Safeguard Reference Manual (G06.24+, H06.03+ )

Introduction

Safeguard Reference Manual—520618-013

1-3

Object-Access Authorization

With the Safeguard software, you can secure these types of system objects:

•

Disk files

•

Disk volumes and subvolumes

•

Devices and subdevices (including terminals, tape drives, communication lines,

and printers)

•

Processes and subprocesses (both named and unnamed)

You protect objects by defining an access control list (ACL) with the ACCESS attribute.

ACLs specify who can access an object and what authorities they have. Except for the

super ID and the group manager of the protection record owner, users are implicitly

denied all access authorities if they do not appear on an object’s access control list.

The Safeguard software provides the object-access control features listed in the

following summaries. (The SAFECOM command appears in parentheses.)

Control Features for Disk Files

•

The owner of a disk file can create a Safeguard disk file authorization record (ADD

DISKFILE) unless a list of users has been designated with an access control list for

OBJECTTYPE DISKFILE.

Each file authorization record contains these attributes:

OWNER—ownership can be transferred to another user

ACCESS—an access-control list to authorize access: Read, Write, Execute,

Purge, Create, Owner (RWEPCO)

Auditing specifications

LICENSE

PROGID

CLEARONPURGE

PERSISTENT

•

The owner of an authorization record for that file can modify the record (ALTER

DISKFILE).

•

The owner of a file authorization record can freeze and thaw access to the file

(FREEZE DISKFILE and THAW DISKFILE).

•

The owner of a file record can delete the record (DELETE DISKFILE).

•

Diskfile patterns reduce administrative burden by supplying one pattern that can

match many volumes, subvolumes, or filenames. For more information, see the

Safeguard User’s Guide.