Safeguard Reference Manual (G06.29+, H06.08+, J06.03+)
Table Of Contents
- Safeguard Reference Manual
- Legal Notices
- Contents
- What is New in this Manual
- Manual Information
- New and Changed Information
- Changes to the 520618-030 manual
- Changes to the 520618-029 manual
- Changes to the 520618-028 manual
- Changes to the 520618-027 manual
- Changes to the 520618-026 manual
- Changes to the 520618-025 manual
- Changes to the H06.22/J06.11 manual
- Changes to the H06.21/J06.10 Manual
- Changes to the H06.20/J06.09 Manual
- Changes to the 520618-020 Manual
- Changes to the H06.19/J06.08 Manual
- About This Manual
- 1 Introduction
- 2 Common SAFECOM Language Elements
- 3 The Command to Run SAFECOM
- 4 SAFECOM Session-Control Commands
- 5 User Security Commands
- 6 User Alias Security Commands
- 7 Group Commands
- 8 Disk-File Security Commands
- Disk-File Ownership
- Disk-File Access Authorities
- Disk-File Access Authorization
- Disk-File Security Command Summary
- Syntax of Disk-File Security Commands
- ADD DISKFILE Command
- ADD DISKFILE-PATTERN Command
- ALTER DISKFILE Command
- ALTER DISKFILE-PATTERN Command
- DELETE DISKFILE Command
- DELETE DISKFILE-PATTERN Command
- FREEZE DISKFILE Command
- FREEZE DISKFILE-PATTERN Command
- INFO DISKFILE Command
- INFO DISKFILE-PATTERN Command
- RESET DISKFILE Command
- RESET DISKFILE-PATTERN Command
- SET DISKFILE Command
- SET DISKFILE-PATTERN Command
- SHOW DISKFILE Command
- SHOW DISKFILE-PATTERN Command
- THAW DISKFILE Command
- THAW DISKFILE-PATTERN Command
- SAFECOM Saved Diskfile Pattern Commands
- ADD SAVED-DISKFILE-PATTERN Command
- ALTER SAVED-DISKFILE-PATTERN Command
- DELETE SAVED-DISKFILE-PATTERN Command
- FREEZE SAVED-DISKFILE-PATTERN Command
- INFO SAVED-DISKFILE-PATTERN Command
- RESET SAVED-DISKFILE-PATTERN Command
- SET SAVED-DISKFILE-PATTERN Command
- SHOW SAVED-DISKFILE-PATTERN Command
- THAW SAVED-DISKFILE-PATTERN Command
- 9 Disk Volume and Subvolume Security Commands
- Volume Authorization Record Ownership
- Subvolume Authorization Record Ownership
- Volume and Subvolume Access Authorities
- Volume and Subvolume Access Authorization
- Volume and Subvolume Security Command Summary
- Syntax of Disk Volume and Subvolume Security Commands
- ADD VOLUME and SUBVOLUME Commands
- ALTER VOLUME and SUBVOLUME Commands
- DELETE VOLUME and SUBVOLUME Commands
- FREEZE VOLUME and SUBVOLUME Commands
- INFO VOLUME and SUBVOLUME Commands
- RESET VOLUME and SUBVOLUME Commands
- SET VOLUME and SUBVOLUME Commands
- SHOW VOLUME and SUBVOLUME Commands
- THAW VOLUME and SUBVOLUME Commands
- 10 Device and Subdevice Security Commands
- Device and Subdevice Authorization Record Ownership
- Device and Subdevice Access Authorities
- Device and Subdevice Access Authorization
- Device and Subdevice Security Command Summary
- Syntax of Device and Subdevice Security Commands
- ADD DEVICE and SUBDEVICE Commands
- ALTER DEVICE and SUBDEVICE Commands
- DELETE DEVICE and SUBDEVICE Commands
- FREEZE DEVICE and SUBDEVICE Commands
- INFO DEVICE and SUBDEVICE Commands
- RESET DEVICE and SUBDEVICE Commands
- SET DEVICE and SUBDEVICE Commands
- SHOW DEVICE and SUBDEVICE Commands
- THAW DEVICE and SUBDEVICE Commands
- 11 Process and Subprocess Security Commands
- Process and Subprocess Security
- Process and Subprocess Access Authorities
- Special NAMED and UNNAMED Process Protection Records
- Process and Subprocess Security Command Summary
- Syntax of the Process and Subprocess Security Commands
- ADD PROCESS and SUBPROCESS Commands
- ALTER PROCESS and SUBPROCESS Commands
- DELETE PROCESS and SUBPROCESS Commands
- FREEZE PROCESS and SUBPROCESS Commands
- INFO PROCESS and SUBPROCESS Commands
- RESET PROCESS and SUBPROCESS Commands
- SET PROCESS and SUBPROCESS Commands
- SHOW PROCESS and SUBPROCESS Commands
- THAW PROCESS and SUBPROCESS Commands
- 12 OBJECTTYPE Security Commands
- 13 Security Group Commands
- 14 Terminal Security Commands
- 15 Event-Exit-Process Commands
- 16 Safeguard Subsystem Commands
- 17 Running Other Programs From SAFECOM
- A SAFECOM Error and Warning Messages
- B Disk-File Access Rules
- Index
Disk-File Security Commands
Safeguard Reference Manual — 520618-030
8 - 15
ADD DISKFILE-PATTERN Command
Only a local super ID can add an authorization record for a licensed program
object file and retain the license attribute in the newly added authorization record.
Examples
•
The owner of the disk file $DATA.KEEP.INFO uses these commands to add a
Safeguard authorization record for the file, provide its description, and give
ownership of the file to a member of group 86:
=SET DISKFILE ACCESS 86,2 (r,w,e,p); 86,* (r,e)
=SET DISKFILE CLEARONPURGE ON, AUDIT-ACCESS-PASS all,&
=AUDIT-MANAGE-PASS all
=ADD DISKFILE $DATA.KEEP.INFO,OBJECT-TEXT-DESCRIPTION “ACL &
and Record Created”,OWNER 86,2
The first SET command establishes an ACL that grants all four access privileges
(RWEP) to user ID 86,2 and allows every member of the group 86 to read and
execute the file. Next, the CLEARONPURGE attribute is set to ON, and the
Safeguard software is instructed to audit all successful attempts to access this file
or its authorization record. Finally, the ADD command adds a Safeguard record,
allows you to add information on the object, and sets the OWNER attribute to user
ID 86,2.
•
Following example creates a process from a diskfile and grants create permissions
to a specific user or group.
add diskfile $data.vol.test, process-access x.y C
A process is created from object test such that create permission is granted to the
user x.y.
ADD DISKFILE-PATTERN Command
ADD DISKFILE-PATTERN creates a Safeguard authorization record for one or more
disk files. After a diskfile-pattern authorization record is created, all attempts to access
the disk files described by that pattern are subject to a Safeguard authorization check
and optionally to Safeguard auditing.
You can use SET DISKFILE-PATTERN to establish default disk-file attribute values
and then use ADD DISKFILE-PATTERN simply to name the disk files to which the
default attributes are to be applied. You can also specify values for the disk-file
Caution. When adding an authorization record for a licensed program object file, set the
LICENSE attribute value to ON. If the LICENSE attribute is OFF (the default value), the
license for that object file is revoked.
When you add an authorization record for a disk file th
at currently has the PROGID or
CLEARONPURGE options set to ON, set the corresponding disk file attribute to ON before
adding the authorization record. (The default attribute value for PROGID and
CLEARONPURGE is OFF.)