Manualshelf

Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
41424344454647484950
Controlling User Access
Safeguard Administrator’s Manual523317-029
2-16
Using SAFECOM to Manage User Access to Your
System
ADMIN.BOB should change his password immediately to insure its security. Therefore,
on June 17, ADMIN.BOB uses the command interpreter PASSWORD program to
change his password:
1> PASSWORD BigChill
ADMIN.MANAGER could have used the PASSWORD-EXPIRES attribute to force
ADMIN.BOB to change his password immediately. For an example of the use of this
attribute, see Forcing Immediate Expiration of a User Password on page 2-23.
Using SAFECOM to Manage User Access to
Your System
The owner of a user authentication record can use SAFECOM to control these aspects
of the user's ability to access the system:
Ownership of the record can be transferred to another user.
The user can be granted temporary access to the system.
The user can be required to change his or her password periodically.
The user can be granted a grace period during which his or her expired password
can be changed.
The user's ability to access the system can be frozen (temporarily suspended).
Users or administrative groups can be deleted from the system.
The next subsections describe how to establish these controls.
Changing the Owner of a User Authentication Record
Many of the security attributes stored in a user authentication record can be changed
with the ALTER USER command. However, only the primary and secondary owners of
the authentication record, the primary owner's group manager, or the local super ID
can change these attributes.
Because security is controlled by record owners, not by users themselves, each
system or network protected by the Safeguard software can assign one or more user
IDs to security administrators. If ownership of user authentication records is transferred
to a security administrator, the security administrator then has complete control of the
system-access controls that the Safeguard software enforces for those users.
For example, ADMIN.MANAGER could give the user authentication record for
ADMIN.BOB to a security administrator (SECURITY.SUSAN) with the following