Safeguard Reference Manual (G06.24+, H06.03+ )

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

301

302

303

304

305

306

307

308

309

310

Disk Volume and Subvolume Security Commands

Safeguard Reference Manual—520618-013

9-2

Subvolume Authorization Record Ownership

can always be specified for all volumes protected by the Safeguard software. With an

ACL in effect, the OWNER authority is always included whenever the * (asterisk)

authority code is used. It can also be abbreviated as O.

With the Safeguard software, the owner of a volume can also be defined as a network

user. A network user who owns a protected volume can use the Safeguard software

from a remote node to control access to that volume (provided the user has remote

passwords set up between the two systems).

For more information about OWNER, see VOLUME on page 12-2.

Subvolume Authorization Record Ownership

The rules governing subvolume authorization record ownership are nearly identical to

those governing volume ownership. The only exception is that although only a local

super group user can add an authorization record for a volume (by default), any local

user can add an authorization record for a subvolume. For more information about

controlling this class of objects, see OBJECTTYPE SUBVOLUME in Section 12.

Volume and Subvolume Access Authorities

ACLs for disk volumes and subvolumes can grant the following six access authorities:

Volume and Subvolume Access Authorization

When a user attempts to create or access a disk file, the Safeguard software performs

a series of authorization checks to determine whether to allow the user to create or

access the file on the specified volume or subvolume. The following paragraphs

describe the authorization checking performed by the Safeguard software.

For any attempt to create or access a disk file, the Safeguard software checks the

requester’s authority as follows:

CREATE Create a disk file on a volume or subvolume

OWNER Change the authorization records

READ Read disk files within the volume or subvolume

WRITE Write disk files within the volume or subvolume

EXECUTE Execute disk files within the volume or subvolume

PURGE Purge disk files within the volume or subvolume

Note. READ, WRITE, EXECUTE, and PURGE access for a volume or subvolume are

consulted only when the Safeguard global configuration attribute CHECK-VOLUME or CHECK-

SUBVOLUME is turned on. If the option is turned off, only CREATE and OWNER are

applicable. For more information about the global configuration attributes, see Section 16,

Safeguard Subsystem Commands.