Safeguard Reference Manual (G06.24+, H06.03+ )
Safeguard Subsystem Commands
Safeguard Reference Manual—520618-013
16-10
ALTER SAFEGUARD Command
FIRST-ACL
specifies that the Safeguard software is to determine access based on the
first ACL it finds.
ALL
specifies that all consulted ACLs must grant the requested access for the
success of the operation.
ACL-REQUIRED-DEVICE { ON | OFF }
defines whether the absence of an ACL for a device or subdevice causes the
denial of access to that device or subdevice. The initial value is OFF. (The
absence of ACLs causes operation to revert to Guardian rules.)
CHECK-PROCESS { ON | OFF }
defines whether the process ACL is consulted to determine access to
processes and subprocesses. The initial value is ON. (Process ACLs are
consulted.)
CHECK-SUBPROCESS { ON | OFF }
defines whether the subprocess ACL is consulted to determine access to
subprocesses. The initial value is OFF. (Subprocess ACLs are not consulted.)
DIRECTION-PROCESS { PROCESS-FIRST | SUBPROCESS-FIRST }
defines the direction in which process and subprocess ACLs are consulted to
determine access to processes and subprocesses when both CHECK-
PROCESS and CHECK-SUBPROCESS are ON. The initial value is
PROCESS-FIRST.
PROCESS-FIRST
specifies that process ACLs are to be consulted before subprocess ACLs.
SUBPROCESS-FIRST
specifies that subprocess ACLs are to be consulted before process ACLs.
COMBINATION-PROCESS { FIRST-RULE | FIRST-ACL | ALL }
defines the method by which overlapping ACLs are resolved for access to
processes and subprocesses. COMBINATION-PROCESS is used in
conjunction with DIRECTION-PROCESS to resolve access conflicts. The initial
value is FIRST-ACL.
FIRST-RULE
specifies that the Safeguard software is to determine access by searching
the ACLs until it finds the user ID mentioned.