HP Archive Backup System for OpenVMS Guide to Operations
HP Archive Backup System for OpenVMS Guide to Operations HP Archive Backup System for OpenVMS Guide to Operations
5 Security The security model used by ABS and MDMS is designed to provide flexibility in both the level of security and ease-of-use. ABS uses the MDMS security model, which is based on two main elements: • Rights - The assignment of individual rights to particular users or classes of users that allow them to perform specific operations across the domain. Rights allow users to perform operations on all objects or certain object classes across the domain. This is a task-based form of security. • Access Control - The assignment of access control is on a per-object basis, and allows specific users to perform specific types of operations on the object. This is an object-based form of security. In addition, you can assign your MDMS domain one of three levels of access-control based security as follows: • No Access Control - As the name implies, MDMS and ABS perform no access control based checking, even if individual objects have access control entries defined. However, rights continue to be checked. • Loose Access Control - This option supports access control checking on objects, but only on those objects that have at least one access control entry. If there is at least one entry, access to the object is restricted to users with access control entries supporting the requested access. With objects with no access control entries, access to the object is implicitly granted. • Tight Access Control - Designed for secure environments, this option supports access control checking on all objects. If there is at least one access control entry on an object, access to the object is restricted to users with access control entries supporting the requested access. With objects with no access control entries, access to the object is implicitly denied.This basically requires that all objects have appropriate access controls to be defined for the object to be used. Certain domain users may access normally inaccessible objects to prevent accidental lock-out due to insufficient access controls. In general, the security model requires that both rights and access control are applied to users wanting to perform operations. In other words, having the “super” right MDMS_ALL_RIGHTS does not necessarily mean that you can do anything - any access control restrictions must also be satisfied. This chapter discusses the security model in more detail. Security 5–1
- Page 47 and 48: Saving and Restoring Data 3.4 Envir
- Page 49 and 50: Saving and Restoring Data 3.5 Saves
- Page 51 and 52: Saving and Restoring Data 3.5 Saves
- Page 53 and 54: Table 3-3 Disk, File, Path and Data
- Page 55 and 56: Saving and Restoring Data 3.5 Saves
- Page 57 and 58: Saving and Restoring Data 3.5 Saves
- Page 59 and 60: • First disk/file specification p
- Page 61 and 62: 3.5.17.1 HOLIDAYS.DAT Record Format
- Page 63 and 64: Saving and Restoring Data 3.6 Selec
- Page 65 and 66: 3.7.2 Command 3.7.3 Restriction Sav
- Page 67: 3.7.5 Include and Exclude 3.7.6 Tim
- Page 70 and 71: Media Management 4.2 Domain 4.2.1 A
- Page 72 and 73: Media Management 4.2 Domain 4.2.15
- Page 74 and 75: Media Management 4.3 Drives 4.3.5 D
- Page 76 and 77: Media Management 4.3 Drives 4.3.15
- Page 78 and 79: Media Management 4.5 Jukeboxes 4.5.
- Page 80 and 81: Media Management 4.5 Jukeboxes 4.5.
- Page 82 and 83: Media Management 4.7 Magazines 4.6.
- Page 84 and 85: Media Management 4.8 Media Types 4.
- Page 86 and 87: Media Management 4.11 Volumes 4.10.
- Page 88 and 89: Media Management 4.11 Volumes Table
- Page 90 and 91: Media Management 4.11 Volumes 4.11.
- Page 92 and 93: Media Management 4.11 Volumes neede
- Page 94 and 95: Media Management 4.11 Volumes • R
- Page 96 and 97: Media Management 4.11 Volumes 4.11.
