beautypg.com

Working with access control lists, Establishing a default access control list – HP Integrity NonStop J-Series User Manual

Page 41

background image

Securing Disk Files

Safeguard User’s Guide — 422089-020

3 - 7

Working With Access Control Lists

Working With Access Control Lists

You can define access control lists in three ways:

By setting a default access control list for a SAFECOM session (with the SET
DISKFILE command)

By specifying an access control list when you add the file to the Safeguard
database (with the ADD DISKFILE command)

By altering the authorization record (with the ALTER DISKFILE command)

In every case, the access control list for a disk file defines the users and user groups
who can access the file. Only the primary owner of the authorization record for a disk
file, the primary owner's group manager, the local super ID, and users with OWNER
authority on the access control list can modify the access control list. For more
information about ownership, see

Specifying Ownership

on page 3-16.

An access control list for a disk file can grant or deny any combination of the following
access authorities:

Establishing a Default Access Control List

If you are adding several disk files to the Safeguard database during one SAFECOM
session, you might want to create a default access control list. Then, if you want to use
the same access control list for each file, you do not need to respecify it each time you
add a file to the Safeguard database.

To establish a default access control list, use the SET DISKFILE command. Consider
the following set of commands:

=RESET DISKFILE ACCESS

=SET DISKFILE ACCESS 2,1 (R,W,E,P)

=SET DISKFILE ACCESS 2,18 (R,W,E,P)

=SET DISKFILE ACCESS 2,* (R,W)

=SET DISKFILE ACCESS admin.* R ; admin.bill DENY R

Once again, assume you are user 2,1. The RESET command clears the current default
access control list. This preliminary step ensures that no default access control list
entries remain from previous SET DISKFILE commands. Then use SET commands to
establish a new default access list.

READ

The authority to read a disk file

WRITE

The authority to write to a disk file

EXECUTE

The authority to execute a program file as a process

PURGE

The authority to purge a disk file

CREATE

The authority to create a disk file

OWNER

The authority to change the authorization record for a disk file

This manual is related to the following products:
See also other documents in the category HP Computer hardware: