Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)
OBJECTTYPE Control
Safeguard Administrator’s Manual—523317-029
5-9
Controlling Who Can Add an Object Type
These same users also have the authority to add groups. For security, adding an alias
requires additional authority, as described in Assigning an Alias to a User on
page 2-40.
To verify the settings of the authorization record for OBJECTTYPE USER, issue the
INFO command:
=INFO OBJECTTYPE USER
The display shows:
Controlling Who Can Add an Object Type
Normally, only super-group users can issue the ADD OBJECTTYPE command. To
allow you to grant this authority to other users, the Safeguard software provides a
special object type called OBJECTTYPE. Once an OBJECTTYPE OBJECTTYPE
authorization record is created, only users with CREATE authority on the access
control list for OBJECTTYPE OBJECTTYPE can add OBJECTTYPE authorization
records.
This command adds an authorization record for OBJECTTYPE OBJECTTYPE and
gives CREATE authority to only two users:
=ADD OBJECTTYPE OBJECTTYPE, ACCESS 200,12 C; 200,8 C
These commands give ownership of the authorization record to a security administrator
(200,1) and deny the super ID all authorities for OBJECTTYPE OBJECTTYPE:
=ALTER OBJECTTYPE OBJECTTYPE, ACCESS 255,255 DENY *
=ALTER OBJECTTYPE OBJECTTYPE, OWNER 200,1
To verify the settings, use the INFO command:
=INFO OBJECTTYPE OBJECTTYPE
The display shows:
LAST-MODIFIED OWNER STATUS WARNING-MODE
OBJECTTYPE USER
27JAN88, 13:30 10,1 THAWED OFF
010,* W,P,C,O
LAST-MODIFIED OWNER STATUS WARNING-MODE
OBJECTTYPE OBJECTTYPE
27JAN88, 14:10 200,1 THAWED OFF
200,8 C
200,12 C
255,255 DENY C,O