Safeguard Reference Manual (G06.29+, H06.08+, J06.03+)
Table Of Contents
- Safeguard Reference Manual
- Legal Notices
- Contents
- What is New in this Manual
- Manual Information
- New and Changed Information
- Changes to the 520618-030 manual
- Changes to the 520618-029 manual
- Changes to the 520618-028 manual
- Changes to the 520618-027 manual
- Changes to the 520618-026 manual
- Changes to the 520618-025 manual
- Changes to the H06.22/J06.11 manual
- Changes to the H06.21/J06.10 Manual
- Changes to the H06.20/J06.09 Manual
- Changes to the 520618-020 Manual
- Changes to the H06.19/J06.08 Manual
- About This Manual
- 1 Introduction
- 2 Common SAFECOM Language Elements
- 3 The Command to Run SAFECOM
- 4 SAFECOM Session-Control Commands
- 5 User Security Commands
- 6 User Alias Security Commands
- 7 Group Commands
- 8 Disk-File Security Commands
- Disk-File Ownership
- Disk-File Access Authorities
- Disk-File Access Authorization
- Disk-File Security Command Summary
- Syntax of Disk-File Security Commands
- ADD DISKFILE Command
- ADD DISKFILE-PATTERN Command
- ALTER DISKFILE Command
- ALTER DISKFILE-PATTERN Command
- DELETE DISKFILE Command
- DELETE DISKFILE-PATTERN Command
- FREEZE DISKFILE Command
- FREEZE DISKFILE-PATTERN Command
- INFO DISKFILE Command
- INFO DISKFILE-PATTERN Command
- RESET DISKFILE Command
- RESET DISKFILE-PATTERN Command
- SET DISKFILE Command
- SET DISKFILE-PATTERN Command
- SHOW DISKFILE Command
- SHOW DISKFILE-PATTERN Command
- THAW DISKFILE Command
- THAW DISKFILE-PATTERN Command
- SAFECOM Saved Diskfile Pattern Commands
- ADD SAVED-DISKFILE-PATTERN Command
- ALTER SAVED-DISKFILE-PATTERN Command
- DELETE SAVED-DISKFILE-PATTERN Command
- FREEZE SAVED-DISKFILE-PATTERN Command
- INFO SAVED-DISKFILE-PATTERN Command
- RESET SAVED-DISKFILE-PATTERN Command
- SET SAVED-DISKFILE-PATTERN Command
- SHOW SAVED-DISKFILE-PATTERN Command
- THAW SAVED-DISKFILE-PATTERN Command
- 9 Disk Volume and Subvolume Security Commands
- Volume Authorization Record Ownership
- Subvolume Authorization Record Ownership
- Volume and Subvolume Access Authorities
- Volume and Subvolume Access Authorization
- Volume and Subvolume Security Command Summary
- Syntax of Disk Volume and Subvolume Security Commands
- ADD VOLUME and SUBVOLUME Commands
- ALTER VOLUME and SUBVOLUME Commands
- DELETE VOLUME and SUBVOLUME Commands
- FREEZE VOLUME and SUBVOLUME Commands
- INFO VOLUME and SUBVOLUME Commands
- RESET VOLUME and SUBVOLUME Commands
- SET VOLUME and SUBVOLUME Commands
- SHOW VOLUME and SUBVOLUME Commands
- THAW VOLUME and SUBVOLUME Commands
- 10 Device and Subdevice Security Commands
- Device and Subdevice Authorization Record Ownership
- Device and Subdevice Access Authorities
- Device and Subdevice Access Authorization
- Device and Subdevice Security Command Summary
- Syntax of Device and Subdevice Security Commands
- ADD DEVICE and SUBDEVICE Commands
- ALTER DEVICE and SUBDEVICE Commands
- DELETE DEVICE and SUBDEVICE Commands
- FREEZE DEVICE and SUBDEVICE Commands
- INFO DEVICE and SUBDEVICE Commands
- RESET DEVICE and SUBDEVICE Commands
- SET DEVICE and SUBDEVICE Commands
- SHOW DEVICE and SUBDEVICE Commands
- THAW DEVICE and SUBDEVICE Commands
- 11 Process and Subprocess Security Commands
- Process and Subprocess Security
- Process and Subprocess Access Authorities
- Special NAMED and UNNAMED Process Protection Records
- Process and Subprocess Security Command Summary
- Syntax of the Process and Subprocess Security Commands
- ADD PROCESS and SUBPROCESS Commands
- ALTER PROCESS and SUBPROCESS Commands
- DELETE PROCESS and SUBPROCESS Commands
- FREEZE PROCESS and SUBPROCESS Commands
- INFO PROCESS and SUBPROCESS Commands
- RESET PROCESS and SUBPROCESS Commands
- SET PROCESS and SUBPROCESS Commands
- SHOW PROCESS and SUBPROCESS Commands
- THAW PROCESS and SUBPROCESS Commands
- 12 OBJECTTYPE Security Commands
- 13 Security Group Commands
- 14 Terminal Security Commands
- 15 Event-Exit-Process Commands
- 16 Safeguard Subsystem Commands
- 17 Running Other Programs From SAFECOM
- A SAFECOM Error and Warning Messages
- B Disk-File Access Rules
- Index
Disk-File Security Commands
Safeguard Reference Manual — 520618-030
8 - 13
ADD DISKFILE Command
A process originated from a program file calling USER_AUTHENTICATE_ with
a 2 and 15 bit set to ON, the requesting user for authentication need not give a
password. Even with wrong password the user will be able to logon
successfully as bit 2 and 15 in the options field. In case of only bit 2 set to 1
and bit 15 as 0; no fail delay will take place. That is, no failure delay will be
imposed even after three attempts with wrong password. The authentication
will not be successful but there will be no delay imposed.
Also establishes whether the program file (object disk file) can request a delay
to be imposed for failed logon attempts. When set to ON, a process created
from this program file is not subjected to logon failure delays.
OFF is the initial value.
PRIV-LOGON may also be used in the WHERE expression of a command to
restrict scope of that command to files with PRIV-LOGON ON.
Considerations
•
Attributes in an ADD command affect only the record added.
Any attribute specifications in an ADD DISKFILE command affect only the
authorization record being created and do not change the current default disk-file
attribute values. This condition is also true for a LIKE clause in an ADD DISKFILE
command.
•
Disk-file security can be managed from a remote node.
An authorization record for a disk file can be added by only the local owner of the
file, the owner’s group manager, or the super ID. However, if a disk-file
authorization record is added that specifies a network user ID for the OWNER
attribute, the authorization record can be altered, frozen, thawed, and deleted by
that network user from a remote or local node.
•
Relationship between ADD DISKFILE and the FUP GIVE, SECURE, LICENSE,
and REVOKE commands
After you create an authorization record for a
disk file, the FUP GIVE, SECURE,
LICENSE, and REVOKE commands no longer work for the disk file. You must use
the ALTER DISKFILE command to perform the equivalent operations. (For a list of
equivalent FUP and SAFECOM commands, see the Considerations for ALTER
DISKFILE Command on page 8-21.)
However, the super ID can use the FUP SECURE, LICENSE, and REVOKE
commands on a disk file that has a Safeguard protection record. Even though this
usage is allowed, restrict it to emergency situations. It can result in access
mediation problems and inconsistencies in Safeguard protection records.
•
Using LIKE disk-file-name