Safeguard Reference Manual (G06.24+, H06.03+ )

Introduction

Safeguard Reference Manual—520618-013

1-11

Who Can Use SAFECOM Commands

Safeguard record for an object or user. In general, the SAFECOM commands that

manage an existing Safeguard record are restricted to the user who owns the record

and to that user’s group manager. However, the record can also be managed by any

user who has been granted OWNER authority on the object’s access control list. This

includes both the primary owner and any secondary owners.

Table 1-1 lists the SAFECOM commands according to command stem and object type

and identifies the users who can execute each. This table assumes that you have not

created OBJECTTYPE protection records, which specify who can use the ADD

command for a particular object type.

The table does not list the local super ID because this user can execute any

SAFECOM command for any user or object unless the local super ID is specifically

denied those privileges on an access control list.

Also, the table does not list the audit service commands and TERMINAL, EVENT-

EXIT-PROCESS, and SAFEGUARD commands, which can be used only by members

of the security groups, as discussed in Section 13, Security Group Commands.