skip book previous and next navigation links
go up to top of book: HP OpenVMS Guide to System Security HP OpenVMS Guide to System Security
go to beginning of part: Security for the System Administrator Security for the System Administrator
go to previous page: Sharing Files in a Network Sharing Files in a Network
go to next page: Advantages of Protected SubsystemsAdvantages of Protected Subsystems
end of book navigation links
13Using Protected Subsystems  


For the most part, the OpenVMS operating system bases its security controls on user identity. Protected objects, such as files and devices, are accessible to individual users or groups of users. If an object's ACL or protection code allows a user the necessary access, then the user can use that object by using any available software. (See Protecting DataChapter 4 for a description of OpenVMS object protection.)

In a protected subsystem, an application protected by normal access controls serves as a gatekeeper to objects belonging to the subsystem. Users have no access to the subsystem's objects unless they execute the application serving as gatekeeper. Once users run the application, their process rights list acquires identifiers giving them access to objects owned by the subsystem. As soon as they exit from the application, these identifiers and, therefore, the users' access rights to objects are taken away.

This chapter describes protected subsystems and explains how to build them.

skip links to sections within this chapter.
Advantages of Protected Subsystems
Applications for Protected Subsystems
How Protected Subsystems Work
Design Considerations
System Management Requirements
Building the Subsystem
Enabling Protected Subsystems on a Trusted Volume
Giving Users Access
Example of a Protected Subsystem
end of content navigation links

go to previous page: Sharing Files in a Network Sharing Files in a Network
go to next page: Advantages of Protected SubsystemsAdvantages of Protected Subsystems