skip book previous and next navigation links
go up to top of book: HP OpenVMS Guide to System SecurityHP OpenVMS Guide to System Security
go to beginning of part: Security for the System AdministratorSecurity for the System Administrator
go to beginning of appendix: Assigning PrivilegesAssigning Privileges
go to previous page: READALL Privilege (Objects)READALL Privilege (Objects)
go to next page: SETPRV Privilege (All)SETPRV Privilege (All)
end of book navigation links

SECURITY Privilege (System)  



The SECURITY privilege lets a process perform security-relatedfunctions such as modifying the system password with the DCL commandSET PASSWORD/SYSTEM or modifying the system alarm and audit settingsusing the DCL command SET AUDIT. The privilege not only lets a userprocess start and stop the audit server process with SET AUDIT,it also permits the process to use SET AUDIT to modify the characteristicsof the auditing database, including those of the audit server, thesystem audit journal, the security archive file, resource monitoring,and the audit, alarm, or failure mode.

Grant this privilege only to security administrators. Irresponsibleusers who obtain this privilege can subvert the system's securitymechanisms, lock out users through improper application of systempasswords, and disable security auditing.

The SECURITY privilege also lets a process perform the followingtasks:

Task Interface
Display systemauditing information about the system audit log file, audit serversettings, and so on
SHOW AUDIT
Display HiddenACEs
SHOW SECURITY
Display thesystem intrusion list or delete a record
SHOW INTRUSION, DELETE/INTRUSION
Enable thesecurity operator terminal
REPLY/ENABLE=SECURITY, $SNDOPR
Enable protected subsystemson a volume
MOUNT/SUBSYSTEM, $MOUNT, SET VOLUME/SUBSYSTEM

go to previous page: READALL Privilege (Objects)READALL Privilege (Objects)
go to next page: SETPRV Privilege (All)SETPRV Privilege (All)