Compaq FTAM Responder Support of
ISO FTAM Functions
OSI/FTAM Responder Manual—425199-001
4-18
Security Group File Attributes
which access to a file is allowed. ISO 8571-2 provides a complete description of the
ISO FTAM access-control attribute.
Within the access-control attribute, the Compaq responder uses only the action-list field
of the first access-control element; the concurrency-access, identity, passwords, and
location fields are ignored, as are all access-control elements after the first.
Further, for Safeguard protected files, the access-control attribute is partially rather than
fully supported. For these files, no mapping to Guardian security is attempted, and the
responder indicates that no value is available when it reads the access-control attribute.
In this case, attempts to change the attribute fail.
The following subsections explain how the Compaq FTAM responder uses the access-
control attribute in three tasks requested by a remote initiating system: creating files,
changing file attributes, and reading file attributes.
Creating Files. For files created through FTAM, the access-control attribute provided
by the initiating system with the initial-attributes parameter in the F-CREATE request
maps to Compaq file security (R W E P—Read Write Execute Purge). This mapping is
as follows:
•
The Compaq responder uses only the first access-control element. If more than one
access-control element is present, the responder ignores all elements other than the
first. The responder uses only the action-list field of the access-control element and
returns a diagnostic message if the access-control element contains any other
information (such as concurrency-access and identity).
•
If the read access-control bit of the action list is set, the Compaq responder sets
READ access to N, indicating that any user on the Expand network can read the file.
Otherwise, the responder sets READ access to –, indicating that only the super ID
user can read the file.
•
If any of the insert, replace, extend, change-attribute, or erase access-control bits of
the action list are set, the responder sets WRITE access to N, indicating that any user
on the Expand network can write to the file. Otherwise, the responder sets WRITE
access to –, indicating that only the super ID user can write to the file.
•
EXECUTE access is set to –, indicating that only the super ID user can execute the
file.
•
If the delete-file access-control bit of the action list is set, the responder sets PURGE
access to N, indicating that any user on the Expand network can purge the file.
Otherwise, the responder sets PURGE access to –, indicating that only the super ID
user can purge the file.
The mapping of FTAM action-list settings to Guardian security is summarized in Table
4-13.