Advantages of Protected Subsystems

With protected subsystems, you have a mechanism to provide conditional access to data that is not available with traditional OpenVMS access controls. Traditionally, you give users privileges to bypass protection codes or access control lists (ACLs). In giving these privileges, however, you grant users a wide class of access. (Refer to Appendix A “Assigning Privileges” for information on the power different privileges carry.) Protected subsystems avoid extensive privilege use by individual users.

Protected subsystems give you an alternative to installing images with privilege. Writing a secure privileged image requires skill, and failures can compromise system security.

Protected subsystems give you an alternative to creating protected shareable images (also called user-written system services).

Protected subsystems make system management easier because unprivileged users can manage them without much assistance from you. See “System Management Requirements” for details on system management requirements.