Manualshelf

TS/MP Release Supplement

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
21222324252627282930
ACS Subsystem
HP NonStop TS/MP Release Supplement546055-006
1-6
ACS Domains
ACS Domains
An ACS domain is a defined set of objects (resources) within a single physical
NonStop system, which are controlled and managed as a unit by the ACS subsystem.
The ACS subsystem and its resources are managed and controlled using the
Subsystem Control Facility (SCF), as shown in Figure 8-1. You can use SCF
commands to manage the ACS subsystem configuration. For more information on SCF
and SCF commands, see Section 8, SCF Command Reference for the ACS
Subsystem.
Security
This subsection includes the following topics:
ACS Subsystem-specific Security Features
Sensitive and Nonsensitive SCF Commands
ACS Subsystem-specific Security Features
There are no changes in the TS/MP 2.0 security features. The ACS subsystem
provides the following security features:
Client access authentication to server processes:
For Pathsend servers, the ACS subsystem provides access authentication for each
request. When a request is submitted to a server process, the redirector process
authenticates the client ID by checking the ID against the security attribute for the
server class and forwards the authenticated requests to the server process.
Environment configuration and operation method authentication:
The
PATHCOM SECURITY and OWNER attributes provide basic access protection
for server classes. These attributes determine which operations you can perform
on an object within the application environment. For example, performing an
operation on a server class or sending information to the process associated with a
server class.
Sensitive and Nonsensitive SCF Commands
SCF commands that change the state or configuration of SCF objects are called
sensitive commands. These commands can be run only by super-ID users.
Note. Client authentication is only performed for Pathsend servers.
Note. The SECURITY attribute is enforced only for Pathsend requesters; security for
SCOBOL requesters is enforced differently. Therefore, you cannot use shared servers that
process both Pathsend and SCOBOL requesters in a common security model.