Granting or denying access to an acl, Granting access, Denying access – HP Integrity NonStop J-Series User Manual
Page 46
Securing Disk Files
Safeguard User’s Guide — 422089-020
3 - 12
Granting or Denying Access to an ACL
The entry for user ID 9, 23 has been removed from the access control list.
Granting or Denying Access to an ACL
You can grant or deny access to entries in an ACL.
Granting Access
The rules for granting access are:
•
A local super ID is granted all access to a Safeguard object, unless specifically
denied.
•
The primary owner of a Safeguard object is granted owner access (“O”), unless
specifically denied.
•
Except for the above two rules, any form of access is denied unless an ACL
specifically grants it.
•
Attempts to open a file for read/write access are not granted unless both accesses
are granted on the same ACL entry. For example, consider that the following ACL
is protecting a file:
001,255 R
*.* W
If user ID 1, 255 attempts to open the file for read/write access, the open will be
rejected with error 48.
The read and write access authorities must be listed in a single access entry for
read/write access to be granted.
Denying Access
You can deny access to ACLs using the DENY clause to:
•
Counteract cases where Safeguard grants access by default.
•
Address situations where a group is allowed access, but certain individual
members are denied access.
The following examples illustrate different scenarios in which the DENY clause is used.
Note. If you are attempting to remove a deleted user from an access control list, you must
specify the user ID, not the user name. A deleted user is one whose user authentication
record has been deleted from the Safeguard database.
Note. This rule does not apply to remote access.