Safeguard Reference Manual (G06.24+, H06.03+ )
Introduction
Safeguard Reference Manual—520618-013
1-5
Object-Access Authorization
°
OWNER—ownership can be transferred to any user
°
ACCESS—an access control list to authorize access: Read, Write, Owner
(RWO)
°
Auditing specifications
•
The owner of a device authorization record can modify the record (ALTER
DEVICE).
•
The owner of a device record can freeze and thaw access to the device (FREEZE
DEVICE and THAW DEVICE).
•
The owner of a device record can delete the record (DELETE DEVICE).
Control Features for Subdevices
•
Any local super-group user can create a Safeguard subdevice authorization record
(ADD SUBDEVICE) unless a specific list of users has been designated with an
access control list for OBJECTTYPE SUBDEVICE.
A subdevice authorization record contains these attributes:
°
OWNER—ownership can be transferred to any user
°
ACCESS—an access control list to authorize access: Read, Write, Owner
(RWO)
°
Auditing specifications
•
The owner of a subdevice authorization record can modify the record (ALTER
SUBDEVICE).
•
The owner of a subdevice record can freeze and thaw access to the device
(FREEZE SUBDEVICE and THAW SUBDEVICE).
•
The owner of a subdevice record can delete the record (DELETE SUBDEVICE).
Control Features for Processes
•
Any user can create a Safeguard process-name record (ADD PROCESS) unless a
specific list of users has been designated with an access control list for
OBJECTTYPE PROCESS.
A process name authorization record contains these attributes:
°
OWNER—ownership can be transferred to any user
°
ACCESS—an access control list to authorize access: Read, Write, Purge
(stop), Create, Owner (RWPCO)
°
Auditing specifications
•
The owner of a process name authorization record can modify the record (ALTER
PROCESS).