Safeguard Administrator's Manual (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction
- 2 Controlling User Access
- Introduction
- Using SAFECOM to Establish a Local User Community
- Using SAFECOM to Manage User Access to Your System
- Changing the Owner of a User Authentication Record
- Granting a User Temporary Access to Your System
- Requiring Users to Change Their Passwords
- Granting a Grace Period for Changing an Expired Password
- Forcing Immediate Expiration of a User’s Password
- Freezing a User's Ability to Access the System
- Specifying Auditing for a User ID
- Deleting Users
- Deleting Administrative Groups
- Using SAFECOM to Establish a Network of Users
- Using Safeguard With Nodes With Standard Security
- Identifying Network Users
- Granting a Network User Access to Objects on Your System
- Establishing a Community of Network Users
- Changes to the PAID During a User’s Session
- Additional Considerations for Aliases and Groups
- Additional Considerations for ACCESS with Network Specific Subject IDs
- Establishing Default Protection for a User's Disk Files
- Specifying a Default Command Interpreter for a User
- Establishing Guardian Defaults
- Assigning an Alias to a User
- 3 Managing User Groups
- 4 Securing Volumes and Devices
- 5 OBJECTTYPE Control
- 6 Managing Security Groups
- 7 Securing Terminals
- 8 Warning Mode
- 9 Configuration
- Safeguard Attributes
- Configuring User Authentication
- Configuring Password Control
- Configuring Device Control
- Configuring Process Control
- Configuring Disk-File Control
- Configuring Safeguard Auditing
- Configuring a Default Command Interpreter
- Configuring Communication With $CMON
- Configuring Logon Dialog
- Configuring Exclusive Access at Safeguard Terminals
- Configuring Warning Mode
- Configuring Persistence
- Configuring Attributes for Node Specific Subjects in ACLs
- 10 Installation and Management
- Safeguard Components
- Process Considerations for the SMP and SAFECOM
- Safeguard Subsystem Management Commands
- General Installation Procedure
- Installing the Safeguard Software
- Starting the SMP
- Converting to the Safeguard Subsystem
- Updating the Safeguard Software
- Guidelines for Securing the Safeguard Subsystem
- Monitoring the Safeguard Subsystem
- A SAFECOM Command Syntax
- Index
Safeguard Administrator’s Manual—523317-013
Index-1
Index
A
ACCESS authorities
for all objects 4-2
for devices and subdevices 4-4
for disk volumes 4-3
for OBJECTTYPE records 5-3
Access control lists
device and subdevice priority 9-9
for terminals 7-1
process and subprocess priority 9-10
testing 8-1
volume, subvolume and disk-file
priority 9-12
ADD ALIAS command 2-40
ADD DEVICE command 4-1, 4-4
ADD GROUP command 3-2
ADD OBJECTTYPE command 5-3
ADD SECURITY-GROUP command 6-3
ADD TERMINAL command 7-3
ADD USER command 2-10
ADD VOLUME command 4-1, 4-3
Adding a device to the Safeguard
database 4-4
Adding a subdevice to the Safeguard
database 4-4
Adding a volume to the Safeguard
database 4-3
Adding an OBJECTTYPE record 5-3
Adding users 2-5, 2-11
ADDUSER program 2-27, 10-9
Administrative group 2-4, 3-1
Alias
adding 2-39
altering 2-40
as an object type 5-4
defined 2-39
ALTER ALIAS command 2-40
ALTER DEVICE command 4-1
ALTER GROUP command 3-3
ALTER OBJECTTYPE command 5-3
ALTER SAFEGUARD command 2-2, 6-1,
9-1, 10-4
ALTER SECURITY-GROUP command 6-5
ALTER TERMINAL command 7-4
ALTER USER command 2-10
ALTER VOLUME command 4-1
Attributes
OBJECTTYPE 5-1
user security 2-6
Audit attributes
for an OBJECTTYPE 5-6
for user security 2-6
Audit files 10-13
Auditing
for a user ID 2-24
for an OBJECTTYPE 5-6
AUDIT-AUTHENTICATE-FAIL attribute 2-6,
9-14
AUDIT-AUTHENTICATE-PASS
attribute 2-6, 9-14
AUDIT-CLIENT-GUARDIAN 9-3
AUDIT-CLIENT-OSS 9-4
AUDIT-CLIENT-SERVICE attribute 9-18
AUDIT-MANAGE-FAIL attribute 2-6
AUDIT-MANAGE-PASS attribute 2-6
AUDIT-USER-ACTION-FAIL attribute 2-6
AUDIT-USER-ACTION-PASS attribute 2-6
authorization record 6-4
Automatic group deletion 3-5
AUTO-DELETE flag 3-5
B
BLINDLOGON attribute 9-20
C
Changing a password 2-20, 2-21