Safeguard Reference Manual (G06.24+, H06.03+ )

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

231

232

233

234

235

236

237

238

239

240

Disk-File Security Commands

Safeguard Reference Manual—520618-013

8-12

ADD DISKFILE Command

TRUST { ME | SHARED | OFF }

sets the TRUST attribute for the specified disk file. The disk file must be a

program object file. The initial value is OFF. This attribute is valid only on

systems running H-series RVUs. Only the super ID can set this attribute.

Considerations

•

Attributes in an ADD command affect only the record added.

Any attribute specifications in an ADD DISKFILE command affect only the

authorization record being created and do not change the current default disk-file

attribute values. This condition is also true for a LIKE clause in an ADD DISKFILE

command.

•

Disk-file security can be managed from a remote node.

An authorization record for a disk file can be added by only the local owner of the

file, the owner’s group manager, or the super ID. However, if a disk-file

authorization record is added that specifies a network user ID for the OWNER

attribute, the authorization record can be altered, frozen, thawed, and deleted by

that network user from a remote or local node.

•

Relationship between ADD DISKFILE and the FUP GIVE, SECURE, LICENSE,

and REVOKE commands

After you create an authorization record for a disk file, the FUP GIVE, SECURE,

LICENSE, and REVOKE commands no longer work for the disk file. You must use

the ALTER DISKFILE command to perform the equivalent operations. (For a list of

equivalent FUP and SAFECOM commands, see the Considerations for ALTER

DISKFILE Command on page 8-20.)

However, the super ID can use the FUP SECURE, LICENSE, and REVOKE

commands on a disk file that has a Safeguard protection record. Even though this

usage is allowed, restrict it to emergency situations. It can result in access

mediation problems and inconsistencies in Safeguard protection records.

•

Using LIKE disk-file-name

You can use the LIKE disk-file-name clause to define all the disk-file attribute

values for a disk file, and then change one or more of the attribute values by

specifying new values after the LIKE keyword. For example, this command adds

an authorization record for MEMO1 that has the same disk-file attribute values as

MEMO2 except for the OWNER attribute:

=ADD DISKFILE memo1, LIKE memo2, OWNER sales.kidd

Using the LIKE clause with an ADD DISKFILE command does not change any of

the current default disk-file attribute values.

•

Securing partitioned files