Introduction to NonStop Operations Management

ManualsBrandsHP ManualsServerHP NonStop G-Series

171

172

173

174

175

176

177

178

179

180

Security Management

Introduction to NonStop Operations Management–125507

9-13

Special User IDs

The Super ID

Users with the super ID (255,255) can access all data and devices, and they can log on

as any user without knowing the user’s password.

You can use the Safeguard product to restrict some of the super-ID capabilities.

Controlling access to the super ID is crucial to protecting a Tandem system because the

super ID bypasses protective restrictions that the operating system applies to other users.

The super ID (255,255) should not be used for day-to-day operations. The super ID

should be used only to:

•

Resolve emergencies

•

License files

•

Revoke licenses

•

Install new software

While a super-ID logon is not needed under normal conditions, it might be required to

solve certain problems. Having access to a super-ID password is sometimes the fastest

way—and even the only way—to solve a problem.

One way to ensure the availability of super-ID capabilities while also restricting their

use is to record the super-ID password on a piece of paper, seal it in an envelope, and

entrust the envelope to a party or organization who is informed and who is always

present. Use of the envelope is governed by the following procedures and guidelines:

•

The trusted party (who is always available) is given a list of people and

circumstances under which the envelope can be surrendered.

•

A log is kept of the envelope’s use.

•

The envelope must be torn open to get to the password.

•

The true guardians of the password must be able to audit the envelope to ensure that

it has not been improperly tampered with.

•

The person who needs access to the envelope must log a business reason for the

access.

These guidelines provide an audit trail, separation of duties, and access to the system

when it is needed. Your security policy should document these guidelines.

Table 9-1. Classes of Special System Users

Users Typical User Name User ID

Super ID SUPER.SUPER 255,255

Super-group user SUPER.user-name 255,n

Group manager group-name.MANAGER n,255