Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)

Controlling User Access

Safeguard Administrator’s Manual—523317-029

2-31

Establishing a Community of Network Users

be granted access to any system on which the user ID 1,0 is assigned to another user

name, such as, ADMIN.CAROL. (The use of user aliases as network users can alter

this behavior, as described at the end of this subsection.)

Coordination of group names and numbers across a network also means that an

administrative group can be defined as a network group or as a local group. A local

group is unique to one node. For example, Figure 2-1 shows a network on which the

group number 1, ADMIN, is defined on every node of the network, while group number

2 is assigned to the SOFTWARE group on \SF and \LA and to the SALES group on

\NY and \DA.

In the network user community shown in Figure 2-1, ADMIN.BOB is defined on every

node on the network and thus has access to every node on the network. But

SOFTWARE.JOE has access only to \SF and \LA, and SALES.FRED has access only

to \NY and \DA. In fact, network access is effectively segmented between the

SOFTWARE and SALES groups. No member of the SOFTWARE group can access

objects on \NY or \DA, and no member of the SALES group can access objects on \SF

or \LA.

For each node illustrated in Figure 2-1, a partial list of the system users on each node

is shown, along with the user ID, user name, and all remote passwords defined for the

user.