Manualshelf

Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
71727374757677787980
Securing Volumes and Devices
Safeguard Administrator’s Manual—523317-029
4-3
Considerations for Volumes
Considerations for Volumes
By default, only super-group users (255,*) can add a disk volume to the Safeguard
database and specify the access authorities for the volume. If necessary, you can
transfer ownership to a general user if that individual is to be responsible for protection
of the volume.
A disk volume is usually added to the Safeguard database to control who can create
files on that volume. By default, anyone can add a subvolume to the Safeguard
database.
The valid access authorities for a volume are:
For example, this command adds an authorization record for the volume $DATA, gives
CREATE authority to all members of group number 24, and gives ownership of the
VOLUME authorization record to user 24,9:
=ADD VOLUME $data, OWNER 24,9, ACCESS 24,* C
The Safeguard software always checks volumes for CREATE authority, but it must be
configured to check for the other access authorities at the volume and subvolume
levels. For more information about configuration, see Configuring Disk-File Control
on
page 9-18.
Diskfile-pattern authorization records can indirectly secure volumes. Diskfile-patterns
that use wild cards in the subvolume and filename elements may be used to determine
the entire volume access depending on the CHECK-DISKFILE-PATTERN setting. For
example, this command adds an diskfile-pattern authorization record that restricts all
diskfile access to volume $DATA to group 24 for READ only:
=ADD DISKFILE-PATTERN $data.*.* ACCESS 24,* R
READ The authority to read disk files on a Safeguard-protected volume
WRITE The authority to write to disk files on a Safeguard-protected volume
EXECUTE The authority to execute program files on a Safeguard-protected
volume
PURGE The authority to purge disk files on a Safeguard-protected volume
CREATE The authority to create disk files on a Safeguard-protected volume
OWNER The authority to change the authorization record for a Safeguard-
protected volume