Yes, releasing the UDC worked.  It is a system UDC.  We also have another
system UDC - SYSUDC1.SYSTEM.LIB,
        READ    :ANY
        WRITE   :ANY
        APPEND  :ANY
        LOCK    :ANY
        EXECUTE :ANY
      **SECURITY IS ON

group system :-
        READ    :ANY
        WRITE   :AC
        APPEND  :AC
        LOCK    :ANY
        EXECUTE :AC

account lib :-
        READ    :ANY
        WRITE   :ANY
        APPEND  :ANY
        LOCK    :ANY
        EXECUTE :ANY

But users have no problem accessing this UDC eventhough security is on, but
as soon as security is on UDCFILE1.GEN.SYS they can not access it.
I have not tried an ACD, but will test it asap.  Nearly all of our users do
not get to the MPE prompt.

regards  ...  Terry
At 07:02 PM 2/11/97 -0500, you wrote:
>So, did releasing it work?
>
>Have you tried an ACD for X:ANY? I am less sure that locking is
>necessary. That should extend access while getting around RELEASE /
>SECURE restrictions. Are they system UDCs? If not, just grant access to
>the 'friend' accounts or users (@.ACCOUNT or USER.@).
>
>I favor extreme paranoia when it comes to security: I assume that there
>is someone smarter than me (and I test in the upper 2% on more than one
>standardized test) who knows more than me (no lack of those) and who is
>going to spend time trying to hack any info about my system that they
>can. Of course, I have induced extreme paranoia by being that person on
>various systems, even the one I use now before I was given more than a
>'guest' sign-on. But, my point is that I don't want non-admin users
>reading my UDCs or much of anything else. What if they FTP a Trojan
>horse over MAIN.PUB.VESOFT; say one that captures passwords instead of
>verifying them, and that lets them on the system?
>
>I counter this user-hostility by creating 'eponymous' UDCs, based on a
>similar idea from our ORACLE UDCs. The UDC file contains a UDC of the
>same name, which is a series of ECHO statements telling users what I do
>want them to know, so typing the UDC filename echoes the statements and
>HELP UDCname lists them. ORACLE used comments, so typing the UDCname did
>nothing.
>
>Opinions are mine; unless they come from that voice in my head...
>
>>----------
>>From:         Terry Prime
>>Sent:         Tuesday, February 11, 1997 12:03 PM
>>To:   [log in to unmask]
>>Subject:      [HP3000-L] still a udc problem
>>
>>MPE 5.0 powerpatch 4.
>>
>>I set the file UDCFILE.GEN.SYS as :-
>>        READ    :AC
>>        WRITE   :AC
>>        APPEND  :AC
>>        LOCK    :ANY
>>        EXECUTE :ANY
>>      **SECURITY IS ON
>>
>>I set the group GEN.SYS as :-
>>        READ    :GU
>>        WRITE   :GU
>>        APPEND  :GU
>>        LOCK    :ANY
>>        EXECUTE :ANY
>>        SAVE    :GU
>>
>>The account SYS is :-
>>        READ    :ANY
>>        WRITE   :AC
>>        APPEND  :AC
>>        LOCK    :ANY
>>        EXECUTE :ANY
>>
>>According to the information I was given, this is all that is needed for a
>>user to be able to read/access the UDC.  Unfortunately not - it did not
>>work, the UDC could still not be accessed while it was secure.
>>No wonder I am going bald!!!!!!!
>>
>>regards  ...  Terry
>>Signature:
>>     Terry Prime
>>     Client Services Officer
>>     Queensland University of Technology
>>     phone: (07)38641784   fax (07)38641343
>>     Internet:[log in to unmask]
>>
>>Disclaimer:
>>     What i have said is my opinion and does not reflect the
>>     opinion of my employer or co-workers
>>
>
>
Signature:
     Terry Prime
     Client Services Officer
     Queensland University of Technology
     phone: (07)38641784   fax (07)38641343
     Internet:[log in to unmask]

Disclaimer:
     What i have said is my opinion and does not reflect the
     opinion of my employer or co-workers