HP Archive Backup System for OpenVMS Guide to Operations

06.11.2014 Views
Security 5.2 Access Control 5.2 Access Control Access control complements the MDMS rights access by granting object-based control over operations. You can assign up to 32 access control entries on any MDMS object, and define the types of access that the user in the entry is granted. There are seven kinds of access that users can be granted as shown in the following table: Table 5–3 Access Control Allowed Operations Allowed Access CONTROL EXECUTE DELETE READ SET SHOW WRITE Explanation The user may modify the object’s access control The user may perform operations on the object The user may delete the object The user may perform restore requests using this object (ABS only) The user may modify the attributes of this object The user may show this object The user may perform save requests using this object (ABS only) You can manipulate access control from MDMSView using the Access tab on an object’s Show screen. From the DCL, you can use the /ACCESS qualifier. In either case, the user name specification should include both node name and user name in the format: node::username From either interface, wildcards are supported in both the node and username portions of the specification. For example: HOUST%::SMITH* allows users whose name begins with SMITH access from HOUST% JUNGLE::* allows all users access from node JUNGLE *::SYSTEM allows all users named SYSTEM from all nodes SYS001::JAMES allows user JAMES from node SYS001 only If an access control entry matches a requesting user, only the access that is granted in the entry is granted to the user. Allowances that are not specifically listed are not granted. Access control checks are optionally performed depending on attributes that you can set in the domain. The following table explains the settings: Table 5–4 Domain Access Control Options Check Access Relaxed Access Explanation Clear Clear No access control checking is done Clear Set No access control checking is done Set Clear Access control is checked; if there are no access control entries, access is denied. 5-4 Security

Table 5–4 Domain Access Control Options Check Access Relaxed Access Explanation Security 5.3 Implementing a Security Strategy Set Set Access control is checked; if there are no access control entries, access is granted. Because of the nature of access control, it is possible to set up access control on an object so that no-one can access the object (even to restore its access control to a usable value). As such, MDMS provides three “escape” mechanisms to allow certain individuals to access the object even if not normally allowed through the access control mechanism: • The owner of an object always has full access to the object. You can disable this feature by clearing the owner field in the object. • Any user that is listed in the access control list of the domain has the same level of access to all objects. • Finally, the user designated by “Last Updated By” in the domain has full access to all objects. This is the user who last modified the domain object, and so is assumed to be a trusted individual with recent access to the object. To help in determining who the authorized domain users are, the SHOW DOMAIN operation does not use access control checking, so that anyone with MDMS_SHOW_ALL rights can show the domain. Note Access control checking is in addition to MDMS rights checking; both must be validated for access to be granted. In addition, if access control checking is disabled in the domain, MDMS rights checking is still performed for all operations. 5.3 Implementing a Security Strategy Before assigning rights and access control entries to specific users you, as the system administrator, should carefully review your MDMS and ABS domain and determine what kind of access to allow your users. The MDMS domain is a key determining factor as to what level of security you should implement. The MDMS includes all locations, nodes, jukeboxes, drives, volumes and other MDMS objects that are served by a single MDMS database. Implicit in this statement are that all users, operators and system managers on nodes in the domain are also part of the MDMS domain and need to be granted appropriate access to the domain resources. Another key issue is what kind of security to the MDMS domain resources, including backup tape volumes, jukeboxes and drives, do you wish to assign to the domain users. Some possible scenarios with suggestions are shown below: • Your domain consists of a single site that is managed by a single organization in a relatively free environment: MDMS high-level rights assigned to specific users are probably all that is necessary here. This is the simplest form of security to maintain. Security 5–5

Page 1 and 2: HP Archive Backup System for OpenVM

Page 3 and 4: Contents Preface . . . . . . . . .

Page 5 and 6: 3.6.1 Agent Qualifiers . . . . . .

Page 7 and 8: 4.11.7 Previous and Next Volumes .

Page 9 and 10: 9.3 Defining the Logical MDMS$SBT_T

Page 11 and 12: B.2 SLS/MDMS V2.x to ABS/MDMS V4.x

Page 13: Tables Table 3-1 Logical Names Avai

Page 17 and 18: Preface Intended Audience This docu

Page 19 and 20: 1 Introduction The Archive Backup S

Page 21 and 22: 2 Overview This chapter provides an

Page 23 and 24: Overview 2.2 ABS Objects Figure 2-1

Page 25 and 26: 2.2.6 Schedules 2.3 ABS Catalogs Ov

Page 27 and 28: Overview 2.5 Media, Device and Mana

Page 29 and 30: 2.8.3 Groups 2.8.4 Jukeboxes Overvi

Page 31 and 32: 2.8.8 Nodes 2.8.9 Pools 2.8.10 Volu

Page 33 and 34: 3 Saving and Restoring Data 3.1 Arc

Page 35 and 36: 3.1.5 Destination 3.1.6 Drives 3.1.

