Safeguard Reference Manual (G06.24+, H06.03+ )
Safeguard Reference Manual—520618-013
11-1
11
Process and Subprocess Security
Commands
With the SAFECOM process and subprocess security commands, any user can
assume ownership of a process name by adding an authorization record for that name
to the Safeguard object database. After an authorization record is added for a name,
all attempts to access a process or subprocess that has the protected name are
subject to Safeguard authorization checks and, optionally, to Safeguard access
auditing. (You can use OBJECTTYPE PROCESS and SUBPROCESS to restrict this
behavior. For more information, see Section 12, OBJECTTYPE Security Commands.)
To control access to the process name, the owner of an authorization record can
create an access control list, (ACL). Accessing a process name includes creating a
process that has the protected process name, opening a process that runs with the
protected name, and stopping a process that runs with the protected name. The owner
of a process name authorization record can also specify when the Safeguard software
should audit attempts to access the process name.
This section begins with a brief overview of the Safeguard access control features for
processes and subprocesses and summarizes the process security commands.
Following the command summary, the process and subprocess security commands
are described in detail.
Process and Subprocess Security
In a system protected by the Safeguard software, process security consists of access
control for two entities:
•
Program object disk files. To create a process that runs a program object disk file
under standard Guardian security, a user must have EXECUTE authority for that
object disk file. The owner of a protected program object file can use the
SAFECOM disk file security commands to control users’ ability to run the object
file.
•
Process names. When a process is started, you can specify that the process run
with a process name (by including the NAME option in the RUN command). If that
process name is protected by the Safeguard software, the resulting process is
subject to Safeguard access controls.