Protecting Objects
» Table of Contents |  | | » Glossary | | | » Index | | |
| | |
| ||
| ||
A single security domain is one in which each cluster member must make the same access control decision when presented with a particular user's access request for a particular object. The operating system provides this level of protection for files, queues, and other cluster-visible objects such as devices, disk and tape volumes, and resource domains. Table 11-5 “Summary of Object Behavior in a Cluster” summarizes the behavior of each object class and explains where each stores security profiles. See Chapter 5 “Descriptions of Object Classes”Chapter 5 for a description of each object class.
Table 11-5 Summary of Object Behavior in a Cluster
| Class | Visibility in Cluster | Location of Profile |
|---|---|---|
Capabilities | Visible only to local node. | Stored on local node. |
Devices | Some can be visible clusterwide. | Profiles stored in VMS$OBJECTS. |
Files | Visible clusterwide. | Stored in file header. |
Global sections | Visible only to local node. | Stored on local node. |
Logical name tables | Visible only to local node. | Stored on local node. |
Queues | Visible clusterwide. | Stored in job-controller queue database (see Table 11-1 “System Files That Must Be Common in a Cluster”). |
Resource domains | Visible clusterwide. | Stored in VMS$OBJECTS. |
Security class | Visible clusterwide. | Stored in VMS$OBJECTS. |
Volumes | Can be visible clusterwide. | Stored on the volume. |