Manualshelf

Safeguard Audit Service Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
31323334353637383940
Specifying Auditing
Safeguard Audit Service Manual 520480-031
2 - 6
How Attempts to Access Objects Are Audited
Examples
This example shows how an owner of the protection record can specify auditing for all
successful attempts to access the file $DATA.SALES.RECORD1 (that is, all attempts to
read, write, execute, or purge the file):
=ALTER DISKFILE $data.sales.record1, AUDIT-ACCESS-PASS all
Similarly, an owner can specify the auditing of all unsuccessful remote attempts to
access the file $DATA.SALES.RECORD2:
=ALTER DISKFILE $data.sales.record2, AUDIT-ACCESS-FAIL remote
How Attempts to Access Objects Are Audited
When an attempt is made to access a protected object, the Safeguard subsystem
performs this procedure to authorize the request and to determine if auditing is
required:
1. The protection record for the object is consulted to determine whether the user
identified by the process accessor ID (PAID) has the required authority to access
the object.
2. If the user has the required authority, the Safeguard subsystem allows the
requested access and checks the value of the AUDIT-ACCESS-PASS attribute. If
AUDIT-ACCESS-PASS is specified, the successful access is recorded in the
current audit file.
3. If the user lacks the required authority, the Safeguard subsystem issues a security
violation (error 48) and checks the value of the AUDIT-ACCESS-FAIL attribute. If
AUDIT-ACCESS-FAIL is specified, the failed access attempt is recorded in the
current audit file.
Rulings From the Event-Exit-Process
If the Event-Exit-Process is enabled and it rejects an attempt to access an object,
the attempt is not audited. If the Event-Exit-Process returns YES or NORECORD,
the event is processed by the Safeguard subsystem, and the attempt is audited if
specified.
Note. Safeguard configuration might affect whether protection records are consulted. If a
protection record is not consulted, auditing specified in the protection record does not occur.
For more information, see the ALTER SAFEGUARD command in the Safeguard Reference
Manual.