Safeguard Reference Manual (G06.24+, H06.03+ )

Device and Subdevice Security Commands

Safeguard Reference Manual—520618-013

10-8

ADD DEVICE and SUBDEVICE Commands

group-num

specifies the group number of any group.

(minus-sign) operates on existing ACL entries. The minus-sign form of

access-spec modifies the current default ACL. The authority entries

are removed from the default ACL entries for the users specified with

user-list.

DENY

denies the users or user groups specified by user-list the access

authorities specified by authority-list.

authority-list

specifies the access authorities to be granted (or denied) to user-list.

authority-list can be one of:

authority

( authority [ , authority ] ... )

authority

is one of:

R[EAD]

W[RITE]

O[WNER]

(asterisk) specifies all authorities (READ, WRITE, and OWNER).

AUDIT-ACCESS-PASS [audit-spec]

changes the audit-spec for successful attempts to access the device or

subdevice. The form of audit-spec is:

{ ALL | LOCAL | REMOTE | NONE }

For a description of the audit-specs, see the SET DEVICE and

SUBDEVICE Commands on page 10-25. Omitting audit-spec specifies

NONE.

Note. Specifying ACCESS access-spec with ADD DEVICE or SUBDEVICE does

not override the current default ACL (established through SET DEVICE or

SUBDEVICE). Instead, any ACL entries specified in ADD DEVICE or SUBDEVICE are

used to modify the current ACL, and then the entire ACL is defined for the device or

subdevice authorization record being added.