Safeguard Reference Manual (G06.24+, H06.03+ )
Introduction
Safeguard Reference Manual—520618-013
1-4
Object-Access Authorization
Control Features for Disk Volumes
•
Any local super-group user can create a Safeguard disk volume authorization
record (ADD VOLUME) unless specific users have been designated with an
access control list for OBJECTTYPE VOLUME.
A volume authorization record contains these attributes:
°
OWNER—ownership can be transferred to another user
°
ACCESS—an access control list to authorize access: Read, Write, Execute,
Purge, Create, Owner (RWEPCO)
°
Auditing specifications
•
The owner of a volume authorization record can modify the record (ALTER
VOLUME).
•
The owner of a volume record can freeze and thaw access to the disk volume
(FREEZE VOLUME and THAW VOLUME).
•
The owner of a volume record can delete the record (DELETE VOLUME).
Control Features for Subvolumes
•
Any user can create a Safeguard subvolume authorization record (ADD
SUBVOLUME) unless a specific list of users has been designated with an access
control list for OBJECTTYPE SUBVOLUME.
A subvolume authorization record contains these attributes:
°
OWNER—ownership can be transferred to another user
°
ACCESS—an access control list to authorize access: Read, Write, Execute,
Purge, Create, Owner (RWEPCO)
°
Auditing specifications
•
The owner of a subvolume authorization record can modify the record (ALTER
SUBVOLUME).
•
The owner of a subvolume record can freeze and thaw access to the subvolume
(FREEZE SUBVOLUME and THAW SUBVOLUME).
•
The owner of a subvolume record can delete the record (DELETE SUBVOLUME).
Control Features for Devices
•
Any local super-group user can create a Safeguard device authorization record
(ADD DEVICE) unless a specific list of users has been designated with an access
control list for OBJECTTYPE DEVICE.
A device authorization record contains these attributes: