You need an account with privileges to perform the tasks ofa security administrator.
An administrator who reviews security violations and possiblevulnerabilities requires at least three privileges:
SECURITY and AUDIT privileges to enablesecurity auditing and to set up security operator terminals
READALL privilege to review the protection of filesand resources
In many cases, a security administrator serves as both thesecurity administrator and the system manager. This person requiresa full set of privileges. The HP OpenVMS System Manager'sManual describes the necessary characteristics of asystem management account.
Sample Security Administrator's Account illustratesa number of AUTHORIZE qualifiers appropriate for a security administrator's account.Any value not specified defaults to the value provided by the defaultrecord in SYSUAF.DAT.
Example 1 Sample Security Administrator's Account
$SET DEFAULT SYS$SYSTEM$RUN AUTHORIZEUAF>ADD RIRONWOOD/PASSWORD=VALTERSY/UIC=[001,100] -_UAF> /DEVICE=SYS$SYSDEVICE/DIRECTORY=[RIRONWOOD] -_UAF> /OWNER="Russ Ironwood"/ACCOUNT=SECURITY/FLAGS=GENPWD -[1]_UAF> /PWDLIFETIME=30-/PWDMINIMUM=8 -[2]_UAF> /PRIVILEGES=(AUDIT,SECURITY,READALL)[3]identifier for value:[000001,000100] added to RIGHTSLIST.DATUAF>
Notice the following:
The requirement that the automaticpassword generator be used to change passwords.
The use of a short password lifetime. Measures 1 and 2 are important to protect the account becauseit affords many valuable privileges and access rights.
SECURITY, AUDIT, and READALL privileges allow monitoringof the system but no modification. If you perform the tasks of asystem manager, then you would need an account with SYSPRV. WithSYSPRV, you can access protected objects by the system protectionfield and change the owner UIC and protection. You can change anobject's protection to gain access to it.
HP OpenVMS Guide to System Security
Security for the System Administrator
