Security Management Guide (G06.24+, H06.03+)
Safeguard System Security
Security Management Guide—522283-008
3-22
Default Protection for User’s Files
If the Safeguard subsystem is stopped for any reason, disk files with Safeguard
authorization records are accessible only by the primary owner, the primary owner’s
group manager, and the super ID. The security string still appears as ****. The super ID
can return the file to Guardian protection by issuing the FUP SECURE command with
a desired security string.
Default Protection for User’s Files
If you specify DEFAULT-PROTECTION for a user’s Guardian disk files, Safeguard
authorization records are created automatically for any files the user creates even if the
user does not have CREATE authority on the OBJECTTYPE DISKFILE access control
list. Default protection has no effect on OSS disk files.
The ACL-REQUIRED-DISKFILE Attribute
If the Safeguard configuration attribute ACL-REQUIRED-DISKFILE is set ON, access
to any disk file is denied unless that disk file has an access control list that grants the
requested access. If your policy requires ACL-REQUIRED-DISKFILE, be sure all files,
especially those necessary for day-to-day operation, have appropriate access control
lists. Otherwise, critical files needed for system operation might be inaccessible.