HP Open View Data Protector for Security Containment
4
Fine Grained Privileges
Traditional UNIX operating systems grant "all or nothing" administrative privileges based on the
effective UID of the process that is running. If the process is running with the effective UID=0, it is
granted all privileges. With fine-grained privileges, processes are granted only the privileges needed
for the task and, optionally, only for the time needed to complete the task. Applications that are
privilege-aware can elevate their privilege to the required level for the operation and lower it after the
operation completes.
Role-Based Access Control (RBAC)
Typical UNIX system administration commands must be run by a superuser (root user). Similar to
kernel level system call access, access is usually "all or nothing" based on the user's effective UID.
HP-UX Role-Based Access Control (HP-UX RBAC) enables you to group common or related tasks into a
role. For example, a common role might be User and Group administration. Once the role is
created, users are assigned a role or set of roles that enables them to run the commands defined by
those roles.
The following figure shows the architecture for an omni backup configured in a Security Containment
environment.
The architecture illustrates a client system and a cell manager. The cell manger is the central control
point where the Data Protector Software is installed. After installing the Data Protector Software, you
can add systems (client system) to be backed up. The client system is installed and configured with the