OSI/FTAM Configuration and Management Manual
Planning, Installing, and Configuring Tandem FTAM
OSI/FTAM Configuration and Management Manual—421944-001
3-26
Mapping of FTAM File-Security Attributes to
Guardian Security Settings
File Attributes Read by a Remote FTAM User
When the Tandem responder reads FTAM file attributes on behalf of a remote user, it
maps the values for access control from Guardian security based on the user ID for the
association, as defined by the initiator-identity parameter sent in the F-INITIALIZE
request or by the DEFUSER attribute specified in the VFS profile used by this
responder. This mapping shows which actions that user can perform.
The user has specific access (READ, WRITE, EXECUTE, or PURGE) to a file if one of
the following applies:
•
User is super ID, and the file is on the same Expand node as the responder.
•
Guardian security is N.
•
Guardian security is A, and the file is on the same Expand node as the responder.
•
Guardian security is C, and the user is in the same group as the owner of the file.
•
Guardian security is G, the user is in the same group as the owner of the file, and the
file is on the same Expand node as the responder.
•
Guardian security is U, and the user is the owner of the file.
•
Guardian security is O, the user is the owner of the file, and the file is on the same
Expand node as the responder.
The Tandem responder sets the individual bits of the action list according to the access
allowed for the user. Table 3-4
shows how Guardian security maps to FTAM action-list
settings.
The read-attribute bit is always set.
Table 3-4. Mapping From Guardian Security to FTAM Action List
Guardian Access Action-List Bits Set
READ Read
WRITE Insert, Replace, Extend, Erase, Change-attribute
EXECUTE No effect on access control
PURGE Delete-file