Safeguard Reference Manual (G06.24+, H06.03+ )
Disk-File Security Commands
Safeguard Reference Manual—520618-013
8-3
Disk-File Access Authorization
Disk-File Access Authorization
When a process attempts to access a protected disk file, the Safeguard software
checks the processes group list and the disk file ACL to see if the user identified by the
process accessor ID (PAID) of that process has the required access authority. If that
user lacks the authority, the access attempt is rejected with a security violation error
(file error 48). For more information on process and creator accessor IDs, see the
Security Management Guide.
When the Safeguard software authorizes access to a disk file, it also determines
whether the requesting process was started by a user authenticated on a remote
system. If so, the user identified by the PAID of that process must be identified as a
network user on the disk file ACL, or the Safeguard software rejects the access
attempt with a security violation error (file error 48).
Processes use system procedure calls to access disk files. The Safeguard software
must authorize any attempts to access protected disk files made through Guardian
procedures:
The Safeguard software must also authorize attempts to rename a protected disk file.
Table 8-1 shows the access authorities required to rename a disk file on a system
protected by the Safeguard software.
To create a
process
The owner must have EXECUTE authority for the program object disk
file. (Creating a process is also subject to authorizations from the
PROCESS object type.)
To open a file The owner must have either READ or WRITE authority.
To purge a file The owner must have PURGE authority.
Table 8-1. Access Authority Required to Rename a File
Current File Name New File Name Result
Safeguard
Record
Exists?
Safeguard
Purge
Allowed?
Guardian
Purge
Allowed?
Safeguard
Vol/Subvol/
Disk File
Record Exist?
Safeguard
Create
Allowed?
Rename
Allowed?
No - Yes No - Yes
No - Yes Yes Yes Yes
No - Yes Yes No No
No-No- -No
Yes Yes - No - Yes
Yes Yes - Yes Yes Yes
Yes Yes - Yes No No
Yes No - - - No