Access authorities for subvolumes, Commands used with subvolumes – HP Integrity NonStop J-Series User Manual

Page 60

Advertising
background image

Securing Subvolumes

Safeguard User’s Guide — 422089-020

4 - 2

Access Authorities for Subvolumes

Access Authorities for Subvolumes

By default, anyone can protect a subvolume by adding it to the Safeguard database
and specifying the access authorities for the subvolume. The valid access authorities
for a subvolume are:

Commands Used With Subvolumes

All the Safeguard commands described for disk files in

Section 3, Securing Disk Files

,

are also valid for subvolumes. You can add, alter, delete, and freeze or thaw a
subvolume just as you do a disk file. You can also display and change the defaults for
subvolumes.

For example, the following command adds an authorization record for the subvolume
xdata, allows to enter OBJECT-TEXT-DESCRIPTION, gives CREATE authority to
group number 24, and gives ownership of the SUBVOLUME authorization record to
user 24,9:

=ADD SUBVOLUME xdata, OBJECT-TEXT-DESCRIPTION ‘‘Record created &
on April 04’’, OWNER 24,9, ACCESS 24,* C

The Safeguard software always checks subvolumes for CREATE authority, but it must
be configured to check for the other ACCESS authorities at the subvolume level. For
example, if you have created an authorization record for a subvolume that restricts
certain users from purging files on that subvolume, those users are still allowed to
purge files unless the Safeguard software has been configured to check access control
lists at the subvolume level.

Your system administrator is responsible for configuring the Safeguard software, as
described in the Safeguard Administrator's Manual.

You can also specify auditing for a subvolume in the same manner as you do for a disk
file. For example, this command causes all successful attempts to access the
subvolume xdata to be audited:

=ALTER SUBVOL xdata, AUDIT-ACCESS-PASS ALL

READ

The authority to read disk files on a protected subvolume

WRITE

The authority to write to disk files on a protected subvolume

EXECUTE

The authority to execute program files on a protected subvolume

PURGE

The authority to purge disk files on a protected subvolume

CREATE

The authority to create disk files on a protected subvolume

OWNER

The authority to change the authorization record for a subvolume

Advertising
This manual is related to the following products:

NonStop G-Series, Integrity NonStop H-Series

Popular Brands
Popular manuals