Safeguard Reference Manual (G06.24+, H06.03+ )
Safeguard Reference Manual—520618-013
1-1
1 Introduction
This section introduces the Safeguard software and presents important basic concepts:
•
Safeguard security-management features
°
User Authentication
°
Object-access authorization
°
Auditing
°
Control of logon dialog
°
Security groups
°
File-sharing groups
°
Event-exit processes
•
Definition of the terms authentication, remote, and local
•
Who can use the SAFECOM commands and how this authority is granted
•
Definition of the super ID’s capabilities and limitations
For more information about the Safeguard features and about creating and managing
access control lists for protected objects, see the Safeguard User’s Guide and
Safeguard Administrator’s Manual. For more information about using the Safeguard
auditing facilities, see the Safeguard Audit Service Manual.
Safeguard Security-Management Features
The features of the Safeguard security-management facility fall into three categories:
user authentication, object-access authorization, and auditing. This subsection briefly
describes each category of Safeguard features.
User Authentication
To log on to a system controlled by the Safeguard software, a user must be
authenticated by the Safeguard software. The Safeguard subsystem controls both
interactive and procedural logon attempts by verifying a user’s user name and logon
password. In addition, the Safeguard subsystem can manage other user attributes
such as password expiration and can record attempts to log on or to access a user’s
authentication record in the audit trail.
A user can also be assigned one or more aliases that can be used to log on to the
system. The attribute values in a user alias authentication record can differ from values
in the authentication record of the underlying user ID.
The following summary lists the user and alias authentication features. (The
SAFECOM command is given in parentheses.) Any task that the owner of a Safeguard
record can perform, the owner’s group manager can perform also.