Manualshelf

SQL/MX 3.2.1 Management Manual (H06.26+, J06.15+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
41424344454647484950
Safeguard volume protection records can control who is authorized to create disk files on
specific disk volumes.
Safeguard process-protection records can control who is authorized to use specific process
names.
Safeguard access control lists cannot be used to protect OSS files. Access to OSS files is controlled
by OSS file-permission bits.
User Administration
Authentication records for all system users, including those who work in the OSS environment,
must be added and managed by using SAFECOM USER commands. Some attributes defined in
a user-authentication record apply exclusively to the OSS environment. These attributes include the
user’s primary group, initial working directory, initial program, and initial program type.
A user’s initial working directory in the OSS environment is specified by the INITIALDIRECTORY
attribute in the authentication record for that user. The initial directory is where the user is placed
in the OSS environment when the osh command is executed.
File-Sharing Groups
File-sharing groups are particularly important in the OSS environment. Each user has a group list
that contains the names of all groups to which that user belongs. When the user attempts to access
a file, the file’s group permissions are granted to that user if the user’s group list includes the name
of the file’s group. If the file’s group does not appear on the user’s group list, the group permissions
are denied, and the user is granted the permissions specified for all other users.
File-sharing groups are created and managed by using SAFECOM GROUP commands.
Volume Create Authority
Each time an OSS file is created, the Safeguard software checks whether a Safeguard
volume-protection record exists for the physical volume on which the file is to reside. If a such a
volume-protection record exists, the user creating the file must have create (C) authority on the
access control list for that volume. If the user does not have create authority on that access control
list, the Safeguard software denies the file-creation attempt.
Enabling OSS Safeguard Auditing
SCF turns on the audit-enabled attribute for the OSS Name Server. SAFECOM turns on the
AUDIT-CLIENT-OSS and sets AUDIT-PROCESS-ACCESS-PASS and AUDITPROCESS- ACCESS-FAIL.
For more information, see the Open System Services Management and Operations Guide.
Planning Database Recovery
HP provides several recovery mechanisms, including:
Mirrored disk volumes are a primary protection against disk failures. These volumes also
provide the ability to repair and maintain disk volumes online, without interrupting application
processing. For more information about how to use mirrored disk volumes, see the Guardian
User’s Guide and the Guardian Disk and Tape Utilities Reference Manual.
The TMF subsystem provides the best online protection against application or equipment
failures. When used correctly, the TMF subsystem protects the database from program failures
that would leave the database inconsistent because of incomplete transactions.
RDF maintains replicated databases at a remote site that can be used for contingency planning.
As end users modify the local database, RDF replicates those changes in the remote database,
keeping it continuously up to date. For more information, see the RDF/IMP, IMPX, and ZLT
System Management Manual.
The use of backup tapes for data files can provide a way to protect data in an offline mode.
Tapes can be physically removed from the site and saved for possible disaster recovery.
Planning Database Recovery 45