Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)

Managing Security Groups

Safeguard Administrator’s Manual—523317-029

6-2

Use the ADD SECURITY-GROUP and ALTER SECURITY-GROUP commands to

define membership in the security groups. Table 6-1 lists these groups and the

functions allowed to their members. For a complete description of the commands used

to manage the security groups, see the Safeguard Reference Manual.

Note.

1. It is recommended that SUPER.SUPER must not to be added to either SOA/SPA security

groups.

2. It is recommended that SOA/SPA security groups be added by any SUPER.* and not by

SUPER.SUPER, so that super.super would not gain ownership on the security-groups.

3. SUPER.SUPER can be explicitly denied by using Safeguard ACL's in either SOA/SPA

Security groups to prevent its access inadvertently.

For example: alter sec-group sec-prv-admin,access super.super deny *

Table 6-1. Security Groups and Restricted Commands

Command

SECURITY-

ADMINISTRATOR

SYSTEM-

OPERATOR

ADD AUDIT POOL Yes Yes

ALTER AUDIT POOL Yes Yes

ALTER AUDIT SERVICE Yes No

DELETE AUDIT POOL Yes Yes

NEXTFILE No Yes

RELEASE No Yes

SELECT Yes Yes

ADD TERMINAL Yes No

ALTER TERMINAL Yes No

DELETE TERMINAL Yes No

FREEZE TERMINAL Yes Yes

THAW TERMINAL Yes Yes

ADD EVENT-EXIT-PROCESS Yes No

ALTER EVENT-EXIT-PROCESS Yes No

DELETE EVENT-EXIT-PROCESS Yes No

ALTER SAFEGUARD Yes No

STOP SAFEGUARD Yes No