Manualshelf

Security Management Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
71727374757677787980
Safeguard System Security
Security Management Guide 522283-021
3 - 13
Emulating Guardian Security Strings
If you grant users network access to an object, only users with matching remote
passwords are actually granted access. When you use the network form of a user
ID, the user is also given access at the local level.
To grant a user all valid ACCESS authorities for a given object, use an asterisk (*)
instead of specifying each individual authority. However, be careful not to grant a
user more authorities than intended. Be aware of all the valid authorities for the
object you are securing.
User aliases cannot appear on an access control list. When a user is logged on as an
alias, access decisions are based on the underlying user ID associated with that alias.
Emulating Guardian Security Strings
If you want Guardian files protected by Safeguard access control lists, but you want to
keep the access equivalent to the Guardian settings, you can emulate these security
settings with the Safeguard software. For example, you can create a Safeguard access
control list to emulate the Guardian security string of AOAO.
Table 3-1 lists the equivalent access control list representations for Guardian security
settings. The user ID 8,141 is used as an example.
Example
Using the user ID 8,141 as an example, you would translate the Guardian security
string AOAO to the following Safeguard access control list:
8,141 R,W,E,P, O
*,* R, E
The logic behind this transla
tion is as follows:
The Guardian string grants READ and EXECUTE authority to anyone on the
system; hence the second access control list entry.
Note. An asterisk does not cause CREATE authority to be granted for disk files because
CREATE authority applies only to disk files that have the PERSISTENT attribute ON. For more
information about the PERSISTENT attribute, see the Safeguard Administrator’s Manual.
Table 3-1. Safeguard Equivalents for Guardian Security Strings
Guardian Setting Safeguard Access Control List Equivalent
O (local owner) 8,141
G (local group) 8,*
A (any local user) *,*
U (network owner) \*.8,141
C (network group) \*.8,*
N (any user) \*.*,*
- (local super ID) 255,255