HP Integrity NonStop J-Series User Manual
Page 38
Securing Disk Files
Safeguard User’s Guide — 422089-020
3 - 4
Adding a Disk File to the Safeguard Subsystem
Safeguard control by creating an authorization record for the file. You can define the
security for a file by setting the file's attributes in the authorization record. One of these
attributes is the OWNER attribute. Unless you change the OWNER attribute, you are
the owner, and only you (or a privileged user, namely, owner’s group manager and
super user) can make changes to the authorization record. You can also specify
multiple owners by giving other users OWNER authority on an access control list entry.
Any user with OWNER authority (or a privileged user, namely, owner’s group manager
and super user) can change the authorization record for the file. For additional details,
see
You can use diskfile patterns to add disk files to the Safeguard subsystem. For more
information, see
Section 9, Working with Patterns
The following exercise acquaints you with the process of adding a disk file to the
Safeguard database. The exercise assumes your user ID is 2,1, that you have a file
named report1, and that your default subvolume is $data.sales. The exercise further
assumes that you have started an interactive session by typing SAFECOM at the
TACL prompt.
Add the file named report1 to the Safeguard database using the following SAFECOM
command:
=ADD DISKFILE report1,OBJECT-TEXT-DESCRIPTION ‘‘Record created &
on April 04’’
This command creates an authorization record for report1 and associates the object
text description as comments of the authorization record. At this point, you can no
longer access the file because you have not specified an access control list. However,
because you are the file's owner, you can create an access control list that includes
your user ID. Only users specified on the access control list can access the file.
To see the authorization record for report1:
=INFO DISKFILE report1
The display shows:
The INFO display tells you that no access control list is defined.
Specify a simple access control list that gives you all authorities:
=ALTER DISKFILE report1, ACCESS 2,1 *
The asterisk (*) specifies READ, WRITE, EXECUTE, PURGE, and OWNER authorities
for user ID 2,1. It does not grant CREATE authority for disk files. CREATE is a special
type of authority that you use in conjunction with the PERSISTENT attribute. For
details, see
LAST-MODIFIED OWNER STATUS WARNING-MODE
$DATA.SALES
REPORT1 18JUL05, 11:00 2,1 THAWED OFF
NO ACCESS CONTROL LIST DEFINED!