Manualshelf

User Manual

ManualsBrandsHP ManualsComputer HardwareNonStop G-Series
41424344454647484950
Securing Subvolumes
Safeguard User’s Guide422089-009
4-2
Access Authorities for Subvolumes
Access Authorities for Subvolumes
By default, anyone can protect a subvolume by adding it to the Safeguard database
and specifying the access authorities for the subvolume. The valid access authorities
for a subvolume are:
Commands Used With Subvolumes
All the Safeguard commands described for disk files in Section 3, Securing Disk Files,
are also valid for subvolumes. You can add, alter, delete, and freeze or thaw a
subvolume just as you do a disk file. You can also display and change the defaults for
subvolumes.
For example, the following command adds an authorization record for the subvolume
xdata, gives CREATE authority to group number 24, and gives ownership of the
SUBVOLUME authorization record to user 24,9:
=ADD SUBVOLUME xdata, OWNER 24,9, ACCESS 24,* C
The Safeguard software always checks subvolumes for CREATE authority, but it must
be configured to check for the other ACCESS authorities at the subvolume level. For
example, if you have created an authorization record for a subvolume that restricts
certain users from purging files on that subvolume, those users are still allowed to
purge files unless the Safeguard software has been configured to check access control
lists at the subvolume level.
Your system administrator is responsible for configuring the Safeguard software, as
described in the Safeguard Administrator's Manual.
You can also specify auditing for a subvolume in the same manner as you do for a disk
file. For example, this command causes all successful attempts to access the
subvolume xdata to be audited:
=ALTER SUBVOL xdata, AUDIT-ACCESS-PASS ALL
READ The authority to read disk files on a protected subvolume
WRITE The authority to write to disk files on a protected subvolume
EXECUTE The authority to execute program files on a protected subvolume
PURGE The authority to purge disk files on a protected subvolume
CREATE The authority to create disk files on a protected subvolume
OWNER The authority to change the authorization record for a subvolume