Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)
Safeguard Administrator’s Manual—523317-029
1-1
1 Introduction
As a security administrator or privileged user, you have access to Safeguard features
that are not usually available to general users. This manual describes those features
and the additional responsibilities you have as a member of the system security team.
Those duties and responsibilities include:
•
Installing, configuring, and managing the Safeguard subsystem
•
Adding users to the Safeguard database, managing their user authentication
records, and assigning aliases to users
•
Establishing groups of users for file-sharing purposes
•
Securing disk volumes and nondisk devices
•
Controlling who can create authorization records for objects of a given type
•
Establishing security groups of users who can execute restricted commands
•
Adding terminal definitions so that the Safeguard software can provide exclusive
access and automatic starting of a specific command interpreter at the terminal
•
Using warning mode to test the effectiveness of your security policy
In addition to these specific duties, you are probably involved in formulating an overall
security policy for your installation and in planning the most appropriate ways to use
the Safeguard software.
Who Can Use the Safeguard Subsystem?
To use the Safeguard command interpreter, an individual must have EXECUTE
authority for the SAFECOM program. As a security administrator, you can limit this
authority to certain users by creating an access control list for the SAFECOM program
file.
Initially, SAFECOM limits what certain classes of users can do. For example:
•
By default, general users can add their own disk files, subvolumes, processes, and
subprocesses to the Safeguard database. For more information on functions, see
the Safeguard User's Guide.
•
By default, only local super-group members (user ID 255,n) can add volumes,
devices, and subdevices to the Safeguard database.
•
By default, the group manager (user ID n,255) can add and delete users, thereby
controlling all the user authentication records in the group.
Note. In earlier product versions, extended features for logon dialog, such as warning of a
pending password expiration, were available only at a Safeguard terminal. Effective with the
D30 product version, the TACL command interpreter also provides these logon features when
the Safeguard software is running on the system.