Manualshelf

Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
31323334353637383940
Controlling User Access
Safeguard Administrator’s Manual523317-029
2-5
Using SAFECOM to Establish a Local User
Community
Using SAFECOM to Establish a Local User
Community
Before a new user can log on to a system, a group manager or the local super ID must
use SAFECOM commands to create a user authentication record in the Safeguard
subject database. This user authentication record contains the user ID and user name,
password, and other security attributes defined for the user. The Safeguard software
uses these security attributes to control access to the system. This subsection
describes the user security attributes and the SAFECOM user security commands, and
gives examples of adding and deleting users in a system.
Defining Administrative Groups
The first step to perform in establishing a local user community is to define group
names and group numbers for the administrative groups you will use for managing
user authentication records. The second step is to add users to those administrative
groups.
Each administrative group has a name and number. An administrative group name is
from one to eight alphanumeric characters. The first character must be alphabetic. An
administrative group number is a number from 0 through 255.
A particular user’s user name and user ID are derived from the group name and group
number of the administrative group to which the user was added with the ADD USER
command. This group is known as the user administrative group.
A user can be made a member of other administrative groups with the ADD and
ALTER GROUP commands. This form of group membership is used for file-sharing
purposes, not administrative purposes. For more information, see Section 3, Managing
User Groups.
An administrative group is defined implicitly when the first member of that group is
added to the system. By default, only the local super ID can define a new
administrative group with the ADD USER command. If your installation has group
managers (with member number 255), you might want to add that user as the first
group member. The group manager can then add other new members to the group.
Note. When the Safeguard software is installed on a system with an existing user community,
it takes over the USERID file as its subject database. When a user logs on, that user's record
in the USERID file is expanded to include Safeguard security attributes. You do not have to
add existing users individually.
For these users, the Safeguard software retains the existing security attributes that are
common to both Safeguard security and the standard Guardian security system. In addition,
the Safeguard software assigns values for user security attributes that are unique to Safeguard
security (described in Table 2-1
on page 2-7).
Users added through the Safeguard software are recognized by the operating system if the
Safeguard subsystem is shut down. However, the extra capabilities that the Safeguard
software provides are no longer active.