beautypg.com

Using one authorization record to define another – HP Integrity NonStop J-Series User Manual

Page 47

background image

Securing Disk Files

Safeguard User’s Guide — 422089-020

3 - 13

Using One Authorization Record to Define Another

Example 1:

040,002 R

040,004 R

040,006 R

DENY 040,* R

In this example, the owner of the object wants to allow read access to only specific
users in group 40. However, the DENY statement overrides the other ACLs.

Example 2:

DENY 040,002 R

DENY 040,004 R

DENY 040,006 R

040,* R

In this example, read access is granted to all group 40 users except those specified in
the DENY statements. An alternative method is to grant access to specific
users in group 40.

Example 3:

DENY 030,030 O

200,200 R,O

DENY 255,255 *

(owner is 030,030)

In this example, the DENY clause is used to deny access to the super ID (255, 255)
and to the owner (030, 030).

Using One Authorization Record to Define Another

Managing long access control lists can be time consuming. To save time, you can use
an existing disk file authorization record to define another when you are adding a new
disk file. Use the keyword LIKE. You can use this keyword with the ADD DISKFILE or
SET DISKFILE command to specify the attributes and access control list of one file as
the base authorization record of another file.

Note. In this example, user (200,200) has owner (O) access and can change the record.

This manual is related to the following products: