Manualshelf

Safeguard User's Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
31323334353637383940
Securing Disk Files
Safeguard User’s Guide422089-009
3-7
Establishing a Default Access Control List
Establishing a Default Access Control List
If you are adding several disk files to the Safeguard database during one SAFECOM
session, you might want to create a default access control list. Then, if you want to use
the same access control list for each file, you do not need to respecify it each time you
add a file to the Safeguard database.
To establish a default access control list, use the SET DISKFILE command. Consider
the following set of commands:
=RESET DISKFILE ACCESS
=SET DISKFILE ACCESS 2,1 (R,W,E,P)
=SET DISKFILE ACCESS 2,18 (R,W,E,P)
=SET DISKFILE ACCESS 2,* (R,W)
=SET DISKFILE ACCESS admin.* R ; admin.bill DENY R
Once again, assume you are user 2,1. The RESET command clears the current default
access control list. This preliminary step ensures that no default access control list
entries remain from previous SET DISKFILE commands. Then use SET commands to
establish a new default access list.
Parentheses enclose multiple access authorities in three of the commands. You can
include more than one access specification in a single SET command, as in the last
command, by separating the specifications with a semicolon.
There are two ways to specify users—by name or by number. In the last command, the
user name admin.bill corresponds to user ID 8,4. The DENY keyword in the last
command specifically denies admin.bill a certain access, in this case R, which is READ
access. A specific denial such as this takes precedence over the access granted to
admin.bill as a group member. All other members of the admin group retain READ
access.
Next, use the SHOW command to make sure that the default access list is correct:
=SHOW DISKFILE
The display shows:
If you add files to the Safeguard database without specifying an access control list, the
files acquire the default access control list. The default access control list stays in
effect for the current SAFECOM session unless you change it.
TYPE OWNER WARNING-MODE
DISCFILE 2,1 OFF
AUDIT-ACCESS-PASS = NONE AUDIT-MANAGE-PASS = NONE
AUDIT-ACCESS-FAIL = NONE AUDIT-MANAGE-FAIL = NONE
LICENSE = OFF PROGID = OFF CLEARONPURGE = OFF PERSISTENT = OFF
TRUST = OFF
(H-series RVUs only)
002,001 R,W,E,P
002,018 R,W,E,P
008,004 DENY R
002,* R,W
008,* R