HP 3000 Manuals HP 3000 Manuals
Lesson 2 Security and the AccountStructure
Lesson 2 presents the security provisions of the MPE/iX operating system:
* command security and capabilities
* logon security
* file security
* group security
MPE/iX provides several levels of security to ensure that your work
remains private.
MPE/iX command security and capabilities
There are more than 200 MPE/iX commands. You can use most of them, but
not all of them. Some commands are restricted to certain users.
The capabilities assigned to you as a user determine which commands you
are able to execute. These capabilities are assigned by your system
operations personnel when they create your user, group, and account.
The capabilities assigned to you are usually determined by the type of
work that you will do on the computer.
* Most commands are available to every user.
* Some commands are available only to those who manage your account,
for example, account manager (AM).
* A number of commands are available only to those who manage your
system, for example, system manager (SM).
* A few commands are restricted to users who have specific jobs, for
example, the system operator (OP).
* Still other commands are available to all users, but the full
power of the command is entrusted only to users with highly
advanced capabilities.
At the system prompt, type the LISTUSER command. Your screen will look
like this:
________________________________________________________________________
| |
| |
| :LISTUSER ************************ USER: ETHEL.MERTZ |
| |
| HOME GROUP: MYGROUP PASSWORD: ** MAX PRI : 150 LOC ATTR: |
| $00000000 LOGON CNT : 1 CAP: ND,SF,BA,IA |
| |
________________________________________________________________________
The display for LISTUSER shows the capabilities that you have been
assigned. Find the heading CAP. What doh you see?
The capabilities listed in table 4-1 are the ones assigned to most new
users.
Table 4-1. The Basic (Default) Set of Capabilities
--------------------------------------------------------------------------------------------
| |
| Capability Meaning What You Can Do |
| |
--------------------------------------------------------------------------------------------
| |
| ND Access to Nonshareable Devices Share printers and other devices that |
| cannot be used simultaneously by two |
| different users |
| |
| SF Save Files Save or keep your work file on the |
| computer's disk drive(s) |
| |
| BA Batch Access Create and run jobs (a topic in the |
| 900 Series HP 3000: Advanced Skills |
| course) |
| |
| IA Interactive Access Work in a session (work interactively |
| with the computer) |
| |
--------------------------------------------------------------------------------------------
If you try to use an MPE/iX command, but do not have the right capability
to access it, you get a system error message.
Try the NEWACCT command, which creates new accounts on the system. For
this example, try to create an account called LEARNING and assign a
manager name (MANAGER) to the new account.
Enter:
NEWACCT LEARNING,MANAGERReturn
Unless you have SM capability, your screen should look like this:
________________________________________________________________________
| |
| |
| :NEWACCT LEARNING,MANAGER |
| THIS COMMAND REQUIRES SYSTEM MANAGER (SM) CAPABILITY. (CIERR |
| 956) |
| |
________________________________________________________________________
Some commands affect fundamental or important operations of the computer.
Misuse of those commands could harm the work of other users or interrupt
the system.
The help facility states whether the command is available to everyone on
the system or only to users who have special, advanced capabilities.
Logon security
When you log on, the computer might prompt you to enter passwords:
* an account password
* a user password
* a group password
You might be prompted to provide only one of these, or two of them, or
all three of them.
MPE/iX systems give you three chances to enter the right password. After
a third failure, you see an error message. When that happens, you must
start the logon procedure all over again.
An incorrect entry of a password
would look like this on the screen:
________________________________________________________________________
| |
| |
| MPE XL:HELLO JOHN.SMITHERS |
| |
| ENTER ACCOUNT PASSWORD: |
| |
| ENTER ACCOUNT PASSWORD: |
| |
| ENTER ACCOUNT PASSWORD: |
| |
| INCORRECT PASSWORD. (CIERR 1441) |
| |
| MPE XL: |
| |
________________________________________________________________________
Passwords do not appear on the screen when you enter them in response to
a password prompt.
You get an error message if you attempt to log on to an account or group
that does not exist:
________________________________________________________________________
| |
| |
| MPE XL:HELLO JOHN.SMITHERS,TRAINING |
| ACCT/USER EXIST, GROUP NAME DOESN'T. (CIERR 1436) |
| |
________________________________________________________________________
You also get an error message if you attempt to log on as a user who
doesn't exist:
________________________________________________________________________
| |
| |
| MPE XL:HELLO BETSY.SMITHERS |
| ACCT EXISTS, USER NAME DOESN'T. (CIERR 1438) |
| |
________________________________________________________________________