The audit server creates and maintains the security
elements of clusterwide objects in a database called VMS$OBJECTS.DAT,
located in SYS$COMMON:[SYSEXE]. You should ensure that the object
database is present on each node in the cluster by specifying a file
name that resolves to the same file through the cluster, not to a
file that is unique to each node.
To reestablish the logical name after each system
boot, define the logical in SYSECURITY.COM. The command procedure
SYSECURITY.COM has to be defined before the audit server starts up.
The object database contains the following information:
Audit and alarm settings
for all objects, established through the DCL command SET AUDIT
Security profiles for
all resource domain objects, all security class objects, and all cluster-visible
devices (see “Protecting Objects”)
This database is updated whenever characteristics
are modified, and the information is distributed so that all nodes
participating in the cluster share a common view of the objects.
You cannot change security profiles or create
protected objects when the object server is absent and cannot update
the cluster database VMS$OBJECTS.DAT. However, you can modify the
system parameter SECURITY_POLICY to allow security profile changes
to protected objects on a local node (bit 4) or the creation of protected
objects on a local node (bit 5).
