Manualshelf

Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
Safeguard Administrator’s Manual523317-029
6-1
6 Managing Security Groups
The Safeguard subsystem allows you to define seven special security groups to control
the use of certain restricted commands. The two groups—named
SECURITY-ADMINISTRATOR and SYSTEM-OPERATOR—designate who can use
the audit service commands, the third group—named SECURITY-OSS-
ADMINISTRATOR—designate a list of users who are granted additional OSS security
management privileges over the normal users for the operations, acl (ACL_SET),
chown(2), chmod(2), chdir(2), and opendir(3),TERMINAL commands, EVENT-EXIT-
PROCESS commands, ALTER SAFEGUARD command, and STOP SAFEGUARD
command. A fourth group—named SECURITY-PRV-ADMINISTRATOR— designate a
list of users or aliases that are granted additional security management privileges over
normal users. A fifth group—named SECURITY-AUDITOR—designate a list of users
who are not SUPER.SUPER, record owner, or record owner's group manager to view
the subject and group records. Users who are part of this group will have read only
privileges for the subject and group records. A sixth group, named SECURITY-MEDIA-
ADMIN, designates a list of users who are responsible for management of the tape
subsystem and have permission to execute the tape management commands. A
seventh group named SECURITY-PERSISTENCE-ADMIN designates a list of users
who have the same privileges as that of the super-group users for managing
persistence processes. Security groups do not exist until you add them to the
Safeguard database.
Note. In prior product versions, the Safeguard security groups were managed by GROUP
commands. GROUP commands are now used to manage file-sharing groups, as described in
Section 3, Managing User Groups
. Security groups are now managed with the SECURITY-
GROUP commands, as described in this section.
The SECURITY-OSS-ADMINISTRATOR security group is supported only on systems running
G06.29 and later G-series RVUs and H06.08 and later H-series RVUs.
The SECURITY-PRV-ADMINISTRATOR group is supported only on systems running J06.11
and later J-series RVUs or H06.22 and later H-series RVUs.
The SECURITY-AUDITOR security group is supported only on systems running on J06.13 and
later J-series RVUs, and H06.24 and later H-series RVUs.
The SECURITY-MEDIA-ADMIN security group is supported only on systems running on J06.15
and later J-series RVUs, and H06.26 and later H-series RVUs.
The SECURITY-PERSISTENCE-ADMIN security group is supported only on systems running
on J06.16 and later J-series RVUs, and H06.27 and later H-series RVUs.