Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

101

102

103

104

105

106

107

108

109

110

Concerns for the User

Security Management Guide—522283-008

5-14

TACL Process Security

for a new file, the information from the file remains on the disk, still readable by

programs that examine the disk directly.

Designate CLEARONPURGE for all sensitive files.

For files not under Safeguard protection, CLEARONPURGE can be set through the

FUP SECURE command or by a program using a SETMODE or SETMODENOWAIT

procedure call. For example, this command sets CLEARONPURGE for the file named

MYFILE:

15> FUP SECURE MYFILE,,CLEARONPURGE

If the file is protected by a Safeguard authorization record, see Setting

CLEARONPURGE With SAFECOM on page 5-15.

TACL Process Security

Your TACL process also has security associated with it. The process has a two-

character security setting. Each character can be one of the seven security specifiers,

noted in Table 5-2 on page 5-10, that are used to specify Guardian file security. The

first character in the security setting is significant because it designates who can open

the process. Through use of the TACL ENQUIRY facility, anyone who can open your

TACL process can also access the OUT file written by the process. For this reason,

you might want to limit access to your TACL process.

When you first log on, this security setting is initialized to NN. You can change the

setting with the TACL built-in variable #TACLSECURITY. For example, this command

changes the security setting to OO:

16> #SET #TACLSECURITY 'OO'

For more information, see the TACL Reference Manual.

Safeguard Access Control Lists (ACLs)

When you need highly specific control over who can access a file in the Guardian

environment and the type of access allowed, you must use a Safeguard access control

list. An access control list associates a level of access with one or more user IDs.

Safeguard access control lists have no effect on OSS file security.

For example, you might use an access control list to set these constraints on who has

access to your file and the type of access allowed:

•

Only you (user ID 147,36) and one other (user ID 10,20) can read or write to the

file.

•

Any local member of your administrative group (group 147) or file-sharing member

of the group can read the file.

•

No one else can access your file.

Note. Your system might be configured to automatically clear purged files. See your security

administrator or your system manager.