Safeguard Administrator's Manual (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction
- 2 Controlling User Access
- Introduction
- Using SAFECOM to Establish a Local User Community
- Using SAFECOM to Manage User Access to Your System
- Changing the Owner of a User Authentication Record
- Granting a User Temporary Access to Your System
- Requiring Users to Change Their Passwords
- Granting a Grace Period for Changing an Expired Password
- Forcing Immediate Expiration of a User’s Password
- Freezing a User's Ability to Access the System
- Specifying Auditing for a User ID
- Deleting Users
- Deleting Administrative Groups
- Using SAFECOM to Establish a Network of Users
- Using Safeguard With Nodes With Standard Security
- Identifying Network Users
- Granting a Network User Access to Objects on Your System
- Establishing a Community of Network Users
- Changes to the PAID During a User’s Session
- Additional Considerations for Aliases and Groups
- Additional Considerations for ACCESS with Network Specific Subject IDs
- Establishing Default Protection for a User's Disk Files
- Specifying a Default Command Interpreter for a User
- Establishing Guardian Defaults
- Assigning an Alias to a User
- 3 Managing User Groups
- 4 Securing Volumes and Devices
- 5 OBJECTTYPE Control
- 6 Managing Security Groups
- 7 Securing Terminals
- 8 Warning Mode
- 9 Configuration
- Safeguard Attributes
- Configuring User Authentication
- Configuring Password Control
- Configuring Device Control
- Configuring Process Control
- Configuring Disk-File Control
- Configuring Safeguard Auditing
- Configuring a Default Command Interpreter
- Configuring Communication With $CMON
- Configuring Logon Dialog
- Configuring Exclusive Access at Safeguard Terminals
- Configuring Warning Mode
- Configuring Persistence
- Configuring Attributes for Node Specific Subjects in ACLs
- 10 Installation and Management
- Safeguard Components
- Process Considerations for the SMP and SAFECOM
- Safeguard Subsystem Management Commands
- General Installation Procedure
- Installing the Safeguard Software
- Starting the SMP
- Converting to the Safeguard Subsystem
- Updating the Safeguard Software
- Guidelines for Securing the Safeguard Subsystem
- Monitoring the Safeguard Subsystem
- A SAFECOM Command Syntax
- Index
Controlling User Access
Safeguard Administrator’s Manual—523317-013
2-6
Adding Users to the System
Table 2-1. User Security Attributes and Default Attribute Values (page 1 of 5)
Attribute Description Default Value
OWNER Identifies the primary owner of
this user authentication
record. The primary owner
can:
•
Change any of the user's
security attributes.
•
Suspend and restore the
user's ability to log on to
the system.
•
Transfer ownership of the
user authentication record
to another user.
•
Delete the user
authentication record.
The default value is the user
ID of the person who adds
the new user.
However, when the
Safeguard software is
installed on an existing
system, the owner of an
existing user authentication
record is the group manager
for that user.
OWNER-LIST
*
Identifies the secondary
owners of this user
authentication record. The
secondary owners have the
same privileges as the primary
owners.
However, unlike the primary
owner, the group managers of
the secondary owners do not
have access to the user
authentication record.
The default value is no
secondary owners.
PASSWORD Is the logon password that the
user must enter with the user
name to gain access to the
system.
The default value is no
password.
However, when the
Safeguard software is
installed on an existing
system, users retain their
current logon passwords.
USER-EXPIRES Establishes a date on which
the ability to log on to the
system is suspended.
The default value is no
expiration date.
PASSWORD-EXPIRES Establishes a date on which
the user’s password expires
(expiration can be immediate).
The default value is no
expiration date.
*
The OWNER-LIST attribute is supported only on systems running G06.27 and later G-series RVUs and H06.07
and later H-series RVUs.
^
The TEXT-DESCRIPTION attribute is supported only on systems running G06.27 and later G-series RVUs and
H06.06 and later H-series RVUs.