Manualshelf

Introduction to NonStop Operations Management

ManualsBrandsHP ManualsServerHP NonStop G-Series
171172173174175176177178179180
Security Management
Introduction to NonStop Operations Management–125507
9-12
Access-Control Lists (ACLs)
Access-Control Lists (ACLs)
Depending on your organization’s security policy, you might have to restrict access to
system software so that only selected users or user groups can execute the software. To
restrict access, use Safeguard access-control lists (ACLs). Safeguard ACLs allow you to
specify exactly which users have access to what files. The Safeguard product maintains
ACLs for all objects under its protection. If you do not use Safeguard ACLs, group
membership is the only way you can limit file access to a subset of users.
Adding User IDs
When users are added to the system, user ID attributes must be defined. You should
provide guidelines for defining the attributes for ID ownership, logon and password
expiration, and audit access and logging.
Assigning User Aliases
If you are using the Safeguard product, you can define user aliases. A user alias is an
alternate name that can be assigned to a user for purposes of logging on to the system.
Each alias may be assigned a unique set of attributes.
The use of aliases can provide individual accountability and separation of duties when
several users share the same user ID or when a single user performs separate job
functions. For example, in the OSS environment, it may be advantageous to assign
different aliases for the same user ID, then assign each alias to a different file-sharing
group. This way, different users sharing the same user ID would receive different group
file permissions based on file-sharing group membership.
Special User IDs
There are three classes of special user IDs: the super ID (255,255), the super-group user
(255,n), and the group manager (n,255). Special IDs give users additional privileges.
Table 9-1 shows the three user classes and the associated user names and user IDs. Your
security policy should explain who can use the special user IDs and under what
conditions. You should restrict access to the special IDs to as few people as possible.
Note. Safeguard access-control lists cannot be used to protect OSS files. Access to OSS files
is controlled by OSS file permission bits, as described in the Open System Services
Management and Operations Guide.
Note. Special-ID functions can be assigned to other user IDs through the Safeguard product.
You might want to control who is allowed to perform these functions whether or not users have
a special ID.