The SECURITY privilege lets a process perform
security-related functions such as modifying the system password with
the DCL command SET PASSWORD/SYSTEM or modifying the system alarm
and audit settings using the DCL command SET AUDIT. The privilege
not only lets a user process start and stop the audit server process
with SET AUDIT, it also permits the process to use SET AUDIT to modify
the characteristics of the auditing database, including those of the
audit server, the system audit journal, the security archive file,
resource monitoring, and the audit, alarm, or failure mode.
Grant this privilege only to security administrators.
Irresponsible users who obtain this privilege can subvert the system's
security mechanisms, lock out users through improper application of
system passwords, and disable security auditing.
The SECURITY privilege also lets a process perform
the following tasks:
| Task | Interface |
|---|
Display
system auditing information about the system audit log file, audit
server settings, and so on | SHOW AUDIT |
Display
Hidden ACEs | SHOW
SECURITY |
Display
the system intrusion list or delete a record | SHOW INTRUSION, DELETE/INTRUSION |
Enable
the security operator terminal | REPLY/ENABLE=SECURITY, $SNDOPR |
Enable protected
subsystems on a volume | MOUNT/SUBSYSTEM,
$MOUNT, SET VOLUME/SUBSYSTEM |
