$SPAWN calls for a specific user or group of users so that they
can still run the application, but without the DCL access via LIB$SPAWN?
The Answer is :
Please review the CAPTIVE and RESTRICTED flags available within
the authorization database; please review the OpenVMS system
security manual and associated material.
Also look at the SPAWN/TRUSTED qualifier, and at the associated
trusted lib$spawn flag.
Information on creating captive DCL command procedures is also
available within the Digital Press Writing Real Programs in DCL
book, and in various other available documentation.