Security Management Guide (G06.24+, H06.03+)
Concerns for the System Administration Team
Security Management Guide—522283-008
7-15
Operators and Privileges
The following command displays the access control list:
=INFO DISKFILE PUP
LAST-MODIFIED OWNER STATUS
$SYSTEM.SYS13
PUP 6JUL90, 9:29 255,0 THAWED
255,001 E
255,002 E
255,255 E
If you perform a system load from a different subvolume, you would need to repeat the
procedure, substituting that subvolume name in the VOLUME command.
Operators and Privileges
Take into account the privileges the operators need to handle both routine and
emergency situations.
For your environment, construct a table similar to Table 7-1 that identifies the type of
access needed for a variety of tasks. Then use that table to determine how to give the
operators their needed access.
Securing Network Access
A network user ID is duplicated on interconnected nodes and provided with remote
passwords. Network user IDs allow users to transfer or access information across the
network. Network user IDs also allow applications to provide similar access on behalf
of users. For example, the Transfer product (upon which the PS MAIL product is built)
uses a special network user ID to transfer information between nodes on behalf of
users, without requiring that the IDs be network user IDs.
Table 7-1. Sample Operator Access Requirements
Operation Frequency Access Needed
Periodic backups Routine Read access to all files, physical access to backup
tapes
File restores As needed Physical access to backup tapes, write access to
volume and subvolume, purge access to the file
Spooler
management
As needed Super-group ID
Abort processes Emergencies Super-group ID
Manage user IDs As needed Security administrator