Manualshelf

Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
OBJECTTYPE Control
Safeguard Administrator’s Manual—523317-029
5-6
Controlling an Entire Object Type
Controlling an Entire Object Type
Normally, only super-group users can add authorization records for volumes, devices,
and subdevices. However, all users can add authorization records for disk files that
they own as well as authorization records for any subvolumes, processes, or
subprocesses.
If you want to change who has authority to add objects of a certain type, add the object
type to the Safeguard database. Then create an access control list that gives CREATE
authority to specific users.
After you add an object type to the Safeguard database, you can give ownership of the
OBJECTTYPE authorization record to someone else by changing the OWNER
attribute. Like other objects, OBJECTTYPE authorization records can only be changed
by the primary owner, the primary owner's group manager, the super ID, or a user who
has owner authority on the access control list.
Note. Users with CREATE authority on an OBJECTTYPE access control list can add any
object of that type regardless of the object's ownership. For example, a user with CREATE
authority on OBJECTTYPE DISKFILE can create authorization records for any user's files that
are not already protected by the Safeguard software. Normally, users can add only their own
files. Therefore, you should not add an object type to the Safeguard database unless you are
sure you do not want to use the standard Safeguard restrictions.
Note. Starting with H06.24/J06.13 RVUs, the OBJECTTYPE USER is granted additional
access permissions, WRITE (W) and PURGE (P), along with the existing CREATE (C) and
OWNER (O) permissions. Members having the WRITE (W) permission on OBJECTTYPE
USER can modify any subject records. Members having the PURGE (P) permission on
OBJECTTYPE USER can purge any subject records.
Note. Starting with H06.26/J06.15 RVUs, the OBJECTTYPE
DISKFILE/VOLUME/SUBVOLUME is granted additional access permissions, WRITE (W) and
PURGE (P), along with the existing CREATE (C) and OWNER (O) permissions. Members
having the WRITE (W) permission on OBJECTTYPE DISKFILE/VOLUME/SUBVOLUME can
modify the respective DISKFILE/VOLUME/SUBVOLUME protection records. Members having
the PURGE (P) permission on OBJECTTYPE DISKFILE/VOLUME/SUBVOLUME can purge
the respective DISKFILE/VOLUME/SUBVOLUME protection records.
Note. Starting with H06.24/J06.13 RVUs, the OBJECTTYPE USER is granted additional
access permissions, WRITE (W) and PURGE (P), along with the existing CREATE (C) and
OWNER (O) permissions. Members having the WRITE (W) permission on OBJECTTYPE
USER can modify any subject records. Members having the PURGE (P) permission on
OBJECTTYPE USER can purge any subject records.