Compaq FTAM Responder Support of | Security Group File Attributes |
ISO FTAM Functions | |
which access to a file is allowed. ISO 8571-2 provides a complete description of the ISO FTAM access-control attribute.
Within the access-control attribute, the Compaq responder uses only the action-list field of the first access-control element; the concurrency-access, identity, passwords, and location fields are ignored, as are all access-control elements after the first.
Further, for Safeguard protected files, the access-control attribute is partially rather than fully supported. For these files, no mapping to Guardian security is attempted, and the responder indicates that no value is available when it reads the access-control attribute. In this case, attempts to change the attribute fail.
The following subsections explain how the Compaq FTAM responder uses the access- control attribute in three tasks requested by a remote initiating system: creating files, changing file attributes, and reading file attributes.
Creating Files. For files created through FTAM, the access-control attribute provided by the initiating system with the initial-attributes parameter in the F-CREATE request maps to Compaq file security (R W E P—Read Write Execute Purge). This mapping is as follows:
•The Compaq responder uses only the first access-control element. If more than one access-control element is present, the responder ignores all elements other than the first. The responder uses only the action-list field of the access-control element and returns a diagnostic message if the access-control element contains any other information (such as concurrency-access and identity).
•If the read access-control bit of the action list is set, the Compaq responder sets READ access to N, indicating that any user on the Expand network can read the file. Otherwise, the responder sets READ access to –, indicating that only the super ID user can read the file.
•If any of the insert, replace, extend, change-attribute, or erase access-control bits of the action list are set, the responder sets WRITE access to N, indicating that any user on the Expand network can write to the file. Otherwise, the responder sets WRITE access to –, indicating that only the super ID user can write to the file.
