3 Security Features

To avoid potential security threats, customers operating a shared file system must be concerned about:

• Disclosure of file system data in violation of policy

• Loss of data

• Undetected modification of data

These security threats can be minimized by proper configuration and by following the post-installation checklist in Appendix A, "Secure Deployment Checklist."

The Security Model

The critical security features that provide protections against security threats are:

• Authentication – Ensures that only authorized individuals are granted access to the system and data.

• Authorization – Access control to system privileges and data. This feature builds on authentication to ensure that individuals get only appropriate access.

• Audit – Enables administrators to detect attempted breaches of the authentication mechanism and attempted or successful breaches of access control.

Authentication

SAM-QFS uses host-based user authentication to control who can perform administration tasks. Administration using the SAM-QFS Manager is mainly controlled by roles which are assigned to various users. Administration using the command line is limited to the root user.

Access Control

Access control in SAM-QFS is divided into two parts:

• Administrative access control – Controls who can take administrative actions for SAM-QFS. The controls are based on roles that are assigned to users through SAM-QFS Manager. For command-line operations, controls are based on root permissions. For more information about SAM-QFS Manager, see the StorageTek Storage Archive Manager and StorageTek QFS Software Release 5.4 Customer Documentation Library at: http://www.oracle.com/technetwork/documentation/tape-storage-curr-187744.html#samqfs

• File/directory access control – SAM-QFS implements a POSIX compliant file system that has a rich set of access controls. See the SAM-QFS documentation for more details.