Security Classes

The security class is the parent of all classes of protected objects. It protects the template profiles associated with the various object classes. Each object in the security class holds the following information:

An object name
A security profile for new objects of the class
One or more template profiles
A set of access names
Auditing controls

Chapter 8 “Controlling Access to System Data and Resources” discusses how to manage objects in the security class.

Naming Rules

The security class has the following members:

CAPABILITY	COMMON_EVENT_CLUSTER
DEVICE	FILE
GROUP_GLOBAL_SECTION	LOGICAL_NAME_TABLE
QUEUE	RESOURCE_DOMAIN
SECURITY_CLASS	SYSTEM_GLOBAL_SECTION
VOLUME

Types of Access

Security class objects support the following types of access:

Read	Gives you the right to read a template profile. Template profiles contain the security elements assigned to new objects.
Write	Gives you the right to modify the values of a template profile.
Control	Gives you the right to modify the security profile of a security class object. Control access implies read and write access.

Template Profile

The security class object provides the following template profile:

Template Name	Owner UIC	Protection Code
DEFAULT	[SYSTEM]	S:RW,O:RW,G:R,W:R

Kinds of Auditing Performed

The following events can be audited, provided the security administrator enables auditing for the event class:

Event Audited	When Audit Occurs
Access	When a process enters the DCL command SET SECURITY or SHOW SECURITY with the /CLASS=SECURITY_CLASS qualifier or when it uses the name SECURITY_CLASS in a call to the system service $SET_SECURITY or $GET_SECURITY

Permanence of the Object

The security profiles of the security class object and all its members are stored in the security object database.

Security Classes

» Table of Contents

» Glossary

» Index

Naming Rules

Types of Access

Template Profile

Kinds of Auditing Performed

Permanence of the Object