Manualshelf

Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
OBJECTTYPE Control
Safeguard Administrator’s Manual—523317-029
5-8
Controlling Users as an Object Type
Now display the authorization record for OBJECTTYPE SUBDEVICE:
=INFO OBJECTTYPE SUBDEVICE
The authorization record has the same attributes as OBJECTTYPE DEVICE.
Now users whose administrative group is group 12 are the only users who can add
authorization records for device and subdevice names.
Controlling Users as an Object Type
Usually, only the super ID and group managers can add users to the system. If you
add OBJECTTYPE USER to the Safeguard database, however, you can create an
access control list that specifies who can add users. OBJECTTYPE USER also
controls who can add aliases and groups.
To add users, aliases, or groups, a user must have CREATE authority on the access
control list for OBJECTTYPE USER.
To delete users or aliases, a user must have PURGE authority on the access control
list for OBJECTTYPE USER. To delete a group, a user must own the individual
protection record being deleted.
Suppose you want only group 10 to add users, aliases, and groups. Consider this
command:
=ADD OBJECTTYPE USER, ACCESS 10,* *, OWNER 10,1
This command gives CREATE, OWNER, WRITE and PURGE authority to all users
who have group 10 as their administrative group. They can add users by creating user
authentication records. Group managers no longer have authority to add users, but the
super ID retains this authority. This command also gives user ID 10,1 ownership of the
authorization record for OBJECTTYPE USER.
LAST-MODIFIED OWNER STATUS WARNING-MODE
OBJECTTYPE SUBDEVICE
26JAN88, 11:10 12,8 THAWED OFF
012,* C
Note. The super ID retains the ability to create protection records for an object type even if
you add an OBJECTTYPE protection record for that object type. If you want to deny this
authority, you must specifically deny it on the access control list for that object type. The super
ID has all access authorities for all system objects unless you specifically deny those
authorities on an object's access control list.
Note. The OBJECTTYPE USER is granted additional access permissions WRITE(W) and
PURGE(P), along with the existing CREATE(C) and OWNER(O) permissions. OBJECTTYPE
USER can modify the subject records using the WRITE(W) permission. OBJECTTYPE USER
can purge any subject records using the PURGE(P) permission. This is applicable on systems
running J06.13 and later J-series RVUs and H06.24 and later H-series RVUs.