Safeguard Administrator's Manual (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction
- 2 Controlling User Access
- Introduction
- Using SAFECOM to Establish a Local User Community
- Using SAFECOM to Manage User Access to Your System
- Changing the Owner of a User Authentication Record
- Granting a User Temporary Access to Your System
- Requiring Users to Change Their Passwords
- Granting a Grace Period for Changing an Expired Password
- Forcing Immediate Expiration of a User’s Password
- Freezing a User's Ability to Access the System
- Specifying Auditing for a User ID
- Deleting Users
- Deleting Administrative Groups
- Using SAFECOM to Establish a Network of Users
- Using Safeguard With Nodes With Standard Security
- Identifying Network Users
- Granting a Network User Access to Objects on Your System
- Establishing a Community of Network Users
- Changes to the PAID During a User’s Session
- Additional Considerations for Aliases and Groups
- Additional Considerations for ACCESS with Network Specific Subject IDs
- Establishing Default Protection for a User's Disk Files
- Specifying a Default Command Interpreter for a User
- Establishing Guardian Defaults
- Assigning an Alias to a User
- 3 Managing User Groups
- 4 Securing Volumes and Devices
- 5 OBJECTTYPE Control
- 6 Managing Security Groups
- 7 Securing Terminals
- 8 Warning Mode
- 9 Configuration
- Safeguard Attributes
- Configuring User Authentication
- Configuring Password Control
- Configuring Device Control
- Configuring Process Control
- Configuring Disk-File Control
- Configuring Safeguard Auditing
- Configuring a Default Command Interpreter
- Configuring Communication With $CMON
- Configuring Logon Dialog
- Configuring Exclusive Access at Safeguard Terminals
- Configuring Warning Mode
- Configuring Persistence
- Configuring Attributes for Node Specific Subjects in ACLs
- 10 Installation and Management
- Safeguard Components
- Process Considerations for the SMP and SAFECOM
- Safeguard Subsystem Management Commands
- General Installation Procedure
- Installing the Safeguard Software
- Starting the SMP
- Converting to the Safeguard Subsystem
- Updating the Safeguard Software
- Guidelines for Securing the Safeguard Subsystem
- Monitoring the Safeguard Subsystem
- A SAFECOM Command Syntax
- Index
OBJECTTYPE Control
Safeguard Administrator’s Manual—523317-013
5-2
SUBPROCESS
OBJECTTYPE
USER
OBJECTTYPE DISKFILE has no effect on default protection for a user’s disk files. It
only controls who can execute the ADD DISKFILE command.
Initially, only super-group users can create an OBJECTTYPE authorization record.
However, you can transfer this authority to designated users with OBJECTTYPE
OBJECTTYPE. For more information, see Controlling Who Can Add an Object Type
on page 5-5.
Note. OBJECTTYPE USER also controls who can use the ADD ALIAS and ADD GROUP
commands.
Table 5-1. OBJECTTYPE Security Commands
Command Description
ADD OBJECTTYPE Creates an OBJECTTYPE authorization record with the
specified OBJECTTYPE attribute values. By default, only a
local super-group user can add an OBJECTTYPE authorization
record.
ALTER OBJECTTYPE Changes one or more attribute values in an OBJECTTYPE
authorization record.
DELETE OBJECTTYPE Deletes an OBJECTTYPE authorization record.
FREEZE OBJECTTYPE Suspends access authorities granted to users on the
OBJECTTYPE access control list. When an OBJECTTYPE is
frozen, only the primary owner, the primary owner's group
manager, owners on the access control list, and the local super
ID can create individual authorization records for that type of
object.
INFO OBJECTTYPE Displays the existing attribute values in an OBJECTTYPE
authorization record.
RESET OBJECTTYPE Resets one or more default OBJECTTYPE attributes to
predefined values.
SET OBJECTTYPE Establishes default OBJECTTYPE attributes that you specify.
Subsequent ADD OBJECTTYPE commands use these defaults
for any attributes not specified in the ADD OBJECTTYPE
command.
SHOW OBJECTTYPE Displays the current default values of the OBJECTTYPE
attributes.
THAW OBJECTTYPE Restores a frozen OBJECTTYPE access control list. Users with
CREATE authority can once again create individual authorization
records for that type of object.
Note. The ASSUME session-control command, described in the Safeguard User's Guide,
cannot be used with OBJECTTYPE.