Manualshelf

SPI Common Extensions Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
Commands and Responses
SPI Common Extensions Manual427508-001
5-8
Command Security
Command Security
The need for command security depends on the nature of a specific subsystem and
the objects it controls. SCP provides a basic command security capability and options
for augmenting or overriding it. Command security is affected by:
The sensitivity of the command (listed with each command)
The process access ID (PAID) group of the requester
The PAID and creator access ID (CAID) groups of the subsystem manager
The value of ZCOM-TKN-GETVSN-SECUR-SUPP in a subsystem’s supplemental
GETVERSION response
The value of ZCOM-TKN-GETVSN-SENS-GRP in a subsystem’s supplemental
GETVERSION response
Commands that retrieve information about an object without affecting the object are
called nonsensitive. Any requester can issue nonsensitive commands.
Commands that can affect an object in any way are called sensitive. They include any
command that can change the summary state, status, or configuration of an object. An
SCP process forwards a sensitive command only if one of these is true:
The requesters PAID group is the super group.
The requester’s PAID group is the same as the PAID or CAID group of the
subsystem manager process.
The requesters PAID group matches a group specified by ZCOM-TKN-GETVSN-
SENS-GRP in the subsystem’s supplemental GETVERSION response.
A subsystem can override SCP security by returning ZCOM-TKN-GETVSN-SECUR-
SUPP set to ZCOM-VAL-SECUR-SUPP-NONE in its GETVERSION response.
Requester Identification
Before forwarding a command to a subsystem, SCP adds the requester’s identity to
the buffer. This lets a subsystem provide additional security based on the identity of the
originator.
SCP accepts REQID tokens in a command, but only if the requester belongs to the
super ID. If a qualified requester includes REQID tokens in a command, SCP forwards
those tokens to the subsystem. This lets management applications funnel requests
from other requesters through SCP to the subsystem.
SCP adds or forwards REQID tokens even if a subsystem overrides security.
For descriptions of the REQID tokens, see Common Command Tokens on page 5-2,
Requester Identification on page 2-13, and ZCOM Tokens on page 4-3.