- Page 100 and 101: Security 5.1 MDMS Rights 5.1 MDMS R
- Page 102 and 103: Security 5.2 Access Control 5.2 Acc
- Page 104 and 105: Security 5.3 Implementing a Securit
- Page 106 and 107: User Interfaces 6.1 Graphical User
- Page 108 and 109: User Interfaces 6.1 Graphical User
- Page 110 and 111: User Interfaces 6.1 Graphical User
- Page 112 and 113: User Interfaces 6.1 Graphical User
- Page 114 and 115: User Interfaces 6.1 Graphical User
- Page 116 and 117: User Interfaces 6.1 Graphical User
- Page 118 and 119: User Interfaces 6.2 DCL Interface 6
- Page 120 and 121: User Interfaces 6.2 DCL Interface 6
- Page 122 and 123: User Interfaces 6.3 User Interface
- Page 124 and 125: Preparing For Disaster Recovery 7.1
- Page 126 and 127: Preparing For Disaster Recovery 7.1
- Page 128 and 129: Preparing For Disaster Recovery 7.2
- Page 130 and 131: Preparing For Disaster Recovery 7.3
- Page 132 and 133: Remote Devices 8.3 Using RDF with M
- Page 134 and 135: Remote Devices 8.4 Monitoring and T
- Page 136 and 137: Remote Devices 8.4 Monitoring and T
- Page 138 and 139: Remote Devices 8.4 Monitoring and T
- Page 140 and 141: Remote Devices 8.6 RDserver Inactiv
- Page 143 and 144: 9 System Backup to Tape for Oracle
- Page 145 and 146: System Backup to Tape for Oracle Da
- Page 147 and 148: System Backup to Tape for Oracle Da
5<br />
Security<br />
The security model used by ABS and MDMS is designed <strong>to</strong> provide flexibility in both the level<br />
of security and ease-of-use. ABS uses the MDMS security model, which is based on two main<br />
elements:<br />
• Rights - The assignment of individual rights <strong>to</strong> particular users or classes of users that allow<br />
them <strong>to</strong> per<strong>for</strong>m specific operations across the domain. Rights allow users <strong>to</strong> per<strong>for</strong>m operations<br />
on all objects or certain object classes across the domain. This is a task-based <strong>for</strong>m of<br />
security.<br />
• Access Control - The assignment of access control is on a per-object basis, and allows specific<br />
users <strong>to</strong> per<strong>for</strong>m specific types of operations on the object. This is an object-based <strong>for</strong>m<br />
of security.<br />
In addition, you can assign your MDMS domain one of three levels of access-control based<br />
security as follows:<br />
• No Access Control - As the name implies, MDMS and ABS per<strong>for</strong>m no access control based<br />
checking, even if individual objects have access control entries defined. However, rights<br />
continue <strong>to</strong> be checked.<br />
• Loose Access Control - This option supports access control checking on objects, but only on<br />
those objects that have at least one access control entry. If there is at least one entry, access<br />
<strong>to</strong> the object is restricted <strong>to</strong> users with access control entries supporting the requested<br />
access. With objects with no access control entries, access <strong>to</strong> the object is implicitly granted.<br />
• Tight Access Control - Designed <strong>for</strong> secure environments, this option supports access control<br />
checking on all objects. If there is at least one access control entry on an object, access<br />
<strong>to</strong> the object is restricted <strong>to</strong> users with access control entries supporting the requested<br />
access. With objects with no access control entries, access <strong>to</strong> the object is implicitly<br />
denied.This basically requires that all objects have appropriate access controls <strong>to</strong> be defined<br />
<strong>for</strong> the object <strong>to</strong> be used. Certain domain users may access normally inaccessible objects <strong>to</strong><br />
prevent accidental lock-out due <strong>to</strong> insufficient access controls.<br />
In general, the security model requires that both rights and access control are applied <strong>to</strong> users<br />
wanting <strong>to</strong> per<strong>for</strong>m operations. In other words, having the “super” right MDMS_ALL_RIGHTS<br />
does not necessarily mean that you can do anything - any access control restrictions must also be<br />
satisfied.<br />
This chapter discusses the security model in more detail.<br />
Security 5–1