Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
61626364656667686970
Safeguard System Security
Security Management Guide522283-008
3-11
Creating File-Sharing Groups
values assigned to those user attributes. For example, each alias assigned to the
same user ID can have a different password.
The use of aliases can provide individual accountability and separation of duties when
several users share the same user ID or when a single user performs separate job
functions. For example, in the OSS environment, it might be advantageous to assign
different aliases for the same user ID and then assign each alias to a different file-
sharing group. In this manner, different users sharing the same user ID receive
different group file permissions based on file-sharing group membership.
As an additional benefit in the OSS environment, users can be assigned aliases so that
they can log on by using names with which they were familiar in a UNIX environment.
When a user is logged on as an alias in the Guardian environment, all access
decisions for files and other objects mediated by the Safeguard software are based on
the underlying user ID associated with the alias. An alias name cannot be specified on
a Safeguard access control list.
For details regarding user aliases, refer to the Safeguard Administrator’s Manual and
the Safeguard Reference Manual.
Creating File-Sharing Groups
In addition to a user’s administrative group, a user can be made a member of other
groups in order to share files that are secured for group access. Although a user has
only one administrative group, that user can belong to as many as 31 other groups for
file-sharing purposes. File-sharing groups are created using SAFECOM GROUP
commands and are supported only through the Safeguard software.
A file-sharing group is not intended to be used for managing user authentication
records. Its purpose is to designate groups of users who can share files, especially in
the OSS environment. A file-sharing group is defined with the ADD GROUP command.
Members, who are existing users, are added to and removed from a file-sharing group
with ADD GROUP and ALTER GROUP commands.
File-sharing group names and numbers can appear on a Safeguard access control list
and can be used in the OSS environment to specify group IDs for file permission
codes. For more information on security implications regarding file-sharing groups, see
File-Sharing Groups on page 7-2.
For more information on file-sharing groups, see the Safeguard Administrators Manual
and the Safeguard Reference Manual.
Securing Objects
When you secure an object with the SAFECOM ADD command, the Safeguard
software creates an authorization record for that object. The authorization record
contains several security attributes, including the ACCESS attribute, which is used to
define an access control list.