Someone developing an application for a protected subsystemmust link the application images without the /DEBUG or /TRACEBACKqualifiers.
Although this kind of subsystem often precludes the need forprivilege, applications can be installed with privilege. For example,some applications may need the PRMGBL privilege to create permanentglobal sections, or they may need the AUDIT privilege to send securityaudit records to the system security audit log file. HP does discouragethe installation of a protected subsystem application with privilegesin the All category. This category includes such privileges as BYPASS,CMKRNL, and SYSPRV---privileges that allow a user to subvert OpenVMSaccess controls. See OpenVMS Privileges for a list of OpenVMS privileges and Assigning Privileges for a description of the privileges.
Subsystem designers need to generate a list of identifiersthat are necessary for it to operate as intended. Then the designersapproach you, as the security administrator, to make the preparationsdescribed in System Management Requirements.
HP OpenVMS Guide to System Security
Security for the System Administrator
