HP Archive Backup System for OpenVMS Guide to Operations

More documents

Recommendations

Info

Security 5.2 Access Control 5.2 Access Control Access control complements the MDMS rights access by granting object-based control over operations. You can assign up to 32 access control entries on any MDMS object, and define the types of access that the user in the entry is granted. There are seven kinds of access that users can be granted as shown in the following table: Table 5–3 Access Control Allowed Operations Allowed Access CONTROL EXECUTE DELETE READ SET SHOW WRITE Explanation The user may modify the object’s access control The user may perform operations on the object The user may delete the object The user may perform restore requests using this object (ABS only) The user may modify the attributes of this object The user may show this object The user may perform save requests using this object (ABS only) You can manipulate access control from MDMSView using the Access tab on an object’s Show screen. From the DCL, you can use the /ACCESS qualifier. In either case, the user name specification should include both node name and user name in the format: node::username From either interface, wildcards are supported in both the node and username portions of the specification. For example: HOUST%::SMITH* allows users whose name begins with SMITH access from HOUST% JUNGLE::* allows all users access from node JUNGLE *::SYSTEM allows all users named SYSTEM from all nodes SYS001::JAMES allows user JAMES from node SYS001 only If an access control entry matches a requesting user, only the access that is granted in the entry is granted to the user. Allowances that are not specifically listed are not granted. Access control checks are optionally performed depending on attributes that you can set in the domain. The following table explains the settings: Table 5–4 Domain Access Control Options Check Access Relaxed Access Explanation Clear Clear No access control checking is done Clear Set No access control checking is done Set Clear Access control is checked; if there are no access control entries, access is denied. 5-4 Security
Table 5–4 Domain Access Control Options Check Access Relaxed Access Explanation Security 5.3 Implementing a Security Strategy Set Set Access control is checked; if there are no access control entries, access is granted. Because of the nature of access control, it is possible to set up access control on an object so that no-one can access the object (even to restore its access control to a usable value). As such, MDMS provides three “escape” mechanisms to allow certain individuals to access the object even if not normally allowed through the access control mechanism: • The owner of an object always has full access to the object. You can disable this feature by clearing the owner field in the object. • Any user that is listed in the access control list of the domain has the same level of access to all objects. • Finally, the user designated by “Last Updated By” in the domain has full access to all objects. This is the user who last modified the domain object, and so is assumed to be a trusted individual with recent access to the object. To help in determining who the authorized domain users are, the SHOW DOMAIN operation does not use access control checking, so that anyone with MDMS_SHOW_ALL rights can show the domain. Note Access control checking is in addition to MDMS rights checking; both must be validated for access to be granted. In addition, if access control checking is disabled in the domain, MDMS rights checking is still performed for all operations. 5.3 Implementing a Security Strategy Before assigning rights and access control entries to specific users you, as the system administrator, should carefully review your MDMS and ABS domain and determine what kind of access to allow your users. The MDMS domain is a key determining factor as to what level of security you should implement. The MDMS includes all locations, nodes, jukeboxes, drives, volumes and other MDMS objects that are served by a single MDMS database. Implicit in this statement are that all users, operators and system managers on nodes in the domain are also part of the MDMS domain and need to be granted appropriate access to the domain resources. Another key issue is what kind of security to the MDMS domain resources, including backup tape volumes, jukeboxes and drives, do you wish to assign to the domain users. Some possible scenarios with suggestions are shown below: • Your domain consists of a single site that is managed by a single organization in a relatively free environment: MDMS high-level rights assigned to specific users are probably all that is necessary here. This is the simplest form of security to maintain. Security 5–5
Page 1 and 2:
HP Archive Backup System for OpenVM
Page 3 and 4:
Contents Preface . . . . . . . . .
Page 5 and 6:
3.6.1 Agent Qualifiers . . . . . .
Page 7 and 8:
4.11.7 Previous and Next Volumes .
Page 9 and 10:
9.3 Defining the Logical MDMS$SBT_T
