Safeguard Reference Manual (G06.24+, H06.03+ )

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

211

212

213

214

215

216

217

218

219

220

Safeguard Reference Manual—520618-013

7-1

7 Group Commands

The GROUP commands allow a security administrator to define user groups and

manage the membership of those groups. User groups created explicitly with the ADD

GROUP command can exist independently of user definitions. The groups created in

this manner usually serve as file-sharing groups rather than as administrative groups.

Typically, an administrative group is created implicitly with the ADD USER command,

as described in Section 5, User Security Commands.

The attributes in a group definition record allow you to specify the group’s name and

numeric ID, a text description, and a list of group members. Group names and IDs can

be mentioned in the Access clause of ACLs defined in protection records. Unlike the

Safeguard security groups described in Section 13, Security Group Commands, the

groups defined with GROUP commands have no inherent privileges or restrictions

associated with them.

Use the MEMBER attribute in a group definition record to specify the users who are

members of the group. You can make a single user or alias a member of up to 32

groups. A single group can contain more than 256 members for file sharing.

Who Can Manage User Groups

If no ACL has been defined for OBJECTTYPE USER, use of the ADD GROUP

command is restricted to super-group members. If an ACL exists for OBJECTTYPE

USER, only users with create (C) authority on that access control list can use the ADD

GROUP command.

By default, the OWNER attribute in a group definition record contains the user ID of the

user who first created the group and who therefore owns that group definition record.

This record owner can change the attributes in the group record. In addition, the

original owner can set the OWNER attribute to the user ID of any other user. That other

user then has control of the group record. At any time, the new owner (or the owner’s

group manager or the super ID) can transfer ownership to yet another user.

The owner of a group created implicitly with the ADD USER command is the user who

executes that command to add the first user to the group. This group owner can

subsequently use the GROUP commands to manage the group definition record.

Only the record owner, that owner’s group manager, and the super ID user can change

a group definition record or delete the record.

Only the record owner, that owner’s group manager, and the super ID user can view

their group details by executing the INFO GROUP command.

Note. In prior product versions, GROUP commands were used to manage Safeguard security

groups. GROUP commands are now used to manage file-sharing groups, as described in this

section. Security groups are now managed with the SECURITY-GROUP commands, as

described in Section 13, Security Group Commands