beautypg.com

HP Integrity NonStop J-Series User Manual

Page 38

background image

Securing Disk Files

Safeguard User’s Guide — 422089-020

3 - 4

Adding a Disk File to the Safeguard Subsystem

Safeguard control by creating an authorization record for the file. You can define the
security for a file by setting the file's attributes in the authorization record. One of these
attributes is the OWNER attribute. Unless you change the OWNER attribute, you are
the owner, and only you (or a privileged user, namely, owner’s group manager and
super user) can make changes to the authorization record. You can also specify
multiple owners by giving other users OWNER authority on an access control list entry.
Any user with OWNER authority (or a privileged user, namely, owner’s group manager
and super user) can change the authorization record for the file. For additional details,
see

Specifying Ownership

on page 3-16.

You can use diskfile patterns to add disk files to the Safeguard subsystem. For more
information, see

Section 9, Working with Patterns

.

The following exercise acquaints you with the process of adding a disk file to the
Safeguard database. The exercise assumes your user ID is 2,1, that you have a file
named report1, and that your default subvolume is $data.sales. The exercise further
assumes that you have started an interactive session by typing SAFECOM at the
TACL prompt.

Add the file named report1 to the Safeguard database using the following SAFECOM
command:

=ADD DISKFILE report1,OBJECT-TEXT-DESCRIPTION ‘‘Record created &
on April 04’’

This command creates an authorization record for report1 and associates the object
text description as comments of the authorization record. At this point, you can no
longer access the file because you have not specified an access control list. However,
because you are the file's owner, you can create an access control list that includes
your user ID. Only users specified on the access control list can access the file.

To see the authorization record for report1:

=INFO DISKFILE report1

The display shows:

The INFO display tells you that no access control list is defined.

Specify a simple access control list that gives you all authorities:

=ALTER DISKFILE report1, ACCESS 2,1 *

The asterisk (*) specifies READ, WRITE, EXECUTE, PURGE, and OWNER authorities
for user ID 2,1. It does not grant CREATE authority for disk files. CREATE is a special
type of authority that you use in conjunction with the PERSISTENT attribute. For
details, see

The PERSISTENT Attribute

on page 3-18.

LAST-MODIFIED OWNER STATUS WARNING-MODE

$DATA.SALES

REPORT1 18JUL05, 11:00 2,1 THAWED OFF

NO ACCESS CONTROL LIST DEFINED!

This manual is related to the following products:
See also other documents in the category HP Computer hardware: