Manualshelf

Safeguard User's Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
11121314151617181920
Safeguard User’s Guide422089-009
1-1
1
Introduction to the Safeguard
Subsystem
The Safeguard subsystem extends the security features of the Guardian environment
to provide more comprehensive security for your system. The Safeguard subsystem
works with the Guardian environment and allows you to apply more extensive and
specific security controls. A comparison of Guardian security features and the
extended features of the Safeguard software is presented later in this section.
Although the Safeguard subsystem can be used to secure access to various system
resources, its primary benefit to the general user is extended protection for disk files,
subvolumes, and processes. Other Safeguard features, which are reserved for
privileged users, are described in the Safeguard Administrator's Manual. Only
privileged users can add other users to the Safeguard database and, typically, control
the security of volumes and devices.
Subjects and Objects
With the Safeguard subsystem, logged-on users are referred to as subjects, and
system resources such as disk files and subvolumes are referred to as objects. An
individual user can own an object, such as a disk file. Object owners can use the
Safeguard software to allow others to share their resources.
To manage your system's subjects and objects, the Safeguard subsystem maintains
both subject and object databases. The subject database contains authentication
records for users and aliases. (Aliases are alternate user names with their own
authentication records.) Object databases contain authorization records for system
resources such as disk files, processes, and volumes.
General users can create and alter the authorization records stored in the object
databases for disk files, subvolumes, and processes. The authorization records for
other types of objects and the authentication records for users are under the control of
your system's security administrator and security team.
For convenience in this manual, authorization records and authentication records are
referred to collectively as protection records.
What Can the Safeguard Subsystem Do?
The Safeguard subsystem provides three major security capabilities to protect the
general user's disk files, subvolumes, and processes:
Authentication—Verifying a user name and password when a user requests access
to the system. As a general user, you can change your password, but you have no