Page 11 and 12:
B.2 SLS/MDMS V2.x to ABS/MDMS V4.x
Page 13:
Tables Table 3-1 Logical Names Avai
Page 17 and 18:
Preface Intended Audience This docu
Page 19 and 20:
1 Introduction The Archive Backup S
Page 21 and 22:
2 Overview This chapter provides an
Page 23 and 24:
Overview 2.2 ABS Objects Figure 2-1
Page 25 and 26:
2.2.6 Schedules 2.3 ABS Catalogs Ov
Page 27 and 28:
Overview 2.5 Media, Device and Mana
Page 29 and 30:
2.8.3 Groups 2.8.4 Jukeboxes Overvi
Page 31 and 32:
2.8.8 Nodes 2.8.9 Pools 2.8.10 Volu
Page 33 and 34:
3 Saving and Restoring Data 3.1 Arc
Page 35 and 36:
3.1.5 Destination 3.1.6 Drives 3.1.
Page 37 and 38:
3.1.12 Volume Sets Saving and Resto
Page 39 and 40:
3.2.5 Staging 3.2.6 Catalog Save En
Page 41 and 42:
• Save Type - Copied from related
Page 43 and 44:
Example 3-4 Staging Information in
Page 45 and 46:
3.4.3 Compression 3.4.4 Data Safety
Page 47 and 48:
Saving and Restoring Data 3.4 Envir
Page 49 and 50:
Saving and Restoring Data 3.5 Saves
Page 51 and 52: Saving and Restoring Data 3.5 Saves
Page 53 and 54: Table 3-3 Disk, File, Path and Data
Page 59 and 60: • First disk/file specification p
Page 61 and 62: 3.5.17.1 HOLIDAYS.DAT Record Format
Page 63 and 64: Saving and Restoring Data 3.6 Selec
Page 65 and 66: 3.7.2 Command 3.7.3 Restriction Sav
Page 67: 3.7.5 Include and Exclude 3.7.6 Tim
Page 70 and 71: Media Management 4.2 Domain 4.2.1 A
Page 72 and 73: Media Management 4.2 Domain 4.2.15
Page 74 and 75: Media Management 4.3 Drives 4.3.5 D
Page 76 and 77: Media Management 4.3 Drives 4.3.15
Page 78 and 79: Media Management 4.5 Jukeboxes 4.5.
Page 80 and 81: Media Management 4.5 Jukeboxes 4.5.
Page 82 and 83: Media Management 4.7 Magazines 4.6.
Page 84 and 85: Media Management 4.8 Media Types 4.
Page 86 and 87: Media Management 4.11 Volumes 4.10.
Page 88 and 89: Media Management 4.11 Volumes Table
Page 92 and 93: Media Management 4.11 Volumes neede
Page 94 and 95: Media Management 4.11 Volumes • R
Page 99 and 100: 5 Security The security model used
Page 101: Security 5.1 MDMS Rights Table 5-1
Page 105 and 106: 6 User Interfaces ABS and MDMS supp
Page 107 and 108: 6.1.3 Logging In User Interfaces 6.
Page 109 and 110: User Interfaces 6.1 Graphical User
Page 113 and 114: Figure 6-5 Domain View Showing Expa
Page 117 and 118: 6.1.13 Viewing MDMS Audit and Event
Page 119 and 120: 6.2.1 Syntax Overview User Interfac
Page 121 and 122: User Interfaces 6.3 User Interface
Page 123 and 124: 7 Preparing For Disaster Recovery I
Page 125 and 126: 7.1.2 Backup of MDMS$ROOT Preparing
Page 127 and 128: 7.2 Prolog and Epilog Procedure Pre
Page 129 and 130: 7.2.1 Restoring The System Disk To
Page 131 and 132: 8 Remote Devices 8.1 RDF Installati
Page 133 and 134: Remote Devices 8.4 Monitoring and T
Page 135 and 136: 8.4.4 Changing Network Parameters f
Page 137 and 138: • Free Space is 20 Remote Devices
Page 139 and 140: Remote Devices 8.5 Controlling Acce
Page 141: Remote Devices 8.7 RDF Error Messag
Page 144 and 145: System Backup to Tape for Oracle Da
Page 152 and 153:
System Backup to Tape for Oracle Da
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Virtual Library System (VLS) 10.3 Q
Page 176 and 177:
Architecture 11.1 The Server Proces
Page 178 and 179:
Architecture 11.2 Scheduler Interfa
Page 180 and 181:
Architecture 11.3 Catalogs Example
Page 182 and 183:
Architecture 11.4 Coordinator 11.4.
Page 184 and 185:
Troubleshooting 12.2 Media Manageme
Page 186 and 187:
Troubleshooting 12.2 Media Manageme
Page 188 and 189:
Troubleshooting 12.4 ABS Catalogs 1
Page 190 and 191:
Troubleshooting 12.5 Windows and Un
Page 192 and 193:
Troubleshooting 12.6 RDF (Remote De
Page 195 and 196:
A Configuration Example Getting ABS
Page 197 and 198:
Configuration Example * Magazine -
Page 199 and 200:
Configuration Example Configuring s
Page 201 and 202:
Configuration Example If you comple
Page 203 and 204:
Configuration Example Assist: YES C
Page 205 and 206:
B Migrating from SLS/MDMS V2.X to A
Page 207 and 208:
Migrating from SLS/MDMS V2.X to ABS
Page 209 and 210:
Table B-1 SBK Symbols in ABS Termin
Page 211 and 212:
Page 213 and 214:
Page 215 and 216:
Page 217 and 218:
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
$ WRITE EpilogComFile - Migrating f
Page 245 and 246:
Table B-6 Execution Environment Par
Page 247 and 248:
• SAVE Migrating from SLS/MDMS V2
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Solution - Follow these steps: Migr
Page 257 and 258:
C Prev3 Support Prev3 Support is pr
Page 259 and 260:
Prev3 Support C.2 Using SLS as the
Page 261:
Prev3 Support C.2 Using SLS as the
Page 264 and 265:
Upgrading from ABS V2.X/V3.X to V4.
Page 266 and 267:
Upgrading from ABS V2.X/V3.X to V4.
Page 268 and 269:
ABS/MDMS Support for Fibre Channel
Page 270 and 271:
ABS/MDMS Support for Fibre Channel
Page 273 and 274:
Index Numerics 100 times per day 3-
Page 275 and 276:
MDMS$SBT_ ARCHIVE_n 9-20 MDMS$SBT_
Page 277:
volumes 3-4 W WARNING 3-14, 3-31 WE
show all

HP Archive Backup System for OpenVMS Guide to Operations

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?