HP OpenVMS Guide to System Security > Chapter 5 Descriptions of Object Classes

Security Classes

  Table of Contents

  Glossary

  Index

The security class is the parent of all classes of protected objects. It protects the template profiles associated with the various object classes. Each object in the security class holds the following information:

  • An object name

  • A security profile for new objects of the class

  • One or more template profiles

  • A set of access names

  • Auditing controls

Chapter 8 “Controlling Access to System Data and Resources” discusses how to manage objects in the security class.

Naming Rules

The security class has the following members:

CAPABILITY

COMMON_EVENT_CLUSTER

DEVICE

FILE

GROUP_GLOBAL_SECTION

LOGICAL_NAME_TABLE

QUEUE

RESOURCE_DOMAIN

SECURITY_CLASS

SYSTEM_GLOBAL_SECTION

VOLUME

 

Types of Access

Security class objects support the following types of access:

Read

Gives you the right to read a template profile. Template profiles contain the security elements assigned to new objects.

Write

Gives you the right to modify the values of a template profile.

Control

Gives you the right to modify the security profile of a security class object. Control access implies read and write access.

Template Profile

The security class object provides the following template profile:

Template Name Owner UIC Protection Code

DEFAULT

[SYSTEM]

S:RW,O:RW,G:R,W:R

Kinds of Auditing Performed

The following events can be audited, provided the security administrator enables auditing for the event class:

Event Audited When Audit Occurs

Access

When a process enters the DCL command SET SECURITY or SHOW SECURITY with the /CLASS=SECURITY_CLASS qualifier or when it uses the name SECURITY_CLASS in a call to the system service $SET_SECURITY or $GET_SECURITY

Permanence of the Object

The security profiles of the security class object and all its members are stored in the security object database.