HP OpenVMS Guide to System Security > Chapter 11 Securing a Cluster

Protecting Objects

  Table of Contents

  Glossary

  Index

A single security domain is one in which each cluster member must make the same access control decision when presented with a particular user's access request for a particular object. The operating system provides this level of protection for files, queues, and other cluster-visible objects such as devices, disk and tape volumes, and resource domains. Table 11-5 “Summary of Object Behavior in a Cluster” summarizes the behavior of each object class and explains where each stores security profiles. See Chapter 5 “Descriptions of Object Classes”Chapter 5 for a description of each object class.

Table 11-5 Summary of Object Behavior in a Cluster

Class Visibility in Cluster Location of Profile

Capabilities

Visible only to local node.

Stored on local node.

Devices

Some can be visible clusterwide.

Profiles stored in VMS$OBJECTS.

Files

Visible clusterwide.

Stored in file header.

Global sections

Visible only to local node.

Stored on local node.

Logical name tables

Visible only to local node.

Stored on local node.

Queues

Visible clusterwide.

Stored in job-controller queue database (see Table 11-1 “System Files That Must Be Common in a Cluster”).

Resource domains

Visible clusterwide.

Stored in VMS$OBJECTS.

Security class

Visible clusterwide.

Stored in VMS$OBJECTS.

Volumes

Can be visible clusterwide.

Stored on the volume.