Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)

Safeguard Administrator’s Manual—523317-029

5-1

5 OBJECTTYPE Control

So far, you have seen how to protect an individual object such as a disk volume by

creating an authorization record for it. This section describes how to use the

OBJECTTYPE commands to control who can create authorization records for objects

of a given type.

By default, only super-group users can create authorization records for volumes,

devices, and subdevices, but any user can create authorization records for processes,

subprocesses, subvolumes, and disk files. The OBJECTTYPE commands allow you to

change these restrictions by designating a specific set of users who can add new

subjects and objects to the Safeguard database.

With the OBJECTTYPE commands, you can specify:

•

Who can protect individual objects of a given type

•

Who can add users, aliases, and groups to the system

•

Who can add an OBJECTTYPE record to the Safeguard database

•

Who has owner authority of an OBJECTTYPE record

•

What auditing is applied to an OBJECTTYPE

Protecting individual objects

The following sample procedure shows how you can modify ACLs if you have Owner

authority over them. Assume users E.F, A.B, and USER.USER1.

Note. Users specified in the OBJECTTYPE can modify ACLs only if they have Owner

authority over them. For more information, see Protecting individual objects

Note. Starting with H06.26/J06.15 RVUs, the OBJECTTYPE

DISKFILE/VOLUME/SUBVOLUME is granted additional access permissions, WRITE (W)

and PURGE (P), along with the existing CREATE (C) and OWNER (O) permissions.

Members having the WRITE (W) permission on OBJECTTYPE

DISKFILE/VOLUME/SUBVOLUME can modify the respective

DISKFILE/VOLUME/SUBVOLUME protection records. Members having the PURGE (P)

permission on OBJECTTYPE DISKFILE/VOLUME/SUBVOLUME can purge the respective

DISKFILE/VOLUME/SUBVOLUME protection records.