Safeguard Reference Manual (G06.24+, H06.03+ )

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

161

162

163

164

165

166

167

168

169

170

User Alias Security Commands

Safeguard Reference Manual—520618-013

6-2

Who Can Manage User Aliases

An alias authentication record can have multiple owners. The OWNER attribute in an

alias authentication record designates the record’s primary owner. The OWNER-LIST

attribute optionally designates one or more secondary owners. By default, the OWNER

attribute contains the user ID of the user who first created the alias authentication

record. The OWNER and OWNER-LIST attributes can be changed with a SET ALIAS

command before the record is created, or they can be changed with an ALTER ALIAS

command after the record is created. These record owners can change the security

attributes in the alias authentication record and therefore control the ability of the alias

to log on to the system.

Only the primary and secondary record owners of the alias record, the primary owner’s

group manager, and the super ID can change an alias authentication record, suspend

and restore the ability of the alias to log on to the system, and delete the alias (ALTER

ALIAS, FREEZE ALIAS, THAW ALIAS, and DELETE ALIAS commands, respectively).

The original primary owner and the secondary owners of an alias authentication record

can change the OWNER attribute to the user ID of any other user. That other user then

has control of the ability of the alias to access the system. At any time, the new primary

owner (or the secondary owners or the primary owner’s group manager or the super

ID) can transfer ownership to yet another user.

The ability to display the security attributes of an alias through the INFO ALIAS

command is restricted to these users:

•

The user who was assigned the alias

•

The primary and secondary owners of the alias authentication record

•

The group manager of the primary owner of the alias authentication record

•

The super ID

Any alias of the user can execute the INFO USER command for any other alias of the

user.

Table 6-1 shows who can use the user alias commands to display, add, modify, or

delete an alias authentication record.

Table 6-1. Who Can Use the User Alias Commands (page 1 of 2)

ALIAS Command Who Can Use

SET ALIAS LIKE Any user, primary and secondary record owners, primary owner’s

group manager, and super ID

INFO ALIAS User assigned the alias, primary and secondary record owners,

primary owner’s group manager, and super ID

ALTER ALIAS Primary and secondary record owners, primary owner’s group

manager, and super ID

FREEZE ALIAS Primary and secondary record owners, primary owner’s group

manager, and super ID