Accessing Files Programmer's Guide (32650-90885)

ManualsBrandsHP ManualsSoftwareMPE/iX 6.0 Operating System

181

182

183

184

185

186

187

188

189

190

184 Chapter13

Maintaining File Security

Traditional Mechanism for File Security

• account member (AC)

If no security provisions are explicitly speciﬁed, the following provisions apply by default:

• For a public group (named PUB), whose ﬁles are normally accessible in some way to all

users within the account, reading and executing access are permitted to all users;

appending, writing, saving, and locking access are limited to account librarian users

and group users (including group librarian users). (R, X: ANY; A, W, L, S: AL, GU).

• For all other groups in the account, reading, appending, writing, saving, locking, and

executing access are limited to group users. (R, A, W, L, X, S: GU).

File-level security

When a ﬁle is created, the security provisions that apply to it are the default provisions

assigned by MPE/iX at the ﬁle level, coupled with the user-speciﬁed or default provisions

assigned to the account and group to which the ﬁle belongs. At any time, however, the

creator of the ﬁle (and only this individual) can change the ﬁle-level security provisions, as

described in the following pages; thus, the total security provisions for any ﬁle depend

upon speciﬁcations made at all three levels, the account, group, and ﬁle levels. A user must

pass tests at all three levels–account, group, and ﬁle security, in that order–to successfully

access a ﬁle in the requested mode.

If no security provisions are explicitly speciﬁed by the user, the following provisions are

assigned at the ﬁle level by default:

• For all ﬁles, reading, appending, writing, locking, and executing access are permitted to

all users. (R, A, W, L, X: ANY).

Because the total security for a ﬁle always depends on security at all three levels, a ﬁle not

explicitly protected from a certain access mode at the ﬁle level may beneﬁt from the

default protection at the group level. For example, the default provisions at the ﬁle level

allow the ﬁle to be read by any user–but the default provisions at the group level allow

access only to group users; thus, the ﬁle can be read only by a group user.

In summary, the default security provisions at the account, group, and ﬁle levels combine

to result in overall default security provisions as listed in Table 13-13. on page 185 Stated

another way, when the default security provisions are in force at all levels, the standard

user (without any other user attributes) has:

• unlimited access (in all modes) to all ﬁles in his logon group and home group

• reading and executing access (only) to all ﬁles in the public group of his account and the

public group of the system account

The important ﬁle security rules may be deﬁned as follows:

• Users can create ﬁles in their own accounts.

• Only the creator can modify a ﬁle's security.

• If a lockword is present on a ﬁle, then it is required in order to access the ﬁle.

• Account managers have unlimited access to the ﬁles within their accounts.

• System managers have unlimited access to any ﬁle, but can save ﬁles only in their