This command lists, creates, changes, and revokes permissions for resources at the server. This command works only on servers running with user-level security.
Syntax
NET ACCESS ... - - - - -_ _ _ - - - _ - - - _ -....
Option Purpose
account Identifies the user name or group name of a specific account whose permissions are being modified.
rights In the form account:permissions, includes the name of a user or f.0up account followed by the permissions (R, W, C, X, D, A,
, Y, N) for the resource.
resource Names the resource to be assigned permissions. The resource can be a disk, directory, file, print queue, communication-device queue, \print, \comm, or \pipe.
/add Adds permissions for a resource to the access-control database.
/change Changes a user's or group's permissions for a resource.
Option
Removes pennissions for a resource from the access-control database.
Adds .a I).ew user name and corresponding pennissions to a preexlstmg resource record.
Revokes a user's or group's permissions to use the resource.
Turns audit trailing on or off for a particular resource. (The default is YES.)
Reports permissions for the resource specified and all of its descendants (for example, subdirectones of a specified directory).
When used without options, the NET ACCESS command displays a list of the server's shared resources plus their assigned pennissions:
Resource Permissions Permissions
\PRINT BENP:W GUEST:WC
JACKST:W MARYS:WC MIKEG:WC *USERS:WC C:\
GUEST:R *USERS:R
C:\LANMAN\SPOOL
GUEST:R *USERS:R
Command completed successfully.
This display shows the pathname of every resource and the permissions assigned for that resource. (Group names are preceded by *.)
NOTE: If you type the NET ACCESS command for a remote resource, the path in the Resources column is relative to the network server, not your local computer.
Comments
Command Reference
3
3-25
Before you can use the NET ACCESS command, you must do the following:
• Start the server with user-level security.
• Make sure the resource exists.
• Have existing accounts for the users or groups for which you are assigning permissions.
When you use the NET ACCESS command to display access permissions, a comment next to each resource's name shows whether access of that resource is being audited. Under each resource name are the names of users and groups permitted to use the resource and the specific permissions. Four types of resources can appear in the list:
• Pathnames of drives, directories, or files.
• Sharenames of print queues.
• Sharenames of communication-device queues.
• Pathnames of named pipes.
3
3-26
Command Reference
The NET ACCESS command can assign up to nine pennissions. These
pennissions apply only when the server is running with user-level security. (For information on assigning pennissions while the server is running with share-level security, see the NET SHARE command.) Some pennissions work only with specific types of resources:
Letter Permission
R "Read" lets users read and copy files in that directory, but not change them. This also lets users view the names of files in a shared directory.
Use this pennission by itself if you want users to be able to look at or execute programs only.
W "Write" lets users make changes to the files in that directory. In most cases, it should be used in combination with read pennission.
C "Create" lets users create files and subdirectories in the shared directory.
When used by itself, this pennission lets users create new files in the directory and change them while they are creating them; once the file is closed, they cannot modify it.
X "Execute" lets users run a command or program.
D "Delete" allows users to delete files and subdirectories.
A "Change attributes" lets users change file attributes. For more
infonnation on file attributes, see the 3 + Open MS OS/2 LAN Manager User Reference.
p "Change pennissions" lets users change resource Eennissions. (This is the same as giving a user administrative privilege or a resource.) Y "Y es" al~ow~ users to submit files or requests to a print or
communIcatIon-devIce queue.
N "No" denies users access to a resource, and is useful if you need to exclude a specific person or persons from using a print or
communication-device queue, directory, or file.
Command Reference
3
3-27
Only users who are assigned the permission P can change the permissions on a shared resource using the NET ACCESS command. Otherwise, administrative privilege on your server account must be obtained before permissions for resources shared from that server can be changed.
For a resource to be audited, the NET ACCESS command must be used with the name of the resource, and the Itrail: option must be set to YES. Since YES is the default, if you type the trail option with no value, auditing is turned on.
Example
To add permissions on the files in the bin directory for the user mikeg and the groups pubrel and world, Mary types types the following:
net access c:\bin /add mikeg:rwxc pubrel:rw users:r Later, to give Jenny Tibbetts read and write permission for the same directory, Mary types the following:
net access c:\bin /grant jennyt:rw
See Also
For more information about this command, see the following sources:
• The NET SHARE command in this chapter for more information on sharing resources with the local area network.
• "File Access Permissions" and "Other Access Permissions" in Chapter 2: LAN Manager Screen Reference for more information about adding and changing permissions using the LAN Manager screen.
• The 3 + Open MS OS/2 LAN Manager Administrator Guide for more information about starting the server with user-level security, assigning
permissions, and using the MAKEACC and GROW ACC utilities to create and enlarge the control-access database (NET.ACC).