Manualshelf

Safeguard Management Programming Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
31323334353637383940
Introduction
Safeguard Management Programming Manual422086-028
1-4
Safeguard Architecture and Interfaces
Safeguard Architecture and Interfaces
The Safeguard software consists of a number of processes and security database files.
The processes cooperate to manage the contents of the security database, to
authenticate users, and to authorize all attempts to access protected objects.
These Safeguard components reside on every system on which the Safeguard
software is installed:
The subject database, which contains a user-authentication record for every user
authorized to use the system.
The object database, which contains object-authorization records for every disk
file, disk volume, disk subvolume, device, subdevice, process, subprocess, and
OBJECTTYPE placed under the protection of the Safeguard software.
The pattern database, which contains object-authorization records for patterns
which control diskfiles, volumes, and subvolumes. No OBJECTTYPE is placed in
the database.
The Security Monitor (SMON), which authorizes all attempts to access protected
objects. A separate SMON process runs in each CPU in a system protected by the
Safeguard software. Each SMON process is named in the following format:
$ZSnn, where nn = CPU number.
The Security Manager Process (SMP), which is responsible for managing all
changes to the subject and object databases and for authenticating users. This
process is named $ZSMP.
The Safeguard command interpreter (SAFECOM), which allows you to
communicate with the Safeguard software.
The SAFECOM command interpreter accepts commands in three different modes:
interactive, execute-and-quit, and batch. Interactive mode allows you to enter any
number of commands and verify the results before proceeding. Execute-and-quit mode
allows you to execute commands one at a time. It is most useful for entering one or
two commands. Batch mode allows you to execute a series of SAFECOM commands
stored in a disk file.
SAFECOM allows users to communicate with the Safeguard software. This manual
describes the Subsystem Programmatic Interface (SPI) for the Safeguard software.
SPI is token-based, or message-based, and allows programs to communicate with the
Safeguard software.