Manualshelf

Safeguard User's Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
41424344454647484950
Securing Disk Files
Safeguard User’s Guide 422089-020
3 - 8
Specifying Access With the ADD DISKFILE
Command
Parentheses enclose multiple access authorities in three of the commands. You can
include more than one access specification in a single SET command, as in the last
command, by separating the specifications with a semicolon.
There are two ways to specify users—by name or by number. In the last command, the
user name admin.bill corresponds to user ID 8,4. The DENY keyword in the last
command specifically denies admin.bill a certain access, in this case R, which is READ
access. A specific denial such as this takes precedence over the access granted to
admin.bill as a group member. All other members of the admin group retain READ
access.
Next, use the SHOW command to make sure that the default access list is correct:
=SHOW DISKFILE
The display shows:
If you add files to the Safeguard dat
abase without specifying an access control list, the
files acquire the default access control list. The default access control list stays in
effect for the current SAFECOM session unless you change it.
Specifying Access With the ADD DISKFILE Command
If you specify access control list entries with the ADD DISKFILE command, those
entries plus the default entries make up the access control list for the added file.
Assume you want to use the default access control list for a file named quarter1 and
you also want to add user 4,12 with only READ access. If you have not exited
SAF
ECOM since the defaults were defined:
=ADD DISKFILE quarter1, ACCESS 4,12 R
TYPE OWNER WARNING-MODE
DISCFILE 2,1 OFF
OBJECT-TEXT-DESCRIPTION =
AUDIT-ACCESS-PASS = NONE AUDIT-MANAGE-PASS = NONE
AUDIT-ACCESS-FAIL = NONE AUDIT-MANAGE-FAIL = NONE
AUDIT-PRIV-LOGON = OFF
LICENSE = OFF PROGID = OFF CLEARONPURGE = OFF PERSISTENT = OFF
TRUST = OFF PRIV-LOGON = OFF
002,001 R,W,E,P
002,018 R,W,E,P
008,004 DENY R
002,* R,W
008,* R
Note. The attributes, AUDIT-PRIV-LOGON and PRIV-LOGON, are supported only on systems
running H06.11 and later H-series RVUs and G06.32 and later G-series RVUs. The OBJECT-
TEXT-DESCRIPTION attribute is supported only on systems running J06.05 and later J-series
RVUs and H06.16 and later H-series RVUs.