Manualshelf

Safeguard User's Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
919293949596979899100
Working with Patterns
Safeguard User’s Guide422089-009
9-5
Safeguard Pattern Configuration
Safeguard Pattern Configuration
Use the Safeguard configuration attribute CHECK-DISKFILE-PATTERN to enable,
disable, and control the search order for pattern and non-pattern protection records.
OFF
Specifies no pattern searches will occur. This configuration is equivalent to
Safeguard versions prior to G06.25.
LAST
Specifies that non-pattern searching will occur first, using non-pattern based
protection records, as in Safeguard versions prior to G06.25. If that search returns
NORECORD then pattern based protection records will be searched.
FIRST
Specifies that pattern based protection records will be searched first. If that search
returns NORECORD then non-pattern based protection records will be searched.
ONLY
Specifies that only pattern based protection records will be searched. Non-pattern
protection records will be ignored.
Safeguard searches patterns so that the most specific pattern is used, and behaves
similar to Direction-Diskfile = Filename-First and Combination-Diskfile = First-ACL.
Introducing a new method to determine access control impacts the multilevel method
used today. Rather than try to merge the pattern method into each level, you will make
each method mutually exclusive, but able to coexist. You will provide a global control
that will specify which method is to be used first. Only when the primary method
returns NORECORD will the secondary method be used. This access result will be
combined with the result returned from the SEEP in accordance with existing policy. To
maintain backwards compatibility, this control will also disable pattern matching
entirely.
The pattern protection records are stored in a new file in each volume’s SAFE
subvolume. The file name is SAFE.PATGUARD.
The integrity of the existing SAFE.GUARD files must be maintained. Therefore, the
existing rules for managing non-pattern protection records will be maintained, even
though the access result would be satisfied using a pattern protection record.
Therefore, when a file is created, renamed, or deleted, the existing legacy logic will be
employed to manage the appropriate SAFE.GUARD file. The exception to this rule is
the ONLY option.
Setting CHECK-DISKFILE-PATTERN to ONLY implies that maintaining the integrity of
the SAFE.GUARD files is not desired. This would be used by installations that have no
need to fall back to using the SAFE.GUARD files, such as installations that have not
used SAFEGUARD protection records prior to patterns; for example, installations that