Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)
Managing Security Groups
Safeguard Administrator’s Manual—523317-029
6-4
Adding Security Groups
Adding Security Groups
Initially, any super-group member can add the group authorization records for the
SECURITY-ADMINISTRATOR, SYSTEM-OPERATOR, SECURITY-OSS-
ADMINISTRATOR, SECURITY-PRV-ADMINISTRATOR, SECURITY-AUDITOR,
SECURITY-MEDIA-ADMIN, and SECURITY-PERSISTENCE-ADMIN security groups.
Once a group authorization record is created for a security group, only users with
EXECUTE (E) authority on the access control list can execute the commands
restricted to that security group. Only the record owner or users with OWNER (O)
authority on the access control list can manage the group authorization record.
For example, assume that, as the local super ID, you initially want to define the
SECURITY-ADMINISTRATOR group so that it contains two members—ADMIN.SUE
(user ID 200,5) and ADMIN.KEVIN (user ID 200,6)—who will have EXECUTE
authority. Use this SAFECOM command:
=ADD SECURITY-GROUP SECURITY-ADMINISTRATOR, ACCESS 200,5 E; &
=200,6 E
Use the INFO SECURITY-GROUP command to verify the results of the command:
=INFO SECURITY-GROUP SECURITY-ADMINISTRATOR
The display shows:
Except for the super ID, ADMIN.KEVIN and ADMIN.SUE are now the only users who
can execute the restricted commands defined for the SECURITY-ADMINISTRATOR
security group.
You also define membership in the SYSTEM-OPERATOR security group by adding an
authorization record for that group. For example, this command creates the
authorization record for the SYSTEM-OPERATOR security group and gives all
authorities to SYSOP.DALE (user ID 255,12):
=ADD SECURITY-GROUP SYSTEM-OPERATOR, ACCESS 255,12 *
Verify the results of the command:
=INFO SECURITY-GROUP SYS-OPER
The display shows:
LAST-MODIFIED OWNER STATUS
GROUP SECURITY-ADMINISTRATOR
26JAN93, 11:12 255,255 THAWED
200,5 E
200,6 E
LAST-MODIFIED OWNER STATUS
GROUP SYSTEM-OPERATOR
26JAN93, 11:12 255,255 THAWED
255,12 E,O