Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)
Configuration
Safeguard Administrator’s Manual—523317-029
9-16
Configuring Device Control
Consider this example with the attributes set as:
PASSWORD-MUST-CHANGE EVERY = 20 DAYS
PASSWORD-MAY-CHANGE = 5 DAYS
On July 1, the owner of the user authentication record changes the user's password.
These dates are calculated:
PASSWORD-MAY-CHANGE = * NONE *
PASSWORD-EXPIRES = 21JULY1993
The user must change the password in the next 20 days because the password
expires on July 21.
On July 21, the user changes the password. These new dates are calculated:
PASSWORD-MAY-CHANGE = 17JULY1993
PASSWORD-EXPIRES = 22JULY1993
The user cannot change the password until July 17. The user then has only five days
to change the password before it expires. If someone learns the user's password
before July 17, the user should ask the owner of the user authentication record to
change the password.
Configuring Device Control
If access control lists exist for both devices and subdevices, the Safeguard software
must know which one to use. You can set the attributes that control how this is
determined.
These Safeguard attributes relate to device access control lists:
CHECK-DEVICE
Access control lists are checked at the device level. The initial value is ON.
CHECK-SUBDEVICE
Access control lists are checked at the subdevice level. The initial value is OFF.
DIRECTION-DEVICE
Determines which direction to search for an access control list when both
CHECK-DEVICE and CHECK-SUBDEVICE are ON. The value can be either
DEVICE-FIRST or SUBDEVICE-FIRST. This attribute is used in conjunction with
COMBINATION-DEVICE. (For more information, see the following note.) The initial
value is DEVICE-FIRST.
COMBINATION-DEVICE
Determines how to resolve conflicts between device and subdevice access control
lists. This attribute is used in conjunction with DIRECTION-DEVICE. (For more