Safeguard Administrator's Manual (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction
- 2 Controlling User Access
- Introduction
- Using SAFECOM to Establish a Local User Community
- Using SAFECOM to Manage User Access to Your System
- Changing the Owner of a User Authentication Record
- Granting a User Temporary Access to Your System
- Requiring Users to Change Their Passwords
- Granting a Grace Period for Changing an Expired Password
- Forcing Immediate Expiration of a User’s Password
- Freezing a User's Ability to Access the System
- Specifying Auditing for a User ID
- Deleting Users
- Deleting Administrative Groups
- Using SAFECOM to Establish a Network of Users
- Using Safeguard With Nodes With Standard Security
- Identifying Network Users
- Granting a Network User Access to Objects on Your System
- Establishing a Community of Network Users
- Changes to the PAID During a User’s Session
- Additional Considerations for Aliases and Groups
- Additional Considerations for ACCESS with Network Specific Subject IDs
- Establishing Default Protection for a User's Disk Files
- Specifying a Default Command Interpreter for a User
- Establishing Guardian Defaults
- Assigning an Alias to a User
- 3 Managing User Groups
- 4 Securing Volumes and Devices
- 5 OBJECTTYPE Control
- 6 Managing Security Groups
- 7 Securing Terminals
- 8 Warning Mode
- 9 Configuration
- Safeguard Attributes
- Configuring User Authentication
- Configuring Password Control
- Configuring Device Control
- Configuring Process Control
- Configuring Disk-File Control
- Configuring Safeguard Auditing
- Configuring a Default Command Interpreter
- Configuring Communication With $CMON
- Configuring Logon Dialog
- Configuring Exclusive Access at Safeguard Terminals
- Configuring Warning Mode
- Configuring Persistence
- Configuring Attributes for Node Specific Subjects in ACLs
- 10 Installation and Management
- Safeguard Components
- Process Considerations for the SMP and SAFECOM
- Safeguard Subsystem Management Commands
- General Installation Procedure
- Installing the Safeguard Software
- Starting the SMP
- Converting to the Safeguard Subsystem
- Updating the Safeguard Software
- Guidelines for Securing the Safeguard Subsystem
- Monitoring the Safeguard Subsystem
- A SAFECOM Command Syntax
- Index
Configuration
Safeguard Administrator’s Manual—523317-013
9-21
Configuring Exclusive Access at Safeguard
Te r mi n als
Use the ALTER SAFEGUARD command as necessary to change these configuration
attributes. For example, use this command to allow the use of either user names or
user IDs during logon:
=ALTER SAFEGUARD, NAMELOGON OFF
Configuring Exclusive Access at Safeguard
Terminals
You can set the TERMINAL-EXCLUSIVE-ACCESS attribute so that a user who is
logged on at a Safeguard terminal has exclusive access to the terminal. This attribute
applies only to terminals that are controlled by the Safeguard software.
TERMINAL-EXCLUSIVE-ACCESS
ON specifies that access at a Safeguard terminal is exclusively reserved for the
user who is currently logged on. No other user can open the terminal during the
authenticated user’s session. OFF specifies that exclusive access is not
guaranteed to a user who is logged on at a Safeguard terminal. The initial value is
OFF.
Configuring Warning Mode
You can configure warning mode, which allows you to test the effectiveness of your
access control lists, as described in Section 8, Warning Mode.
These attributes relate to warning mode:
SYSTEM-WARNING-MODE
ON specifies that warning mode is to be enabled. OFF specifies that warning mode
is to be disabled. The initial value is OFF.
OBJECT-WARNING-MODE
ON specifies that warning mode is to be enabled. OFF specifies that warning mode
is to be disabled. The initial value is OFF.
WARNING-FALLBACK-SECURITY
GUARDIAN specifies that warning mode is to be run with the Guardian fallback
option enabled. GRANT specifies that warning mode is to be run with the Guardian
fallback option disabled. The initial value is GUARDIAN.
To change any of these values, issue the ALTER SAFEGUARD command from
SAFECOM. For example, to enable warning mode and to disable the Guardian fallback
option:
=ALTER SAFE, WARNING-MODE ON, WARNING-FALLBACK-SECURITY GRANT