Privileges

ACNT

may suppress accounting messages

ALLSPOOL

may allocate spooled device

ALTPRI

may set any priority value

AUDIT

may direct audit to system security audit log

BUGCHK

may make bug check log entries

BYPASS

may bypass all object access controls

CMEXEC

may change mode to exec

CMKRNL

may change mode to kernel

DIAGNOSE

may diagnose devices

DOWNGRADE

may downgrade object secrecy

EXQUOTA

may exceed disk quota

GROUP

may affect other processes in same group

GRPNAM

may insert in group logical name table

GRPPRV

may access group objects via system protection

IMPERSONATE

may impersonate another user

IMPORT

may set classification for unlabeled object

LOG_IO

may do logical i/o

MOUNT

may execute mount acp function

NETMBX

may create network device

OPER

may perform operator functions

PFNMAP

may map to specific physical pages

PHY_IO

may do physical i/o

PRMCEB

may create permanent common event clusters

PRMGBL

may create permanent global sections

PRMMBX

may create permanent mailbox

PSWAPM

may change process swap mode

READALL

may read anything as the owner

SECURITY

may perform security administration functions

SETPRV

may set any privilege bit

SHARE

may assign channels to non-shared devices

SHMEM

may create/delete objects in shared memory

SYSGBL

may create system wide global sections

SYSLCK

may lock system wide resources

SYSNAM

may insert in system logical name table

SYSPRV

may access objects via system protection

TMPMBX

may create temporary mailbox

UPGRADE

may upgrade object integrity

VOLPRO

may override volume protection

WORLD

may affect other processes in the world

On older versions of OpenVMS, the IMPERSONATE privilege was called DETACH. Historically, it was used to create detached processes under the User Identification Code (introduced in the next section) of another user. Over time, the power granted by DETACH grew until a name change to IMPERSONATE was warranted.