Manualshelf

Security Management Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
71727374757677787980
Safeguard System Security
Security Management Guide 522283-021
3 - 11
Assigning User Aliases
5. If the user ID is a network ID, inform the administrators of all systems where the
user ID is valid. Be sure the preceding steps are followed for the user ID on these
other systems.
Assigning User Aliases
User aliases are defined using SAFECOM ALIAS commands. A user alias is an
alternate name that can be assigned to a user for purposes of logging on to the
system. An alias name has more flexible syntax than a user’s user name. An alias
name is case-sensitive and can be up to 32 characters long.
An alias authentication record contains the same set of attributes found in a user
authentication record. However, each alias assigned to a user can have a unique set of
values assigned to those user attributes. For example, each alias assigned to the
same user ID can have a different password.
The use of aliases can provide individual accountability and separation of duties when
several users share the same user ID or when a single user performs separate job
functions. For example, in the OSS environment, it might be advantageous to assign
different aliases for the same user ID and then assign each alias to a different file-
sharing group. In this manner, different users sharing the same user ID receive
different group file permissions based on file-sharing group membership.
As an additional benefit in the OSS environment, users can be assigned aliases so that
they can log on by using names with which they were familiar in a UNIX environment.
When a user is logged on as an alias in the Guardian environment, all access
decisions for files and other objects mediated by the Safeguard software are based on
the underlying user ID associated with the alias. An alias name cannot be specified on
a Safeguard access control list.
For details regarding user aliases, refer to the Safeguard Administrator’s Manual and
the Safeguard Reference Manual.
Creating File-Sharing Groups
In addition to a user’s administrative group, a user can be made a member of other
groups in order to share files that are secured for group access. Although a user has
only one administrative group, that user can belong to as many as 31 other groups for
file-sharing purposes. File-sharing groups are created using SAFECOM GROUP
commands and are supported only through the Safeguard software.
A file-sharing group is not intended to be used for managing user authentication
records. Its purpose is to designate groups of users who can share files, especially in
the OSS environment. A file-sharing group is defined with the ADD GROUP command.
Members, who are existing users, are added to and removed from a file-sharing group
with ADD GROUP and ALTER GROUP commands.