NET/MASTER Management Services (MS) System Management Guide
Securing External Utilities
Managing Access to External Utilities and Applications
115414 NonStop NET/MASTER MS System Management Guide 6–27
Securing External
Utilities
When a user attempts to invoke a utility, NonStop NET/MASTER MS searches two
command set definition databases to determine whether the user has sufficient
authority to use the utility or one of its commands. The databases contain records that
specify the minimum command authority level required to use a utility’s commands:
The distributed command set definition database contains command set definition
records for the utilities defined in the distributed utility definition database. This
database is specified by the UADAUTH operand of the PARAM command. (See
Section 3, “Configuring NonStop NET/MASTER MS,” for additional information
about this operand.)
The customized command set definition database contains records that you add.
The database also contains information about records that you modify or delete.
This database is specified by the UACAUTH operand of the PARAM command.
(See Section 3, “Configuring NonStop NET/MASTER MS,” for additional
information about this operand.)
The distributed command set definition database can be overwritten with new releases
and software updates; the customized command set definition database cannot be
overwritten.
You can specify the minimum command authority level required to start a session
with an external utility. If the utility is a conversational-mode utility, you can specify
the minimum command authority level required to use individual commands. For
example, you can specify the minimum command authority level required to start a
session with the Peripheral Utility Program (PUP). You can also specify one minimum
command authority level for the PUP LISTDEV command, and another, higher
minimum command authority level for the more disruptive PUP DOWN command.
The facilities used to add and maintain command set definition records are accessed
by moving to the UMS : Utility Command Set Maintenance Menu panel.
Securing external utility command sets involves creating and maintaining command
set definition records. Utility Maintenance Services provide facilities for each of these
tasks:
Adding a command set definition record
Viewing a command set definition record
Modifying a command set definition record
Deleting a command set definition record
Viewing a list of utility command sets
To add and manage command set definition records, use the command set definition
maintenance panels. You can access the panels from the UMS : Utility Command Set
Maintenance Menu panel. Figure 6-3 shows you how to proceed through the panels
used to add and maintain command set definition records.