Technical data

ManualsBrandsCompaq ManualsPrinterLA36

301

302

303

304

305

306

307

308

309

310

Managing Storage Media

9.4 Protecting Volumes

Table 9–9 (Cont.) Access Types for Disk and Tape Volumes

Access Type Gives you the right to...

Control Change the protection and ownership characteristics of the volume. Users

with the VOLPRO privilege always have control access to a disk volume,

with the following exceptions:

• Mounting a ﬁle-structured volume as foreign requires control access or

VOLPRO privilege.

• Mounting a volume containing protected subsystems requires

SECURITY privilege.

Control access is not valid with tapes.

For more information about specifying protection codes, refer to the OpenVMS

Guide to System Security. Chapter 12 discusses protection in general.

The following sections explain how to perform these operations:

Task Section

Protecting disk volumes Section 9.4.1

Protecting tape volumes Section 9.4.2

Auditing volume access Section 9.4.3

9.4.1 Protecting Disk Volumes

For ﬁle-structured ODS-2 volumes, the OpenVMS operating system supports the

types of access shown in Table 9–9. The system provides protection of ODS-2

disks at the volume, directory, and ﬁle levels. Although you might have access to

the directories and ﬁles on the volume, without the proper volume access, you are

unable to access any part of a volume.

The default access types for the disk volume owner [0,0] are:

S:RWCD, O:RWCD, G:RWCD, W:RWCD.

The system establishes this protection with the default qualiﬁer of the

INITIALIZE command (/SHARE). Any attributes that you do not specify are

taken from the current default protection.

Ways to Specify Protection

You can change permanently stored protection information in the following ways:

• Use ACLs. The entire security proﬁle (owner UIC, protection code, and ACL)

is stored on the volume. If you change the volume security proﬁle for a

volume mounted clusterwide, the change is distributed to all nodes in the

cluster. If you dismount and remount a volume, the security proﬁle for the

volume is preserved.

• Use the DCL command SET SECURITY to modify the default security proﬁle

after a volume is mounted, including UIC- and ACL-based protection.

• Use protection qualiﬁers with the DCL command INITIALIZE to specify

UIC-based protection when you initialize a volume.

9–22 Managing Storage Media