Manualshelf

Safeguard Reference Manual (G06.24+, H06.03+ )

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
31323334353637383940
Introduction
Safeguard Reference Manual520618-013
1-7
File-Sharing Groups
File-Sharing Groups
The Safeguard software allows you to create user groups for file-sharing purposes.
With the GROUP commands, users can be assigned to multiple groups and group
membership can be extended beyond 256 users. Section 7, Group Commands,
describes how to create and maintain file-sharing groups.
Security Groups
The Safeguard software allows you to create three security groups named
SECURITY-ADMINISTRATOR, SYSTEM-OPERATOR, and
SECURITY-OSS-ADMINISTRATOR to restrict the use of various SAFECOM
commands. After these security groups are created, only the group members can
execute certain TERMINAL, EVENT-EXIT-PROCESS, SAFEGUARD, and audit
service commands. Security group membership also determines who can alter the
Safeguard configuration and stop the Safeguard software. Section 13, Security Group
Commands, describes how to create and maintain the security groups.
Terminal Control
The TERMINAL commands allow you to define terminals on your system so that the
Safeguard software controls those terminals. When the Safeguard software controls
the a terminal, you can specify that a particular command interpreter be started
automatically after user authentication at the terminal. Prior to D30, an extended logon
dialog was available only at Safeguard terminals. Effective with D30, the HP Tandem
Advanced Command Language (TACL) command interpreter also provides these
extended features as long as Safeguard is running. Section 14, Terminal Security
Commands, describes how to define terminals so that they are controlled by the
Safeguard software.
Event-Exit Process
The Safeguard software can be configured to pass authorization, authentication, and
password-change requests to a user-written process, thereby allowing that process to
participate in security policy enforcement. Section 15, Event-Exit-Process Commands,
describes how to configure an event-exit process and provides guidelines for designing
and developing such a process.
Auditing
A Safeguard record owner can define auditing for any protected object or user. Each
Safeguard record contains auditing specifications that determine which system events
are recorded in the Safeguard audit files. Each auditing specification consists of an
auditing attribute and its current defined value.
The auditing specifications are fully described in the syntax for the SET commands.
For more information, see Sections 5 through 13. You use a separate set of commands