System Security

System security is provided by security features built into MPE/iX, and the way the account structure of the system is organized. System security features fall into five categories:

Identification of users.
Authentication of users.
Authorization of users.
Control of access to system resources.
Auditing system usage.

Identification

Every user must have a unique logon identity, or ID, by which he or she is identified as a legitimate system user. Without a valid ID, a user cannot log on to the system. Commonly, user IDs consist of a user name and account name.

Authentication

When a user logs on, the system attempts to authenticate the logon ID. The system checks its directory for the existence of the ID, then verifies the user's identity by checking the password. Entry of an incorrect ID or password will prevent access to the system.

Authorization

System access is provided at several levels, from the lowest, available to all users, to the highest, open only to system and security management. When users are first authorized to use the system, they are assigned codes that identify the level of access to which they are permitted. As users execute system functions and tasks, the system constantly checks their authority to do so. The various levels of user authority are described under User Roles.

The system checks a user's identity and capabilities to determine access level. For example, some commands are available to all users (lowest level of capability). Other commands are available only to System Managers (SM capability), or System Operators (OP capability). Each time a user issues a command, the system checks the user's capabilities to make sure he or she is allowed to use that command.

Programs also have capabilities, which are assigned by the programmer at the time the program is created. The capabilities assigned to a program allow it to access particular functions. When a program that has special capabilities is run, the system does not require the user to have those capabilities.The program runs and exercises its capabilities in conjunction with those of the user. In addition to the capabilities just described, some programs check user capabilities before issuing certain functions.

Defining User Roles

Assigned capabilities and account membership determine a person's role as an MPE/iX user. In general, roles fall into one of three categories: system administrators, account managers, or general user.

System administrators are responsible for system operation. Job titles include System Manager, System Supervisor, and System Operator (the operator at the console). Each type of system administrator has a different role, different capabilities, and different responsibilities.
Account Managers usually have the title Account Manager. Account Managers are responsible for administering an account. Each account has at least one manager.
A general user has no administrative capabilities other than managing his or her own password, files, and UDC,s (User Defined Commands).

The System Manager

A System Manager is a user with System Manager (SM) capability. SM capability lets you manage the system and create accounts, groups, and users. In MPE/iX, SM capability is associated with the SYS account. The system tape you receive with your HP 3000 Computer System designates an initial System Manager (MANAGER.SYS). The initial System Manager can assign SM capability to other users.

The System Manager's functions include:

Creating and maintaining accounts, groups, and users.
Changing account, group, and user passwords.
Obtaining reports of account use for billing and other purposes.
Managing regular system backups and establishing standard backup procedures. (The System Supervisor performs backups.)
Designating system level UDCs.
Configuring, managing, and auditing system security.
Creating and managing Access Control Definitions for files and devices.
Supervising other System Administrators.

The System Manager automatically has all capabilities. A System Manager can perform all System Supervisor, System Operator, Account Manager, and general user tasks.

The System Supervisor

The System Supervisor (OP capability) exercises day-to-day control of the system. OP capability permits you to:

Store and restore files.
Manage system scheduling subqueues.
Alter the system configuration.
Maintain system and user logging facilities.
Display certain items of system information.

The System Manager assigns OP capability to accounts. An Account Manager who has OP capability in his or her account can assign it to other users in the account.

The System Operator

The System Operator is the user logged on to the System Console. The System Operator derives his or her capabilities from the System Console, not from any capabilities inherent in the title. The System Operator also may be known as the Console Operator. In many systems, users with System Supervisor capability serve as System Operator. The System Operator is responsible for:

Monitoring the status of the system.
Monitoring the console.
Responding to console requests.

The Account Manager

An Account Manager (AM capability) manages all users and groups in an account. The System Manager assigns an Account Manager for an account when creating that account. The Account Manager can, in turn, assign Account Manager capability to other users within the account.

An Account Manager's functions include:

Creating and maintaining groups.
Changing user passwords within the group.
Creating and maintaining users.
Creating and managing ACDs for files in the account.
Managing account level UDCs.
Insuring the security of the account.
Storing and restoring account files (some files may also require SM, OP, or PM capability).

General Users

General users are those who are not System Managers, System Supervisors, System Operators, or Account Managers. General users' responsibilities with respect to account structure and security include:

Managing and maintaining the security of the files they create.
Protecting their own user passwords.
Establishing and maintaining their own UDCs.