Manualshelf

Safeguard Audit Service Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
71727374757677787980
Managing the Audit Trail
Safeguard Audit Service Manual 520480-031
3 - 3
Establishing Security Groups
ADMINISTRATOR,SECURITY-PRV-ADMINISTRATOR,SECURITY-
AUDITOR,SECURITY-MEDIA-ADMIN,and SECURITY-PERSISTENCE-ADMIN to
establish roles and to further restrict the use of the audit service.
The SECURITY-ADMINISTRATOR security group can issue all audit service
commands except the NEXTFILE and RELEASE commands.
The SYSTEM-OPERATOR security group can issue all audit service commands except
the ALTER AUDIT SERVICE command.
The SECURITY-OSS-ADMINISTRATOR security group designates a list of users who
are granted additional OSS security management privileges over normal users for the
operations:
acl(ACL_SET)
chown(2)
chmod(2)
chdir(2)
opendir(3)
The SECURITY-PRV-ADMINISTRATOR security group designates a list of users who
can set and reset the PRIV-SETID and PRIV-SOARFOPEN privileges on executable
files and DLLs by using the setfilepriv(2 ) function.
The SECURITY-PRV-ADMINISTRATOR group members who are also super IDs can
set and reset the restricted-access fileset attribute.
The SECURITY-AUDITOR security group designates a list of users who are not
SUPER.SUPER, record owner, or record owner's group manager to view the subject
and group records. Users who are part of this group have read only privileges for the
subject and group records.
The SECURITY-MEDIA-ADMIN security group designates a list of users who are
responsible for management of the t
ape subsystem and have the permission to
execute the tape management commands.
Note. The SECURITY-PRV-ADMINISTRATOR security group, the restricted-access fileset
attribute, and the setfilepriv(2) function is supported only on systems running on J06.11
and later J-series RVUs and H06.22 and later H-series RVUs.
Note. The
SECURITY-AUDITOR security group is supported only on systems running on
J06.13 and later J-series RVUs and H06.24 and later H-series RVUs.
Note. The S
ECURITY-MEDIA-ADMIN security group is supported only on systems running on
J06.15 and later J-series RVUs and H06.26 and later H-series RVUs.