A single security domain is one in which each
cluster member must make the same access control decision when presented
with a particular user's access request for a particular object.
The operating system provides this level of protection for files,
queues, and other cluster-visible objects such as devices, disk and
tape volumes, and resource domains. “Summary of Object Behavior in a Cluster” summarizes the behavior of each object
class and explains where each stores security profiles. See “Descriptions of Object Classes”Chapter 5
for a description of each object class.
Table 12-5 Summary of Object Behavior in a Cluster
| Class | Visibility in Cluster | Location of Profile |
|---|
Capabilities | Visible only
to local node. | Stored
on local node. |
Devices | Some can be
visible clusterwide. | Profiles stored in VMS$OBJECTS. |
Files | Visible clusterwide. | Stored in file header. |
Global
sections | Visible only to local node. | Stored on local node. |
Logical
name tables | Visible only to local node. | Stored on local node. |
Queues | Visible clusterwide. | Stored in job-controller
queue database (see “System Files That Must Be Common in a Cluster”). |
Resource
domains | Visible clusterwide. | Stored in VMS$OBJECTS. |
Security
class | Visible clusterwide. | Stored in VMS$OBJECTS. |
Volumes | Can be visible clusterwide. | Stored on the volume. |
