SECURITY Privilege (System)
» Table of Contents |  | | » Glossary | | | » Index | | |
| | |
| ||
| ||
The SECURITY privilege lets a process perform security-related functions such as modifying the system password with the DCL command SET PASSWORD/SYSTEM or modifying the system alarm and audit settings using the DCL command SET AUDIT. The privilege not only lets a user process start and stop the audit server process with SET AUDIT, it also permits the process to use SET AUDIT to modify the characteristics of the auditing database, including those of the audit server, the system audit journal, the security archive file, resource monitoring, and the audit, alarm, or failure mode.
Grant this privilege only to security administrators. Irresponsible users who obtain this privilege can subvert the system's security mechanisms, lock out users through improper application of system passwords, and disable security auditing.
The SECURITY privilege also lets a process perform the following tasks:
| Task | Interface |
|---|---|
Display system auditing information about the system audit log file, audit server settings, and so on | SHOW AUDIT |
Display Hidden ACEs | SHOW SECURITY |
Display the system intrusion list or delete a record | SHOW INTRUSION, DELETE/INTRUSION |
Enable the security operator terminal | REPLY/ENABLE=SECURITY, $SNDOPR |
Enable protected subsystems on a volume | MOUNT/SUBSYSTEM, $MOUNT, SET VOLUME/SUBSYSTEM |