Safeguard Reference Manual (G06.24+, H06.03+ )

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

441

442

443

444

445

446

447

448

449

450

Security Group Commands

Safeguard Reference Manual—520618-013

13-8

ALTER SECURITY-GROUP Command

Considerations

•

Additional owners can modify the authorization record.

In addition to the owner, the primary owner’s group manager, and the local super

ID, any user ID that has an ACL entry granting OWNER authority can also modify

the security group authorization record.

•

Attributes in an ADD command affect only the record added.

Any attribute specifications in an ADD SECURITY-GROUP command affect only

the authorization record being created and do not change the current default group

attribute values. This condition is also true for a LIKE clause in an ADD

SECURITY-GROUP command.

Example

You can use a LIKE sec-group-name clause to copy all attribute values for one

security group from another security group. Then you can specify in the same

command line that one or more attribute values will be different.

This sample command adds an authorization record for the SYSTEM-OPERATOR

security group that has the same group attribute values (and ACL) as the SECURITY-

ADMINISTRATOR security group, except for the OWNER attribute:

=ADD SECURITY-GROUP sys-oper, LIKE sec-admin, OWNER super.sue

You can define membership in the SECURITY-OSS-ADMINISTRATOR security group

by adding an authorization record for that group. For example, this command creates

the authorization record for the SECURITY-OSS-ADMINISTRATOR security group:

=ADD SECURITY-GROUP SECURITY-OSS-ADMINISTRATOR, &

OWNER SUPER.TEST, AUDIT-ACCESS NONE, &

AUDIT-MANAGE-PASS ALL, &

ACCESS TEST1.USER1 (E,O); TEST1.USER2 (E); TEST1.USER3(O)

ALTER SECURITY-GROUP Command

ALTER SECURITY-GROUP changes one or more attribute values in a security group

authorization record. Both the owner and the primary owner’s group manager can

change a security group authorization record. In addition, any user ID that has an ACL

entry granting it OWNER authority can also modify the security group authorization

record.

Except for the ACCESS attribute, new group attribute values specified in an ALTER

SECURITY-GROUP command replace the existing attribute values. Specifying a new

ACCESS access-spec adds the new access-spec to the security group’s existing

Note. The SECURITY-OSS-ADMINISTRATOR security group is supported only on systems

running G06.29 and later G-series RVUs and H06.08 and later H-series RVUs.