Security Management Guide (G06.24+, H06.03+)
Concerns for the User
Security Management Guide—522283-008
5-15
Safeguard Access Control Lists (ACLs)
These commands create a Safeguard access control list (ACL) that implements these
constraints:
17> SAFECOM
SAFEGUARD COMMAND INTERPRETER - T9750Xxx - (ddMMMyy)
=ADD DISKFILE myfile
=ALTER DISKFILE myfile, ACCESS (147,36, 10,20) (r,w)
=ALTER DISKFILE myfile, ACCESS (147,*) (r)
The following command displays the access control list:
=INFO DISKFILE myfile
LAST-MODIFIED OWNER STATUS
$BOOKS1.LSWORK
MYFILE 27APR90, 16:23 147,36 THAWED
147,036 R,W
010,020 R,W
147,* R
Access to a file can be influenced by Safeguard security even if FUP INFO or
FILEINFO does not indicate Safeguard protection. For example, the security of a file
can be affected by a Safeguard volume or subvolume protection record even if the file
itself is not directly protected by a Safeguard record.
Before attempting to secure any files or other objects you own, read the Safeguard
User’s Guide.
Precedence of Safeguard Protection
Safeguard protection replaces Guardian protection. While a file is under Safeguard
control, the Guardian security setting becomes inactive. Removing Safeguard control
or transferring the file to a system that does not have the Safeguard software
reactivates the Guardian protection. Copies of the file (such as a copy created with the
FUP DUP command) are not protected by the Safeguard software either unless
DEFAULT-PROTECTION has been established for the user copying the file.
Auditing File Access
The Safeguard software can audit successful and unsuccessful attempts to access
your files. However, access to the audit log is usually limited to the people responsible
for auditing.
Setting CLEARONPURGE With SAFECOM
For files under Safeguard protection, set CLEARONPURGE through the ALTER
DISKFILE command. For example, this command sets CLEARONPURGE for the file
named MYFILE:
18> SAFECOM ALTER DISKFILE myfile, CLEARONPURGE ON