Manualshelf

Safeguard Audit Service Manual (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
21222324252627282930
Specifying Auditing
Safeguard Audit Service Manual520480-014
2-5
How Attempts to Access Objects Are Audited
The audit-spec variable for AUDIT-ACCESS-PASS and AUDIT-ACCESS-FAIL can
be any one of these four values:
ALL
All attempts to access the object are recorded in the current audit file.
LOCAL
Only local attempts to access this object are recorded in the current audit file.
REMOTE
Only remote attempts to access this object are recorded in the current audit file.
(A remote attempt is one made by a process started by a network user logged on
to a remote system. The process itself might be running on the network user's
system or on this system.)
NONE
No attempts to access this object are recorded in the current audit file. NONE is
the default value for both AUDIT-ACCESS-PASS and AUDIT-ACCESS-FAIL.
Examples
This example shows how an owner of the protection record can specify auditing for all
successful attempts to access the file $DATA.SALES.RECORD1 (that is, all attempts
to read, write, execute, or purge the file):
=ALTER DISKFILE $data.sales.record1, AUDIT-ACCESS-PASS all
Similarly, an owner can specify the auditing of all unsuccessful remote attempts to
access the file $DATA.SALES.RECORD2:
=ALTER DISKFILE $data.sales.record2, AUDIT-ACCESS-FAIL remote
How Attempts to Access Objects Are Audited
When an attempt is made to access a protected object, the Safeguard subsystem
performs this procedure to authorize the request and to determine if auditing is
required:
1. The protection record for the object is consulted to determine whether the user
identified by the process accessor ID (PAID) has the required authority to access
the object.
2. If the user has the required authority, the Safeguard subsystem allows the
requested access and checks the value of the AUDIT-ACCESS-PASS attribute. If
AUDIT-ACCESS-PASS is specified, the successful access is recorded in the
current audit file.
3. If the user lacks the required authority, the Safeguard subsystem issues a security
violation (error 48) and checks the value of the AUDIT-ACCESS-FAIL attribute. If