To avoid potential security threats, customers operating a shared file system must be concerned about:
Disclosure of file system data in violation of policy
Loss of data
Undetected modification of data
These security threats can be minimized by proper configuration and by following the post-installation checklist in Appendix A, "Secure Deployment Checklist."
The critical security features that provide protections against security threats are:
Authentication – Ensures that only authorized individuals are granted access to the system and data.
Authorization – Access control to system privileges and data. This feature builds on authentication to ensure that individuals get only appropriate access.
Audit – Enables administrators to detect attempted breaches of the authentication mechanism and attempted or successful breaches of access control.
Oracle HSM uses host-based user authentication to control who can perform administration tasks. Administration using the Manager GUI is mainly controlled by roles which are assigned to various users. Administration using the command line is limited to the root user.
Access control in Oracle HSM is divided into two parts:
Administrative access control – Controls who can take administrative actions for Oracle HSM. The controls are based on roles that are assigned to users through Manager GUI. For command-line operations, controls are based on root permissions. For more information about Manager GUI, see the Oracle Hierarchical Storage Manager and StorageTek QFS Software Release 6.0 Customer Documentation Library at: http://www.oracle.com/technetwork/documentation/tape-storage-curr-187744.html#samqfs
File/directory access control – Oracle HSM implements a POSIX compliant file system that has a rich set of access controls. See the Oracle HSM documentation for more details.