|
  
ADD
.
ADD
--------
|
-
RuleFt RuleType Requestor Action Object [(ACIGROUP MIXED
-----------------------------------------------------------
RuleFt ---- {ADMIN, GRPADMIN, USRADMIN, USRDFLT,
-------------GRPDFLT, DEFAULT, MANAGE}
RuleType -- {ACCEPT, REJECT}
Requestor - {[USER] ReqUser, ACIGROUP ReqGroup}
Action ---- {READ, WRITE, MANAGE, CO-OWNER}
Object ---- {[fn ft] fp:fs.[dir1[.dir2[...dir8]]][.]}
------------{fn ft }
--
|
Purpose
Use the ADD command to add a rule governing Object to the SafeSFS rules database. The rule becomes effective immediately.
Authorization
MANAGE authorization over the rule file to which the rule will be added or SAFADMIN authorization. SAFADMIN authorization is required to add rules to the SAFESFS MANAGE rule file.
Parameters
RuleFT :
The file type of the rule file to be updated. It must be one of the following:
|
|
Specifies the GLOBAL ADMIN rule file.
|
|
|
|
|
|
Specifies the acigroup GRPADMIN rule file, where acigroup is the fs specification in Object. Requires the ACIGROUP option.
|
|
|
|
|
|
Specifies the userid USRADMIN rule file, where userid is the fs specified in Object. The ACIGROUP option is invalid.
|
|
|
|
|
|
Specifies the userid USRDFLT rule file, where userid is the fs specified in Object. The ACIGROUP option is invalid.
|
|
|
|
|
|
Specifies the acigroup GRPDFLT rule file, where acigroup is the fs specification in Object. Requires the ACIGROUP option.
|
|
|
|
|
|
Specifies the GLOBAL DEFAULT rule file.
|
|
|
|
|
|
Specifies the SAFESFS MANAGE rule file. Requires SAFADMIN authorization.
|
RuleType:
|
|
A keyword specifying the type of access given to the requestor.
|
|
|
|
|
|
A keyword specifying the type of access given to the requestor. REJECT cannot be used with MANAGE.
|
Requestor:
|
|
Specifies the requesting userid. Trailing pattern matching may be specified. The keyword USER is optional and may be omitted.
|
|
|
|
|
|
Specifies the name of an acigroup that requesting users are members of. Trailing pattern matching may be specified.
|
Action:
|
|
Indicates "READ" access to Object.
|
|
|
|
|
|
Indicates "WRITE" and "READ" access to Object
|
|
|
|
|
|
Indicates "WRITE" and "READ" access to Object and authorization to update the Object USRDFLT rule file. Co-owner authorization is similar to ownership of the SFS filespace.
|
|
|
|
|
|
Allows updates of the specified rule file. MANAGE cannot be used with REJECT.
|
Object:
Specifies the object that the rule affects. Object is one of:
-SFSObject:
--[fn ft] fp:fs.[dir1[.dir2[...dir8][.]]]
|
|
1 to 8 character pattern matched file name. File type is required if file name is specified.
|
|
|
1 to 8 character pattern matched file type. File name is required if file type is specified.
|
|
|
1 to 8 character pattern matched file pool name. Default is `*:'.
|
|
|
1 to 8 character pattern matched file space name.
|
|
|
Each directory specified is a 1 to 16 character pattern matched directory name.
|
Rule Fileid: Only valid for rules with an action and RuleFt of MANAGE
|
|
1 to 8 character pattern matched file name.
|
|
|
Must be specified as one of: ADMIN, GRPADMIN, USRADMIN, USRDFLT, GRPDFLT, DEFAULT, or MANAGE
|
Options
|
|
|
|
|
Indicates that the filename and filetype specified in the SFS Object contain mixed case characters and should not be upper cased by SafeSFS.
|
|
|
|
|
|
Indicates that the fs specified in Object is an acigroup, not a file space. fs in Object indicates all members of the matching acigroup.
|
Return Codes
Return Code
|
Meaning
|
0
|
Rule added
|
4
|
Not authorized.
|
8
|
Command failed. Rule not added.
|
110
|
Rule being added is a duplicate of an existing rule. Rule is not added.
|
113
|
Invalid parameter.
|
114
|
Invalid option.
|
115
|
Invalid rule file type.
|
116
|
Invalid rule file name.
|
118
|
Missing rule object filespace.
|
119
|
Invalid rule object file space.
|
120
|
Invalid rule object file name.
|
121
|
Invalid rule object directory.
|
122
|
Invalid rule object file pool.
|
123
|
Invalid rule object file type.
|
124
|
Missing rule.
|
125
|
Missing parameter requestor type.
|
127
|
Invalid object for action Manage.
|
128
|
Conflicting rule file name and file space name.
|
143
|
Missing parameter file type.
|
144
|
Option ACIGROUP must be specified.
|
145
|
REJECT may not be used with MANGE.
|
147
|
Invalid action for rule file specified.
|
Usage Notes
- fp:fs. in the SFS object, is required. The period following the filespace is also required. All other tokens of the SFS object are optional. If directories are specified, they must be preceded by a period. The period following the last directory is optional. Trailing pattern matching may be used by specifying an *.
Examples
- SAFESFS ADD ADMIN ACCEPT JOHN WRITE *:*.
This command adds a rule allowing user JOHN to WRITE all file spaces in all file pools. The rule is added to the GLOBAL ADMIN rule file.
- SAFESFS ADD MANAGE ACCEPT JOHN MANAGE GLOBAL ADMIN
This command adds a rule allowing user JOHN to MANAGE the GLOBAL ADMIN rule file. The rule is added to the SAFESFS MANAGE rule file.
- SAFESFS ADD ADMIN ACCEPT ACIGROUP SYSTEMS WRITE *:*.
This command adds a rule allowing members of acigroup SYSTEMS to WRITE all file spaces in all file pools. The rule is added to the GLOBAL ADMIN rule file.
|
