Compaq FTAM Responder Support of | Security Group File Attributes |
ISO FTAM Functions | |
Table 4-13. Mapping From FTAM Action List to Guardian Security
If action list is set to… | Guardian security is modified to… |
| |
Read | Set READ access to N |
Insert | Set WRITE access to N |
Replace | Set WRITE access to N |
Extend | Set WRITE access to N |
Erase | Set WRITE access to N |
Read attributes | (no change) |
Change attributes | Set WRITE access to N |
Delete file | Set PURGE access to N |
| |
If the access-control attribute is not present in the F-CREATE indication, the Compaq responder sets Compaq file security to the default security allowed for the FTAM association, as defined by the initiator-identity parameter sent in the F-INITIALIZE request or by the default user (DEFUSER) attribute specified in the VFS profile configured for this responder.
Changing File Attributes. The access-control attribute can be modified through FTAM using the F-CHANGE-ATTRIB primitive. On the basis of the information a remote initiator sends in the F-CHANGE-ATTRIB request, the Compaq responder modifies the Guardian security of a file according to the functions it supports and returns a new value for the access-control attribute in the F-CHANGE-ATTRIB response. The Compaq responder access-control attribute is limited to a single access-control element.
In the F-CHANGE-ATTRIB request sent by the initiating system, the values for access control consist of insert-values or delete-values (or both), each of which can be zero, one, or more access-control elements. The Compaq responder, however, processes only the first access-control element sent for insert-values and for delete-values.
The Compaq responder also ignores all but the first component of the insert-values or delete-values information, using only the action-list information to modify Guardian security (R W E P) for the file. If the initiating application attempts to change any other components of access control (such as concurrency-access, location, or identity), the Compaq responder returns a diagnostic message.
Insert-values and delete-values turn access to the actions in the action list on and off, respectively. Because the access-control attribute can indicate both insert-values and delete-values, you might unintentionally specify the same action in both values. If this occurs, the delete-values action overrides the insert-values action.
The following rules apply to changing the access-control attribute: For insert-values:
•If the read access-control bit of the action list is set, the responder sets READ access to N, indicating that any user on the Expand network can read the file.
4-19
