HP OpenVMS Guide to System Security > Chapter 5 Descriptions of Object Classes

Volumes

  Table of Contents

  Glossary

  Index

A volume object is one or more ODS-2 or ODS-5 disk volumes. The object consists of multiple volumes when they are part of a bound volume set. Although you might have access to the directories and files on the volume, you cannot access them if you do not have access to the volume itself.

For access information on tapes and foreign volumes, see the HP OpenVMS System Manager's Manual and the Mount utility documentation in the HP OpenVMS System Management Utilities Reference Manual.

Naming Rules

A volume name can be the volume label, the name of the device on which the volume is mounted, or a user-specified logical name. Volume label names can be from 0--12 characters in length.

Types of Access

The volume class supports the following types of access:

Read

Gives you the right to examine file names and print and copy files on a volume.

Write

Gives you the right to modify or write to existing files on a volume. Whether the subject may perform the operation on a specific file is determined by the file's protection. To be meaningful, write access requires read access.

Create

Gives you the right to create files on a disk volume and to subsequently modify them. Create access also requires read and write access.

Delete

Gives you the right to delete files on a disk volume, provided the user has proper access rights at the directory and file level. Delete access requires read access.

Control

Gives you the right to change the protection and ownership elements of the volume.

Template Profile

The class provides the following template profile and assigns the values during initialization. Although the template assigns an owner UIC of [0,0], this value is only temporary. As soon as the object is created, the operating system replaces a 0 value with the value in the corresponding field of the creating process's UIC.

Template Name Owner UIC Protection Code

DEFAULT

[0,0]

S:RWCD,O:RWCD,G:RWCD,W:RWCD

Privilege Requirements

Users with the VOLPRO privilege always have control access to a volume. Mounting a file-structured volume as foreign requires VOLPRO privilege or control access.

Kinds of Auditing Performed

All volume access can be audited, provided the security administrator enables auditing for the Access event class.

Event Audited When Audit Occurs

Access

During any file system operation

Permanence of the Object

The security profile for a volume object is saved in the master file directory (MFD) of the disk as [000000]SECURITY.SYS.