[an error occurred while processing this directive]

HP OpenVMS Systems Documentation
Content starts here Chapter 14 Using Protected Subsystems
HP OpenVMS Guide to System Security: OpenVMS Version 8.4 > Part III Security for the System Administrator

Chapter 14 Using Protected Subsystems

spacerspacerspacer
spacer
spacer
  		 
 

Table of Contents

Advantages of Protected Subsystems
Applications for Protected Subsystems
How Protected Subsystems Work
Design Considerations
System Management Requirements
Building the Subsystem
Enabling Protected Subsystems on a Trusted Volume
Giving Users Access
Example of a Protected Subsystem
Protecting the Top-Level Directory
Protecting Subsystem Directories
Protecting the Images and Data Files
Protecting the Printer
Command Procedure for Building the Subsystem

For the most part, the OpenVMS operating system bases its security controls on user identity. Protected objects, such as files and devices, are accessible to individual users or groups of users. If an object's ACL or protection code allows a user the necessary access, then the user can use that object by using any available software. (See the “Protecting Data” chapter for a description of OpenVMS object protection.)

In a protected subsystem, an application protected by normal access controls serves as a gatekeeper to objects belonging to the subsystem. Users have no access to the subsystem's objects unless they execute the application serving as gatekeeper. Once users run the application, their process rights list acquires identifiers giving them access to objects owned by the subsystem. As soon as they exit from the application, these identifiers and, therefore, the users' access rights to objects are taken away.

This chapter describes protected subsystems and explains how to build them.



Sharing Files in a Network
  		 


Advantages of Protected Subsystems