Page 37 and 38: 3.1.12 Volume Sets Saving and Resto

Page 39 and 40: 3.2.5 Staging 3.2.6 Catalog Save En

Page 41 and 42: • Save Type - Copied from related

Page 43 and 44: Example 3-4 Staging Information in

Page 45 and 46: 3.4.3 Compression 3.4.4 Data Safety

Page 47 and 48: Saving and Restoring Data 3.4 Envir

Page 49 and 50: Saving and Restoring Data 3.5 Saves


Page 53 and 54: Table 3-3 Disk, File, Path and Data



Page 59 and 60: • First disk/file specification p

Page 61 and 62: 3.5.17.1 HOLIDAYS.DAT Record Format

Page 63 and 64: Saving and Restoring Data 3.6 Selec

Page 65 and 66: 3.7.2 Command 3.7.3 Restriction Sav

Page 67: 3.7.5 Include and Exclude 3.7.6 Tim

Page 70 and 71: Media Management 4.2 Domain 4.2.1 A

Page 72 and 73: Media Management 4.2 Domain 4.2.15

Page 74 and 75: Media Management 4.3 Drives 4.3.5 D

Page 76 and 77: Media Management 4.3 Drives 4.3.15

Page 78 and 79: Media Management 4.5 Jukeboxes 4.5.

Page 80 and 81: Media Management 4.5 Jukeboxes 4.5.

Page 82 and 83: Media Management 4.7 Magazines 4.6.

Page 84 and 85: Media Management 4.8 Media Types 4.

Page 86 and 87: Media Management 4.11 Volumes 4.10.

Page 88 and 89: Media Management 4.11 Volumes Table


Page 92 and 93: Media Management 4.11 Volumes neede

Page 94 and 95: Media Management 4.11 Volumes • R


Page 99 and 100: 5 Security The security model used

Page 101: Security 5.1 MDMS Rights Table 5-1

Page 105 and 106: 6 User Interfaces ABS and MDMS supp

Page 107 and 108: 6.1.3 Logging In User Interfaces 6.

Page 109 and 110: User Interfaces 6.1 Graphical User


Page 113 and 114: Figure 6-5 Domain View Showing Expa


Page 117 and 118: 6.1.13 Viewing MDMS Audit and Event

Page 119 and 120: 6.2.1 Syntax Overview User Interfac

Page 121 and 122: User Interfaces 6.3 User Interface

Page 123 and 124: 7 Preparing For Disaster Recovery I

Page 125 and 126: 7.1.2 Backup of MDMS$ROOT Preparing

Page 127 and 128: 7.2 Prolog and Epilog Procedure Pre

Page 129 and 130: 7.2.1 Restoring The System Disk To

Page 131 and 132: 8 Remote Devices 8.1 RDF Installati

Page 133 and 134: Remote Devices 8.4 Monitoring and T

Page 135 and 136: 8.4.4 Changing Network Parameters f

Page 137 and 138: • Free Space is 20 Remote Devices

Page 139 and 140: Remote Devices 8.5 Controlling Acce

Page 141: Remote Devices 8.7 RDF Error Messag

Page 144 and 145: System Backup to Tape for Oracle Da















Page 174 and 175: Virtual Library System (VLS) 10.3 Q

Page 176 and 177: Architecture 11.1 The Server Proces

Page 178 and 179: Architecture 11.2 Scheduler Interfa

Page 180 and 181: Architecture 11.3 Catalogs Example

Page 182 and 183: Architecture 11.4 Coordinator 11.4.

Page 184 and 185: Troubleshooting 12.2 Media Manageme

Page 186 and 187: Troubleshooting 12.2 Media Manageme

Page 188 and 189: Troubleshooting 12.4 ABS Catalogs 1

Page 190 and 191: Troubleshooting 12.5 Windows and Un

Page 192 and 193: Troubleshooting 12.6 RDF (Remote De

Page 195 and 196: A Configuration Example Getting ABS

Page 197 and 198: Configuration Example * Magazine -

Page 199 and 200: Configuration Example Configuring s

Page 201 and 202: Configuration Example If you comple

Page 203 and 204: Configuration Example Assist: YES C

Page 205 and 206: B Migrating from SLS/MDMS V2.X to A

Page 207 and 208: Migrating from SLS/MDMS V2.X to ABS

Page 209 and 210: Table B-1 SBK Symbols in ABS Termin

















Page 243 and 244: $ WRITE EpilogComFile - Migrating f

Page 245 and 246: Table B-6 Execution Environment Par

Page 247 and 248: • SAVE Migrating from SLS/MDMS V2




Page 255 and 256: Solution - Follow these steps: Migr

Page 257 and 258: C Prev3 Support Prev3 Support is pr

Page 259 and 260: Prev3 Support C.2 Using SLS as the

Page 261: Prev3 Support C.2 Using SLS as the

Page 264 and 265: Upgrading from ABS V2.X/V3.X to V4.

Page 266 and 267: Upgrading from ABS V2.X/V3.X to V4.

Page 268 and 269: ABS/MDMS Support for Fibre Channel

Page 270 and 271: ABS/MDMS Support for Fibre Channel

Page 273 and 274: Index Numerics 100 times per day 3-

Page 275 and 276: MDMS$SBT_ ARCHIVE_n 9-20 MDMS$SBT_

Page 277: volumes 3-4 W WARNING 3-14, 3-31 WE

mdms

volume

restore

volumes

catalog

database

node

archive

specify

jukebox

openvms

operations

HP Archive Backup System for OpenVMS Guide to Operations

HP Archive Backup System for OpenVMS Guide to Operations ... View more HP Archive Backup System for OpenVMS Guide to Operations

Delete template?

Save as template ?

HP Archive Backup System for OpenVMS Guide to Operations HP Archive Backup System for OpenVMS Guide to Operations