Safeguard User's Guide (G06.29+, H06.08+, J06.03+)

Introduction to the Safeguard Subsystem

Safeguard User’s Guide — 422089-020

1 - 4

Auditing

At your request, the Safeguard subsystem can create audit records of attempts to

access your objects. When a user attempts to access an object for which auditing is

specified, the Safeguard software records the attempt in an audit file. Records in the

audit files contain information such as the name of the object, the date and time of the

access attempt, and the user ID of the user attempting the access.

Security administrators can use the audit files to detect any attempts to access an

object. The Safeguard software can also audit attempts to access or change the

authorization records for subjects or objects. In addition, the Safeguard subsystem can

be configured for systemwide auditing of all objects or specific types of objects, such

as disk files. Auditing is fully described in the Safeguard Audit Service Manual.

The Safeguard Subsystem and Standard

Security

The Safeguard subsystem does not completely replace the standard security

mechanisms of the Guardian environment. Working with Guardian, the Safeguard

subsystem enforces the additional security controls established by system managers,

security administrators, and general users.

Table 1-1 compares the standard security features to the extensions offered by the

Safeguard subsystem. This table summarizes commonly used Safeguard security

features, including those reserved for privileged users. The table does not provide a

complete list of all Safeguard security features.

The basic differences between Safeguard security and standard security are:

•

In the Guardian environment, users control their own security attributes (that is,

logon password and disk-file security).

In the Safeguard database, each user is represented by a user authentication

record, and the owner of the authentication record controls the security attributes

for that user

. Typically, privileged users own the user authentication records.

Similarly, each object protected by the Safeguard software is represented by an

object access authorization record, and the owners of that authorization record

control the security attributes for that object. General users usually own the

authorization records for their own files and subvolumes. Privileged users own the

authorization records for other object types such as volumes and devices.

•

The Guardian environment can control access to only one object type: disk files.

File access is permitted according to the security string associated with the file.

The file owner can specify that access to the file be limited to the owner or to users

in the owner's group, or that access be granted to all users.

In addition to disk files, the Safeguard software controls access to several other

types of objects, such as volumes, subvolumes, and devices. With the Safeguard

software, the owner of the authorization record for any protected object can create