You need an account with privileges to perform the tasks of
a security administrator.
An administrator who reviews security violations and possible
vulnerabilities requires at least three privileges:
SECURITY and AUDIT privileges to enable
security auditing and to set up security operator terminals
READALL privilege to review the protection of files
and resources
In many cases, a security administrator serves as both the
security administrator and the system manager. This person requires
a full set of privileges. The HP OpenVMS System Manager's
Manual
describes the necessary characteristics of a
system management account.
Sample Security Administrator's Account illustrates
a number of AUTHORIZE qualifiers appropriate for a security administrator's account.
Any value not specified defaults to the value provided by the default
record in SYSUAF.DAT.
The requirement that the automatic
password generator be used to change passwords.
The use of a short password lifetime. Measures 1 and 2 are important to protect the account because
it affords many valuable privileges and access rights.
SECURITY, AUDIT, and READALL privileges allow monitoring
of the system but no modification. If you perform the tasks of a
system manager, then you would need an account with SYSPRV. With
SYSPRV, you can access protected objects by the system protection
field and change the owner UIC and protection. You can change an
object's protection to gain access to it.
HP OpenVMS Guide to System Security
Security for the System Administrator
