Manualshelf

Safeguard Reference Manual (G06.24+, H06.03+ )

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
301302303304305306307308309310
Disk Volume and Subvolume Security Commands
Safeguard Reference Manual520618-013
9-3
Volume and Subvolume Security Command
Summary
1. It determines whether an authorization record exists for the volume on which the
file is to be created.
2. If a volume authorization record exists, it checks the ACL to determine whether the
user has the authority to create or access a file on that volume.
3. If the volume ACL does not grant the user the authority, the user’s request is
rejected with a security violation (file error 48).
This behavior can be modified depending on the settings of the following Safeguard
configuration options: CHECK-VOLUME, CHECK-SUBVOLUME, CHECK-FILENAME,
CHECK-DISKFILE-PATTERN, DIRECTION-DISKFILE, and COMBINATION-DISKFILE.
You can use patterns to specify protection records. For more information on diskfile
patterns, see the Safeguard User’s Guide.
Section 16, Safeguard Subsystem Commands, and Appendix B, Disk-File Access
Rules, describe these configuration options and their effects on creating a disk file.
If the volume ACL grants the user the authority to create a disk file, the Safeguard
software then determines whether an authorization record exists for the subvolume on
which the disk file is to be created. When an authorization record exists for the
subvolume, the Safeguard software checks whether the subvolume ACL grants the
user the authority to create a disk file. If the subvolume ACL grants the user the
authority to create a disk file, the user’s file-creation request succeeds. However, when
the user lacks the authority to create a disk file on the subvolume, the file-creation
request is rejected with a security violation (file error 48).
If no authorization record exists for the volume, a user’s file-creation request is rejected
only if both an authorization record for the subvolume exists and the subvolume ACL
does not grant the user CREATE authority. If no authorization record exists for either
the volume or subvolume, any user can create a disk file on the subvolume.
The Safeguard software does not restrict the creation of temporary files, such as swap
files. Volume and subvolume authorization records are not checked when a temporary
file is created.
Volume and Subvolume Security Command
Summary
Table 9-1 on page 9-4 lists the disk volume and subvolume security commands and
gives a brief description of each.