Accessing Files Programmer's Guide (32650-90885)
159
13 Maintaining File Security
MPE/iX provides two methods of establishing and maintaining file security.
• access control definitions (ACD) for file and devices
• traditional file security for disk files only
ACDs are implemented to provide a security mechanism that meets standards set forth by
the National Computer Security Center. Traditional file security works through the
mechanism long available on MPE systems. ACDs override any security measures
implemented by traditional means. In addition, MPE/iX now provides logging facilities to
track ACD security-related transactions.
ACDs are discussed first in this chapter, followed by topics relating to the traditional
mechanisms of file security.
Access Control Definition Security (ACD)
MPE/iX implements a discretionary access control (DAC) mechanism that is consistent
with the guidelines laid down by the National Computer Security Center.
The MPE/iX implementation, access control definitions (ACD), is a subset of the DAC
mechanism. ACDs maintain a list of users and the access modes that each user has to files
and devices.
ACD scope
An ACD that is associated with a file overrides the classic MPE file access matrix and
lockwords, which are described later in Chapter 13 , “Maintaining File Security.”
By associating an ACD with a file or a device, the owner of the file or device may define
which users have access to that file or device and which modes of access are available to
other users. When a file is associated with an ACD, the ACD is put into its file label
extension. The ACD contains a list of access
modes
paired with
users
.
Owners
Only those who own a file or a device may associate it with an ACD.