Safeguard User's Guide (G06.24+, H06.03+)
Securing Disk Files
Safeguard User’s Guide—422089-009
3-10
Deleting an Access Control List Entry
User ID 2,6 has been denied WRITE authority.
A grant of authorities for a specific user is not cumulative even if that user's group also
appears on the access control list. Furthermore, the authorities required for any
specific transaction must appear in a single entry on the access control list.
For instance, assume that user 2,5 has only READ access to a file and that group 2,*
has WRITE access to the file. In this case, user 2,5 could either read the file or write to
it but could not perform an operation such as editing that requires both READ and
WRITE access.
You can specify up to 50 access control list entries. To remove an access authority
from an entry, use the minus sign (-), as described in the next subsection.
Deleting an Access Control List Entry
You can revoke access authorities previously granted to a user or group of users by
using a minus sign (-). If you revoke all authorities granted to a user or group of users,
the access control list entry is deleted.
For example, suppose you no longer want user ID 9,23, to have access to quarter1. To
remove the entry on the access control list:
=ALTER DISKFILE quarter1, ACCESS 9,23 - (R,W)
Because you removed all the authorities granted to user 9,23 the entry is deleted. To
display the modified access control list:
=INFO DISK quarter1
The entry for user ID 9,23 has been removed from the access control list.
Note. A denial of authorities for a user takes away only those authorities specifically denied.
Any other authorities granted to that user or that user's group are still valid for the user.
LAST-MODIFIED OWNER STATUS WARNING-MODE
$DATA.SALES
QUARTER1 23JUL05, 15:15 2,1 THAWED OFF
002,001 R,W,E,P
002,006 DENY W
002,018 R,W,E,P
004,012 R
008,004 DENY R
002,* R,W
008,* R
Note. If you are attempting to remove a deleted user from an access control list, you must
specify the user ID, not the user name. A deleted user is one whose user authentication
record has been deleted from the Safeguard database.