Manualshelf

Safeguard User's Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
41424344454647484950
Securing Disk Files
Safeguard User’s Guide 422089-020
3 - 7
Working With Access Control Lists
Working With Access Control Lists
You can define access control lists in three ways:
By setting a default access control list for a SAFECOM session (with the SET
DISKFILE command)
By specifying an access control list when you add the file to the Safeguard
database (with the ADD DISKFILE command)
By altering the authorization record (with the ALTER DISKFILE command)
In every case, the access control list for a disk file defines the users and user groups
who can access the file. Only the primary owner of the authorization record for a disk
file, the primary owner's group manager, the local super ID, and users with OWNER
authority on the access control list can modify the access control list. For more
information about ownership, see Specifying Ownership on page 3-16.
An access control list for a disk file can grant or deny any combination of the following
access authorities:
Establishing a Default Access Control List
If you are adding several disk files to the Safeguard database during one SAFECOM
session, you might want to create a default access control list. Then, if you want to use
the same access control list for each file, you do not need to respecify it each time you
add a file to the Safeguard database.
To establish a default access control list, use the SET DISKFILE command. Consider
the following set of commands:
=RESET DISKFILE ACCESS
=SET DISKFILE ACCESS 2,1 (R,W,E,P)
=SET DISKFILE ACCESS 2,18 (R,W,E,P)
=SET DISKFILE ACCESS 2,* (R,W)
=SET DISKFILE ACCESS admin.* R ; admin.bill DENY R
Once again, assume you are user 2,1. The RESET command clears the current default
access control list. This preliminary step ensures that no default access control list
entries remain from previous SET DISKFILE commands. Then use SET commands to
establish a new default access list.
READ The authority to read a disk file
WRITE The authority to write to a disk file
EXECUTE The authority to execute a program file as a process
PURGE The authority to purge a disk file
CREATE The authority to create a disk file
OWNER The authority to change the authorization record for a disk file