A protected subsystem is an application that, when run, causesthe process running the application to be granted one or more identifiers.For as long as a user runs the subsystem, the user's process rightslist carries these additional identifiers. How Protected Subsystems Differ from Normal Access Control shows how a protected subsystem adds a second levelof access control to traditional controls.
Figure 1 How Protected Subsystems Differ from NormalAccess Control
Users with execute access to the application gain access tothe subsystem. Once in the subsystem, users can work with the datafiles and other resources of the subsystem.
A subsystem can have several identifiers because the resourcesconsumed by the subsystem (the files, printers, and so forth) canbe protected differently.
Possession of subsystem identifiers is limited to the periodusers are executing the application. Once the users exit from theapplication, the identifiers are removed from their process rightslists. Subsystem identifiers are also removed from the rights listwhenever users enter a Ctrl/Y sequence or attempt to create a subprocess withthe DCL command SPAWN. (In this respect, use of the subsystem identifiersis identical to the operation of images installed with privileges.)
The following identifiersare reserved for use in the security subsystem and should not begranted to any user:
HP OpenVMS Guide to System Security
Security for the System Administrator
