Safeguard Reference Manual (G06.29+, H06.08+, J06.03+)
Table Of Contents
- Safeguard Reference Manual
- Legal Notices
- Contents
- What is New in this Manual
- Manual Information
- New and Changed Information
- Changes to the 520618-030 manual
- Changes to the 520618-029 manual
- Changes to the 520618-028 manual
- Changes to the 520618-027 manual
- Changes to the 520618-026 manual
- Changes to the 520618-025 manual
- Changes to the H06.22/J06.11 manual
- Changes to the H06.21/J06.10 Manual
- Changes to the H06.20/J06.09 Manual
- Changes to the 520618-020 Manual
- Changes to the H06.19/J06.08 Manual
- About This Manual
- 1 Introduction
- 2 Common SAFECOM Language Elements
- 3 The Command to Run SAFECOM
- 4 SAFECOM Session-Control Commands
- 5 User Security Commands
- 6 User Alias Security Commands
- 7 Group Commands
- 8 Disk-File Security Commands
- Disk-File Ownership
- Disk-File Access Authorities
- Disk-File Access Authorization
- Disk-File Security Command Summary
- Syntax of Disk-File Security Commands
- ADD DISKFILE Command
- ADD DISKFILE-PATTERN Command
- ALTER DISKFILE Command
- ALTER DISKFILE-PATTERN Command
- DELETE DISKFILE Command
- DELETE DISKFILE-PATTERN Command
- FREEZE DISKFILE Command
- FREEZE DISKFILE-PATTERN Command
- INFO DISKFILE Command
- INFO DISKFILE-PATTERN Command
- RESET DISKFILE Command
- RESET DISKFILE-PATTERN Command
- SET DISKFILE Command
- SET DISKFILE-PATTERN Command
- SHOW DISKFILE Command
- SHOW DISKFILE-PATTERN Command
- THAW DISKFILE Command
- THAW DISKFILE-PATTERN Command
- SAFECOM Saved Diskfile Pattern Commands
- ADD SAVED-DISKFILE-PATTERN Command
- ALTER SAVED-DISKFILE-PATTERN Command
- DELETE SAVED-DISKFILE-PATTERN Command
- FREEZE SAVED-DISKFILE-PATTERN Command
- INFO SAVED-DISKFILE-PATTERN Command
- RESET SAVED-DISKFILE-PATTERN Command
- SET SAVED-DISKFILE-PATTERN Command
- SHOW SAVED-DISKFILE-PATTERN Command
- THAW SAVED-DISKFILE-PATTERN Command
- 9 Disk Volume and Subvolume Security Commands
- Volume Authorization Record Ownership
- Subvolume Authorization Record Ownership
- Volume and Subvolume Access Authorities
- Volume and Subvolume Access Authorization
- Volume and Subvolume Security Command Summary
- Syntax of Disk Volume and Subvolume Security Commands
- ADD VOLUME and SUBVOLUME Commands
- ALTER VOLUME and SUBVOLUME Commands
- DELETE VOLUME and SUBVOLUME Commands
- FREEZE VOLUME and SUBVOLUME Commands
- INFO VOLUME and SUBVOLUME Commands
- RESET VOLUME and SUBVOLUME Commands
- SET VOLUME and SUBVOLUME Commands
- SHOW VOLUME and SUBVOLUME Commands
- THAW VOLUME and SUBVOLUME Commands
- 10 Device and Subdevice Security Commands
- Device and Subdevice Authorization Record Ownership
- Device and Subdevice Access Authorities
- Device and Subdevice Access Authorization
- Device and Subdevice Security Command Summary
- Syntax of Device and Subdevice Security Commands
- ADD DEVICE and SUBDEVICE Commands
- ALTER DEVICE and SUBDEVICE Commands
- DELETE DEVICE and SUBDEVICE Commands
- FREEZE DEVICE and SUBDEVICE Commands
- INFO DEVICE and SUBDEVICE Commands
- RESET DEVICE and SUBDEVICE Commands
- SET DEVICE and SUBDEVICE Commands
- SHOW DEVICE and SUBDEVICE Commands
- THAW DEVICE and SUBDEVICE Commands
- 11 Process and Subprocess Security Commands
- Process and Subprocess Security
- Process and Subprocess Access Authorities
- Special NAMED and UNNAMED Process Protection Records
- Process and Subprocess Security Command Summary
- Syntax of the Process and Subprocess Security Commands
- ADD PROCESS and SUBPROCESS Commands
- ALTER PROCESS and SUBPROCESS Commands
- DELETE PROCESS and SUBPROCESS Commands
- FREEZE PROCESS and SUBPROCESS Commands
- INFO PROCESS and SUBPROCESS Commands
- RESET PROCESS and SUBPROCESS Commands
- SET PROCESS and SUBPROCESS Commands
- SHOW PROCESS and SUBPROCESS Commands
- THAW PROCESS and SUBPROCESS Commands
- 12 OBJECTTYPE Security Commands
- 13 Security Group Commands
- 14 Terminal Security Commands
- 15 Event-Exit-Process Commands
- 16 Safeguard Subsystem Commands
- 17 Running Other Programs From SAFECOM
- A SAFECOM Error and Warning Messages
- B Disk-File Access Rules
- Index
Disk-File Security Commands
Safeguard Reference Manual — 520618-030
8 - 2
Disk-File Access Authorities
Any user with OWNER authority on the ACL can explicitly deny a local super ID any of
the authorities (including OWNER) implicitly granted to that user ID and have this
denial actively enforced all of the time.
The primary owner can also set the PROGID attribute through the ALTER DISKFILE
command. The PROGID attribute is controlled by the super ID, primary owners, and
secondary owners, and is not transferable.
When a disk file is under Safeguard protection, the Safeguard software controls all
security attributes. The FUP GIVE, LICENSE, REVOKE, and SECURE commands are
superseded by Safeguard protection. Also, FUP INFO displays **** in the RWEP
column indicating that access to the file is controlled by the Safeguard software. The
owner must use SAFECOM DISKFILE commands to manage Safeguard access
controls for the file. If a file is placed automatically under the Safeguard control using
the DEFAULT-PROTECTION or PERSISTENT PROTECTION record, FUP INFO
displays **** in the RWEP column.
For example, a disk-file owner can use the ALTER DISKFILE command to change the
defined ACL entries. A file owner can also use the FREEZE DISKFILE command to
temporarily suspend access by other users and can later enter a THAW DISKFILE
command to restore access.
OWNER authority can be specified for all disk files protected by the Safeguard
software. OWNER is automatically included whenever the * authority code is used. It
can be abbreviated as O.
With the Safeguard software, the owner of a disk file can also be defined as a network
user. A network user who owns a protected file can use the Safeguard software from a
remote node to control access to that file (provided the user has remote passwords set
up between the two systems).
For more information about controlling the class of objects, see DISKFILE on
page 12-2.
You can also use diskfile patterns to secure disk files. For more information, see the
Safeguard User’s Guide.
Disk-File Access Authorities
The ACL defined for a disk file can grant any combination of these access authorities
to users and user groups:
READ Read the contents of a disk file
WRITE Modify the content
s of a disk file
EXECUTE Run a program object disk file as a process
PURGE Purge a disk file
CREATE Create a disk file
OWNER Manage the authorization record