Manualshelf

Technical data

ManualsBrandsCompaq ManualsPrinterLA36
471472473474475476477478479480
Security Considerations
12.5 Creating Intra-Cluster Communications Security Objects
12.5 Creating Intra-Cluster Communications Security Objects
OpenVMS provides SYS$MANAGER:ICC$SYSTARTUP.COM. This command
procedure allows you to customize the ICC characteristics by creating ICC
security objects and adding additional registry tables.
The ICC$CREATE_SECURITY_OBJECT procedure creates permanent ICC
security objects and optionally issues an initial SET SECURITY command for
the object. Specify node::association to create a security object for an association
before it exists. For example, specify MYNODE::BOB_SERVER. Use the special
node name ICC$ to create a security object for an entry in the ICC clusterwide
registry.
Before creating an association through ICC, you need the OPEN security
attribute on the node::association pair. A security object created by
ICC$CREATE_SECURITY_OBJECT is not deleted until the system reboots.
The ability to connect to an association is controlled by the ACCESS security
attribute on the security object.
Every process using ICC must open an association. If you have SYSNAM
privilege, you can open associations without calling ICC$CREATE_
SECURITY_OBJECT, however the object is not permanent. No privileges
are required, therefore anyone can create access named ICC$pid* (for example,
ICC$20203F9A_FOO).
ICC$CREATE_SECURITY_OBJECT can also be used to regulate creating names
in the ICC clusterwide registry using the special node name ICC$. For creating
names in the registry, the security access attributes OPEN and CONTROL are
relevant.
Note that SYS$MANAGER: also contains file SYS$SYSTARTUP.TEMPLATE so
that you can customize the procedure to your specific requirements.
12.6 Creating Access Control Lists
For most interactive user accounts, the default UIC-based protection is adequate.
However, in some cases (such as project accounts) you may want to set up an
additional level of protection by using access control lists (ACLs). ACL-based
protection provides a more refined level of security in cases where different
groups or members of overlapping groups share access to an account.
12.6.1 Kinds of Entries in an ACL
An access control list (ACL) is a list of entries, each of which defines some
attribute of an object. Each entry is called an access control entry (ACE).
The following security-relevant types of ACEs are available:
Security Considerations 129