|
|
Using HP 3000 MPE/iX: Fundamental Skills Tutorial: HP 3000 MPE/iX Computer Systems > Chapter 5 The Account StructureLesson 3 File and Group Security |
|
Lesson 3 presents the MPE/iX security provisions for files and groups.
MPE/iX protects files by restricting access to them. With only the default set of capabilities, you cannot log on to one group and use a file that is located in another group. Some exceptions exist:
With only the default set of capabilities, if you can log on to a group, you can use any file in that group. These are exceptions:
With only the default set of capabilities, you can always access (read, change, save) any file in your home group, no matter what group you log on to. With only the default set of capabilities, you can at least read (and probably change) any file in the PUB group, no matter what group you log on to. But in most cases, you cannot then save that file back to the PUB group unless you have advanced capabilities, or unless the file has been released with the RELEASE command. You can, however, save this "borrowed" file to your current group, the one in which you are actively working. Using your logon identity, log on to your PUB group:
Create an EDIT/3000 file that contains the following three lines:
Keep this file as REPORT and exit the editor. Log on to your OTHERGRP group:
Get into the editor again:
Try to text in REPORT:
The problem is that REPORT is in the PUB group, and you are now in OTHERGRP. MPE/iX assumes that the file that you want to work on is in your current logon group. To tell MPE/iX that REPORT is in another group, you need to specify the REPORT file with a partly qualified file name. A partly qualified file name is the file name plus a period plus the name of the group in which the file resides. The partly qualified form of REPORT is REPORT.PUB Do this:
Because the REPORT file is located in the PUB or public group, you are able to access and text it into your work session in the OTHERGRP group. Enter:
Add the following lines to the REPORT file. (Use the ADD subcommand.)
The goal now is to save (KEEP) REPORT back to the PUB group. The problem is that you are still in group OTHERGRP. Do this:
The editor remembers that the file came from the PUB group, so it attempts to save the edited version of the file back to the PUB group. Enter YES when you are asked whether to purge the old REPORT file. This should appear on the screen:
This security violation occurred for the following reasons:
This prevents unauthorized changes to the original file in its original group (the PUB group in this case), however, it is possible to save the file in the group to which you are logged on. Now try saving the file as REPORT, without the PUB qualifier:
REPORT has now been kept in your OTHERGRP group as a new file. Stricter security applies to any group that is not PUB or your home group. Log back on to your PUB group. Get into the editor and try to text in the REPORT.OTHERGRP file. What happened? You should see the following on your screen:
If you are not the creator of the file (the username.accountname,groupname that the system recognizes as the creator of the file), the system informs you that you have attempted to violate a security provision. You cannot read, copy, or edit and keep a file from a non-PUB group that is not your home group unless:
You learn how to release those security provisions in module 5, "Working with Files."
The concept of account security becomes a little clearer in the context of copying and deleting files. That is why the subject comes up again in module 5, "Working with Files." Remember: if you have files that must be kept entirely secure, keep them in a group other than PUB.
|
|