Native UNIX security assigns a user ID and a group ID as file owner. Ownerships are assigned in UNIX file creation or when updated by UNIX commands chown, chgrp, chmod, and setfacl.
CA SAF security for USS is in effect. Security for files in HFS is determined by resources and permissions in the HFSSEC resource class. File and group ownership in native UNIX security is ignored.
An OMVS user attempting to access a file has their UID evaluated against the UID assigned as the owner of the file. If the UIDs match, access is allowed according to the user bit security setting assigned to the file. If the UIDs do not match, native UNIX security proceeds to group security. If the file's ownership GID matches the GID of any GROUP added to the accessing user, access is granted.
Access control lists beyond the base level access list "u::uflags,g::gflags,o::oflags" is ignored. Access control lists are assigned by the setfacl OMVS command. They are used to assign access to a file by more than a single UID owner, or more than a single GID owner.
The accessing user's UID is matched against the UID in every access control list assigned to the file. If matched the user-bit settings of the matching ACL determine user access to the file. If the accessing user does not match any of the user ACL settings, the accessing user's assigned list of groups is checked for a match against the group assigned to the file's access control lists. If an ACL matches by group, that assignment of group-bit settings is used.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|