Using one authorization record to define another, Freezing and thawing an access control list – HP NonStop G-Series User Manual

Page 41

Advertising
background image

Securing Disk Files

Safeguard User’s Guide422089-009

3- 11

Using One Authorization Record to Define Another

Using One Authorization Record to Define Another

Managing long access control lists can be time consuming. To save time, you can use
an existing disk file authorization record to define another when you are adding a new
disk file. Use the keyword LIKE. You can use this keyword with the ADD DISKFILE or
SET DISKFILE command to specify the attributes and access control list of one file as
the base authorization record of another file.

For example, suppose you want to use the same authorization record you defined for
quarter1 for another disk file called quarter2. To add quarter2 to the Safeguard
database, using the same security attributes and access control list as quarter1:

=ADD DISK quarter2, LIKE quarter1

You can also use LIKE with the ALTER DISKFILE command. However, with the ALTER
DISKFILE command, the access control list designated by LIKE does not replace the
existing access control list. The new list is added to the existing access control list.
LIKE does replace the other security attributes, such as auditing specifications,
CLEARONPURGE, and LICENSE.

Freezing and Thawing an Access Control List

The FREEZE DISKFILE command temporarily suspends the access control list for a
disk file. Only the primary owner (specified by the OWNER attribute), the primary
owner's group manager, the local super ID, and the users with OWNER authority on
the access control list can freeze or thaw an access control list. Also, only these users
can access the file while the access control list is frozen. No other users can read the
file, change it, execute it (if it is a program object file), or purge it.

For example, because you own quarter1, you can freeze access to the file with this
command:

=FREEZE DISKFILE quarter1

Use the INFO DISKFILE command to verify that the access control list is frozen:

=INFO DISK quarter1

Note.

The LIKE keyword sets all the security attributes of one file (not just the access control

list) to those of another file. LIKE sets all the attributes listed in Table 3-2, but it does not alter
the THAWED or FROZEN status of the file being added or altered.

LAST-MODIFIED OWNER STATUS WARNING-MODE
$DATA.SALES
QUARTER1 23JUL05, 15:25 2,1 FROZEN OFF

002,001 R,W,E,P
002,006 DENY W
002,018 R,W,E,P
004,012 R
008,004 DENY R
002,* R,W
008,* R

Advertising
This manual is related to the following products:

Integrity NonStop H-Series

Popular Brands
Popular manuals