HP 3000 Manuals HP 3000 Manuals
System Security
System security is provided by security features built into MPE/iX, by
the ways in which the account structure of the system is organized.
System security features fall into five categories:
* Identification of users.
* Authentication of users.
* Authorization of users.
* Control of access to system resources.
* Auditing system usage.
Identification
Every user must have a unique logon identity, or ID, by which he or she
is identified as a legitimate system user. Without a valid ID, a user
cannot log on to the system. Commonly, user IDs consist of a user name
and account name.
Authentication
When a user logs on, the system attempts to authenticate the logon ID.
The system checks its directory for the existence of the ID, then
verifies the user's identity by checking the password. Entry of an
incorrect ID or password is enough to prevent access to the system.
Authorization
System access is provided at several levels, from the lowest, available
to all users, to the highest, open only to system and security
management. When users are first authorized to use the system, they are
assigned codes that identify the level of access to which they are
permitted. As users execute system functions and tasks, the system
constantly checks their authority to do so. The various levels of user
authority are described below, under User Roles.
The system checks a user's identity and capabilities to determine access
level. For example, some commands are available to all users (lowest
level of capability). Other commands are available only to System
Managers (SM capability), or System Operators (OP capability). Each time
a user issues a command, the system checks the user's capabilities to
make sure he or she is allowed to use that command.
Programs also have capabilities, which are assigned by the programmer at
the time the program is created. The capabilities assigned to a program
allow it to access particular functions. When a program that has special
capabilities run, the system does not require the user to have those
capabilities. The program runs and exercises its capabilities in
conjunction with those of the user. In addition to the capabilities just
described, some programs check user capabilities before issuing certain
functions.
Certain commands are reserved to the Console, and can be issued only from
the System Console. This includes a category of commands that can be
issued only after entering a CTRLA at the System Console. There is an
exception to this rule. Through the use of the :ALLOW command, the
System Operator (Console Operator) can give other users the ability to
run specified Console commands (but not CTRLA commands) from their own
terminals.
Some Console commands are associated with devices. One example is the
:DOWN command, which makes devices unavailable. The use of device
associated commands also can be given to users at terminals other than
the Console. This is accomplished via the ASOCTBL utility and the
:ASSOCIATE command. System Manager (SM) capability is required to run
the ASOCTBL utility, and System Operator or System Supervisor (OP)
capability is required to use the :ASSOCIATE command.
User Roles.
Assigned capabilities and account membership determine a person's role as
an MPE/iX user. In general, roles fall into one of three categories:
system administrators, account managers, or general user.
* System administrators are responsible for system operations.
Titles include System Manager, System Supervisor, and System
Operator (the operator at the console). Each type of system
administrator has a different role, different capabilities, and
different responsibilities.
* Account Managers usually have the title Account Manager. Account
Managers are responsible for administering an account. Each
account has at least one manager.
* A general user has no administrative capabilities other than
managing his or her own password, files, and UDCs (User Defined
Commands).
The System Manager.
A System Manager is a user with System Manager (SM) capability. SM
capability lets you manage the system and create accounts, groups, and
users. In MPE/iX, SM capability is associated with the SYS account. The
system tape you receive with your HP 3000 Computer System designates an
initial System Manager (MANAGER.SYS). The initial System Manager can
assign SM capability to other users.
The System Manager's functions include:
* Creating and maintaining accounts, groups, and users.
* Changing account, group, and user passwords.
* Obtaining reports of account use for billing and other purposes.
* Managing regular system backups and establishing standard backup
procedures. (The System Supervisor performs backups.)
* Designating system level User Defined Commands (UDCs).
* Configuring, managing, and auditing system security.
* Creating and managing Access Control Definitions for files and
devices.
* Supervising other System Administrators.
The System Manager automatically has all capabilities. A System Manager
can perform all System Supervisor, System Operator, Account Manager, and
general user tasks.
The System Supervisor.
The System Supervisor (OP capability) exercises day-to-day control of the
system. OP capability permits you to:
* Store and restore files.
* Manage system scheduling subqueues.
* Alter the system configuration.
* Maintain system and user logging facilities.
* Display certain items of system information.
The System Manager assigns OP capability to accounts. An Account Manager
who has OP capability in his or her account can assign it to other users
in the account.
The System Operator.
The System Operator is the user logged on to the System Console. The
System Operator derives his or her capabilities from the System Console,
not from any capabilities inherent in the title. The System Operator
also may be known as the Console Operator. In many systems, users with
System Supervisor capability serve as System Operator. The System
Operator is responsible for:
* Monitoring the status of the system.
* Monitoring the console.
* Responding to console requests.
The Account Manager.
An Account Manager (AM capability) manages all users and groups in an
account. The System Manager assigns an Account Manager for an account
when creating that account. The Account Manager can, in turn, assign
Account Manager capability to other users within the account.
An Account Manager's functions include:
* Creating and maintaining groups.
* Changing user passwords within the group.
* Creating and maintaining users.
* Creating and managing ACDs for files in the account.
* Managing account level UDCs.
* Insuring the security of the account.
* Storing and restoring account files (some files may also require
SM, OP, or PM capability).
General Users.
General users are those who are not System Managers, System Supervisors,
System Operators, or Account Managers. General users' responsibilities
with respect to account structure and security include:
* Managing and maintaining the security of the files they create.
* Protecting their own user passwords.
* Establishing and maintaining their own UDCs.