beautypg.com

Guidelines, Troubleshooting, Execute these commands. for more information, see – HP NonStop G-Series User Manual

Page 72

background image

Role-based flexibility

DSM/Tape Catalog User’s Guide520233-008

4-2

Guidelines

This command provides all the permissions to the users of the group 121,*. The
security levels can be altered by specifying R, W, E, P, C, or O.

For more information on ADD GROUP, ALTER GROUP, or ADD USER, see
Safeguard Reference Manual.

Guidelines

Ensure that the latest MEDIACOM objects along with the requisite Safeguard and
standard security objects are installed on the system.

Add only those users who must perform the MEDIACOM operations listed in

Table 4-1

to the SECURITY-MEDIA-ADMIN group.

To explicitly deny permission to few members of a group, add that group to the
SECURITY-MEDIA-ADMIN group, and then set DENY ACL for the users to be
denied.

For example, all members of the SQL group are required to execute the
MEDIACOM commands listed in

Table 4-1

except for users SQL.TEST1 and

SQL.TEST2. Add the SQL group to the SECURITY-MEDIA-ADMIN group, and
then set DENY ACL for users SQL.TEST1 and SQL.TEST2.

To restrict the MEDIACOM operations listed in

Table 4-1

only to the super user,

add the SECURITY-MEDIA-ADMIN group. This addition allows only the super user
to execute the MEDIACOM operations, irrespective of whether the super user is
configured as DENIABLE or UNDENIABLE.

To deny a super user the authority to execute the MEDIACOM commands listed in

Table 4-1

, add the SECURITY-MEDIA-ADMIN group. Configure the super user as

DENIABLE and explicitly set a DENY ACL for the super user in the SECURITY-
MEDIA-ADMIN group.

Troubleshooting

This section describes the troubleshooting steps for role-based flexibility for the
following scenarios:

Scenario 1: A non-super user is denied permission to execute the commands,
DELETE TAPEFILE, ALTER TAPEFILE, and ALTER MEDIADEFS.

To troubleshoot this issue, verify the following:

Safeguard is running on the system. For more information, see Safeguard
Reference Manual.

The SECURITY-MEDIA-ADMIN group exists. If it does not exist, add the
group.

Note. If the SECURITY-MEDIA-ADMIN group is frozen, then the users having both O and E
permissions are only permitted to execute these MEDIACOM commands.

This manual is related to the following products:
See also other documents in the category HP Computer hardware: