Manualshelf

OSI/FTAM Configuration and Management Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
919293949596979899100
Planning, Installing, and Configuring Tandem FTAM
OSI/FTAM Configuration and Management Manual421944-001
3-22
Mapping of FTAM File-Security Attributes to
Guardian Security Settings
For Safeguard-protected files, Safeguard security is enforced. The responder cannot
translate Safeguard security attributes into the FTAM access-control attribute. Therefore,
when a remote application reads the attributes of a file that the Safeguard security
software protects, the access-control attribute indicates that no value is available.
However, the Safeguard security software still protects FTAM access to the file. Note
that for such a file, the read-attribute action does not tell you which file-access actions
you can perform.
If a file-access request is rejected because the user ID does not meet the Guardian
security requirements of the file, the responder generates an EMS event message
indicating a security violation on a file-access attempt, and also sends a diagnostic
message (a diagnostic parameter in a PDU) to the remote initiator. The event message
identifies the responder, the VFS profile, the user ID specified, and the address of the
initiator that sent the request.
Table 3-2
on page 3-21 shows the exclusion mode that applies to each FTAM VFS
action. Files open for read actions are open for SHARED access, allowing more than
one user to open a file concurrently for reading. Files open for insert, replace, extend,
and erase actions are open for EXCLUSIVE access; only one user at a time can open a
file for writing. Where a combination of VFS actions are performed on a file, that file’s
access is EXCLUSIVE if any one of the actions qualify the file’s access as
EXCLUSIVE. If a file access is attempted on a file already opened for EXCLUSIVE
access, the responder returns a diagnostic message to the remote application in the
F-OPEN confirm.
Mapping of FTAM File-Security Attributes to Guardian Security
Settings
When a remote FTAM user creates files in the Tandem responders VFS or changes the
attributes, the access-control attribute negotiated between initiator and responder
determines the resulting Guardian file-security settings. Likewise, when a remote user
attempts to read the access-control attribute of files in the responders VFS, the
Guardian security settings of the files determine the values that will be seen.
The access-control attribute is the only ISO FTAM security attribute that can affect
Tandem file-security settings. This attribute is a set of access-control elements, with
each element consisting of an action-list field and, optionally, concurrency-access,
identity, passwords, and location fields. The access-control attribute defines the
conditions under which access to a file is allowed. ISO 8571-2 provides a complete
description of the access-control attribute.
Within the access-control attribute, the Tandem responder uses only the action-list field
of the first access-control element; the concurrency-access, identity, passwords, and
location fields are ignored, as are all access-control lists after the first.