Safeguard Administrator's Manual (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction
- 2 Controlling User Access
- Introduction
- Using SAFECOM to Establish a Local User Community
- Using SAFECOM to Manage User Access to Your System
- Changing the Owner of a User Authentication Record
- Granting a User Temporary Access to Your System
- Requiring Users to Change Their Passwords
- Granting a Grace Period for Changing an Expired Password
- Forcing Immediate Expiration of a User’s Password
- Freezing a User's Ability to Access the System
- Specifying Auditing for a User ID
- Deleting Users
- Deleting Administrative Groups
- Using SAFECOM to Establish a Network of Users
- Using Safeguard With Nodes With Standard Security
- Identifying Network Users
- Granting a Network User Access to Objects on Your System
- Establishing a Community of Network Users
- Changes to the PAID During a User’s Session
- Additional Considerations for Aliases and Groups
- Additional Considerations for ACCESS with Network Specific Subject IDs
- Establishing Default Protection for a User's Disk Files
- Specifying a Default Command Interpreter for a User
- Establishing Guardian Defaults
- Assigning an Alias to a User
- 3 Managing User Groups
- 4 Securing Volumes and Devices
- 5 OBJECTTYPE Control
- 6 Managing Security Groups
- 7 Securing Terminals
- 8 Warning Mode
- 9 Configuration
- Safeguard Attributes
- Configuring User Authentication
- Configuring Password Control
- Configuring Device Control
- Configuring Process Control
- Configuring Disk-File Control
- Configuring Safeguard Auditing
- Configuring a Default Command Interpreter
- Configuring Communication With $CMON
- Configuring Logon Dialog
- Configuring Exclusive Access at Safeguard Terminals
- Configuring Warning Mode
- Configuring Persistence
- Configuring Attributes for Node Specific Subjects in ACLs
- 10 Installation and Management
- Safeguard Components
- Process Considerations for the SMP and SAFECOM
- Safeguard Subsystem Management Commands
- General Installation Procedure
- Installing the Safeguard Software
- Starting the SMP
- Converting to the Safeguard Subsystem
- Updating the Safeguard Software
- Guidelines for Securing the Safeguard Subsystem
- Monitoring the Safeguard Subsystem
- A SAFECOM Command Syntax
- Index
Managing Security Groups
Safeguard Administrator’s Manual—523317-013
6-2
Table 6-2 lists and describes the SECURITY-GROUP security commands.
ADD EVENT-EXIT-PROCESS Yes No
ALTER EVENT-EXIT-PROCESS Yes No
DELETE EVENT-EXIT-PROCESS Yes No
ALTER SAFEGUARD Yes No
STOP SAFEGUARD Yes No
Note. Until you add the SECURITY-ADMINISTRATOR and SYSTEM-OPERATOR security
groups, any super-group user (user ID 255,n) can use all the commands listed in Table 6-1
.
Table 6-2. SECURITY-GROUP Command Summary (page 1 of 2)
Command Description
ADD SECURITY-GROUP Adds a group authorization record with the specified group
attribute values. If you do not specify attribute values, the
current default is used. By default, only a member of the
local super group can add an authorization record for a
security group.
ALTER SECURITY-GROUP Changes one or more attribute values in a group
authorization record. For all attributes except ACCESS,
the ALTER SECURITY-GROUP command replaces the
current value with the specified value. For the ACCESS
attribute, ALTER SECURITY-GROUP changes the
existing access list to incorporate the access specification.
DELETE SECURITY-GROUP Deletes a group authorization record. Afterward, only local
super-group members can execute the restricted
commands.
FREEZE SECURITY-GROUP Temporarily disables authorities granted to users who
have group access. Then, only the owners of a group
authorization record, the primary owner's group manager,
and the local super ID can execute the restricted
commands.
INFO SECURITY-GROUP Displays the existing attribute values of a group
authorization record.
RESET SECURITY-GROUP Sets one or more default group attribute values to the
predefined values of the SET command.
Table 6-1. Security Groups and Restricted Commands (page2of2)
Command
SECURITY-
ADMINISTRATOR
SYSTEM-
OPERATOR