Safeguard User's Guide (G06.24+, H06.03+)
Securing Disk Files
Safeguard User’s Guide—422089-009
3-12
Specifying Auditing Conditions
To restore a frozen access control list, use the THAW DISKFILE command. Any user
who can freeze an access control list can also thaw it.
For example, the owner of the disk file (user ID 2,1) can restore the access control list
for quarter1 by entering:
=THAW DISKFILE quarter1
The STATUS field of the INFO display shows that the access control list is thawed:
=INFO DISKFILE quarter1
Specifying Auditing Conditions
The Safeguard subsystem provides facilities for auditing attempts to access a disk file
or its corresponding authorization record. For detailed information on auditing, see the
Safeguard Audit Service Manual.
You can specify four auditing attributes in a disk-file authorization record. They are:
•
AUDIT-ACCESS-PASS
•
AUDIT-ACCESS-FAIL
•
AUDIT-MANAGE-PASS
•
AUDIT-MANAGE-FAIL
You can set these attributes to ALL, LOCAL, REMOTE, or NONE. The default value for
the auditing attributes is NONE, which indicates no auditing.
As with other security attributes, you can specify auditing conditions with the ADD
DISKFILE, ALTER DISKFILE, or SET DISKFILE commands.
The following command causes the Safeguard software to audit all unsuccessful
remote attempts to access quarter1:
=ALTER DISKFILE quarter1, AUDIT-ACCESS-FAIL REMOTE
Note. Freezing an access control list has no effect on processes that already have the file
open.
LAST-MODIFIED OWNER STATUS WARNING-MODE
$DATA.SALES
QUARTER1 23JUL05, 15:33 2,1 THAWED OFF
002,001 R,W,E,P
002,006 DENY W
002,018 R,W,E,P
004,012 R
008,004 DENY R
002,* R,W
008,* R