Safeguard Reference Manual (G06.24+, H06.03+ )
Safeguard Reference Manual—520618-013
13-1
13 Security Group Commands
Safeguard security group commands allow a security administrator to define security
groups of users who can execute certain restricted commands. The security group
commands are similar to OBJECTTYPE commands.
The security groups, SECURITY-ADMINISTRATOR, SYSTEM-OPERATOR, and
SECURITY-OSS-ADMINISTRATOR, can be added to the Safeguard database. These
security groups do not exist until they are added using the ADD SECURITY-GROUP
command.
Until the security groups are added, all super-group members can execute audit
service commands, TERMINAL commands, EVENT-EXIT-PROCESS commands, and
the ALTER SAFEGUARD and STOP SAFEGUARD commands. Creating the security
groups allows you to restrict use of these commands by designating the specific users
who are allowed to execute the commands. After a security group is created, only
users with EXECUTE authority on the access control list (ACL) can use the commands
restricted to that security group.
Members of the SECURITY-ADMINISTRATOR security group can execute these
restricted commands:
ALTER SAFEGUARD
STOP SAFEGUARD
ADD EVENT-EXIT-PROCESS
ALTER EVENT-EXIT-PROCESS
DELETE EVENT-EXIT-PROCESS
ADD AUDIT POOL
ALTER AUDIT POOL
ALTER AUDIT SERVICE
DELETE AUDIT POOL
SELECT
ADD TERMINAL
ALTER TERMINAL
DELETE TERMINAL
FREEZE TERMINAL
THAW TERMINAL
Members of the SYSTEM-OPERATOR security group can execute these restricted
commands:
ADD AUDIT POOL
ALTER AUDIT POOL
DELETE AUDIT POOL
NEXTFILE
Note. In prior product versions, the Safeguard security groups were managed by GROUP
commands. GROUP commands are now used to manage file-sharing groups, as described in
Section 7, Group Commands
. Security groups are now managed with the SECURITY-GROUP
commands, as described in this section.
Note. The SECURITY-OSS-ADMINISTRATOR security group is supported only on systems
running G06.29 and later G-series RVUs and H06.08 and later H-series RVUs.