Permissions Reference - HP BB118BV - StorageWorks Data Protector Express Package User's Manual & Technical Reference

Volume in three ways: as a user, as a member of the Marketing group and as a result of his equivalency
to User 2. When Data Protector Express calculates his effective permissions, it uses these direct permissions
from all three sources. In this case, will have five permissions; Create, Modify, Delete, Write and Read.
NOTE:
It does not matter that User 1's own direct permissions as a user do not include Create and Modify
permissions. Data Protector Express uses all three sources to determine User 1's effective permissions to
the volume. In this case, User 1's membership in the Marketing group grants him Create and Modify
permissions.
Example 13. Given the above example, suppose we wanted to deny all permissions
to the Volume. How could this be accomplished?
To deny all permissions to the Volume, three things must happen: his equivalency to User 2 must end; his
membership in the Marketing group must end; and his direct permissions must be changed so that is
listed on the Permissions page of the Volume but no permission boxes are checked.
NOTE:
Listing User 1 on the Permissions page and clearing the permissions check boxes is not enough to deny
his permissions to the property page. User 1 must no longer be equivalent to User 2 and User 1 must
no longer be a member of the Marketing group.
Checking effective permissions
On complex installations with multiple users and groups and varying levels of security, a particular
user's effective permissions can be difficult to identify. The easiest way to identify a user's effective
permissions is to log on as that user.
If you have not yet assigned the user a password, simply log on as the user. Browse the various General
property pages of the objects in the catalog. Verify that the displayed effective permissions match your
intended security measures.
If the user has a password and you do not know it, create an "alias" user and make it equivalent to the
user whose permissions you wish to check. Then log on as the alias user. Be certain to delete both the
alias user and its folder after verifying the effective permissions.

Permissions Reference

There are seven permissions: Read, Write, Delete, Modify, Create, Access and Supervisor. These
permissions affect different objects in the Data Protector Express catalog differently. Even though a
particular permission may not apply directly to that object, objects below it in the catalog hierarchy can
still inherit permissions from that object.
Read permission
Affected objects: Media, controller, device, library, volume, directory, file, catalog.
Description: Controls whether a user can read from a given catalog object.
In the case of physical peripherals that perform read functions, such as controllers, devices, libraries and
volumes, Read permission to the peripheral is required in order for Data Protector Express to instruct the
peripheral to read files or directories.
In case of catalog objects that hold data, such as media, volumes, directories and files, Read permission
is required to read the data these objects contain.
Affected commands: Copy, Run (job type), Rewind, Start, Eject Media, Eject Magazine,
Retension, Restore Catalog, Clean Device, Identify Media, Import Media, .
This permission enables Copy but not Paste, allowing the user to copy objects in the catalog.
268
Managing the Storage Domain