Manualshelf

OSI/FTAM Configuration and Management Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
919293949596979899100
Planning, Installing, and Configuring Tandem FTAM
OSI/FTAM Configuration and Management Manual421944-001
3-24
Mapping of FTAM File-Security Attributes to
Guardian Security Settings
The mapping of FTAM action-list settings to Guardian security settings is summarized
in Table 3-3.
If the access-control attribute is not present in the F-CREATE indication, the Tandem
responder sets Tandem file security to the default security allowed for the FTAM
association, as defined by the initiator-identity parameter sent in the F-INITIALIZE
request or by the DEFUSER attribute specified in the VFS profile used by this
responder.
File Attributes Changed on Behalf of a Remote FTAM User
The access-control attribute can be modified through FTAM using the F-CHANGE-
ATTRIB primitive. On the basis of the information a remote initiator sends in the
F-CHANGE-ATTRIB request, the Tandem responder modifies the Guardian security of
a file according to the functions it supports and returns a new value for the access-
control attribute in the F-CHANGE-ATTRIB response. The Tandem responder access-
control attribute is limited to a single access-control element.
In the F-CHANGE-ATTRIB request sent by the initiating system, the values for access
control consist of insert values or delete values (or both), each of which can be zero,
one, or more access-control elements. The Tandem responder, however, processes only
the first access-control element sent for insert values and for delete values. The Tandem
responder also ignores all but the first component of the insert values or delete values
information, using only the action-list information to modify Guardian security
(R W E P) for the file. If the remote initiator attempts to change any other components
of access control (such as concurrency-access, location, or identity), the Tandem
responder returns a diagnostic message to the remote initiator.
Insert values and delete values turn access to the actions in the action list on and off,
respectively. Since the access-control attribute can indicate both insert values and delete
values, the remote application might unintentionally specify the same action in both
values. If this occurs, the delete values action overrides the insert values action.
Table 3-3. Mapping From FTAM Action List to Guardian Security
If Action List Is Set to... Guardian Security Is Modified to...
Read Set READ access to N
Insert Set WRITE access to N
Replace Set WRITE access to N
Extend Set WRITE access to N
Erase Set WRITE access to N
Read attributes (no change)
Change attributes Set WRITE access to N
Delete file Set PURGE access to N