Deleting an access control list entry – HP Integrity NonStop J-Series User Manual

Securing Disk Files

Safeguard User’s Guide — 422089-020

3 - 11

Deleting an Access Control List Entry

The display shows:

.

A grant of authorities for a specific user is not cumulative even if that user's group also
appears on the access control list. Furthermore, the authorities required for any
specific transaction must appear in a single entry on the access control list.

For instance, assume that user 2,5 has only READ access to a file and that group 2,*
has WRITE access to the file. In this case, user 2,5 could either read the file or write to
it but could not perform an operation such as editing that requires both READ and
WRITE access.

You can specify up to 50 access control list entries. To remove an access authority
from an entry, use the minus sign (-), as described in the next subsection.

Deleting an Access Control List Entry

You can revoke access authorities previously granted to a user or group of users by
using a minus sign (-). If you revoke all authorities granted to a user or group of users,
the access control list entry is deleted.

For example, suppose you no longer want user ID 9,23, to have access to quarter1. To
remove the entry on the access control list:

=ALTER DISKFILE quarter1, ACCESS 9,23 - (R,W)

Because you removed all the authorities granted to user 9,23 the entry is deleted. To
display the modified access control list:

=INFO DISK quarter1

LAST-MODIFIED OWNER STATUS WARNING-MODE

$SYSTEM.SFGD TEST

14JUL11, 17:34

255,255 THAWED OFF

NO ACCESS CONTROL LIST DEFINED!

PROCESS-ACCESS LIST =
2,1 E

Note. A denial of authorities for a user takes away only those authorities specifically denied.
Any other authorities granted to that user or that user's group are still valid for the user.

LAST-MODIFIED OWNER STATUS WARNING-MODE

$DATA.SALES

QUARTER1 23JUL05, 15:15 2,1 THAWED OFF

002,001 R,W,E,P

002,006 DENY W

002,018 R,W,E,P

004,012 R

008,004 DENY R

002,* R,W

008,* R