During a software release retrofit, unrestricted access to the MCC and SCC is
automatically
provided. A
REPT:SECURITY
output message reports that command restrictions are disabled to inform operations personnel of
a possible change in the level of security on the MCC and SCC.
Unrestricted MCC and SCC access is permitted during the entire retrofit process. Once the retrofit is complete,
terminal restrictions (if any) are automatically restored. Another
REPT:SECURITY
output message informs
operations personnel that unrestricted access is disabled.
3.8.4.11 Interactions Between Authority Checking and Other Security Features
3.8.4.11.1 Pathname File
The pathname (.pname) file is another mechanism used by the craft shell to limit access to a subset of input
messages. The .pname mechanism is entirely independent from authority checking.
The craft shell assumes that a .pname file exists in its current directory. Each line of the .pname file describes an
environment for the craft shell as follows:
a:b:c:d:e:f$g
Where:
a
= Numeric Label
b
= Craft shell search directory list
c
= Current directory
d
= Alternate shell
e
= User ID
f
= Group ID
g
= Optional strings
The craft shell search directory list ('b') specifies a list of directories searched by the craft shell to locate the
command to execute. A .pname with fewer search directories limits the number of commands the craft shell can
execute. Each craft shell can have a different initial directory, and thus a different .pname file, so it is possible to
control search directories on a per-terminal basis.
With authority checking disabled, an input request is executed only if it is located in the list of craft shell search
directories. With authority checking enabled, an input request is executed only if it passes authority checking
and
if it
is located in the list of craft shell search directories.
3.8.4.11.2 Password Protected Commands
Password protected commands are documented in the Administration section of 235-700-200,
UNIX
®
System
Reference Manual
. Password protected commands prompt for a password before the command is executed. The
Office Database Editor (ODBE) and
UNIX
shell (SH) are examples of commands that can be password protected.
Password protected commands are entirely independent from authority checking. For example, a user may pass
authority checking for a password protected command but may not be able to execute the command because he or
she does not know the password for the command.
3.8.4.11.3 RC/V Security
The recent change and verify (RC/V) system provides access permissions for Office Dependent Database (ODD)
recent change forms. The RC/V form access (RCACCESS) mechanism is documented in 235-118-XXX,
Recent
Change Procedures
.
The RCACCESS mechanism is entirely independent from authority checking. Once a user passes authority
checking for ODD recent change, he or she is subject to RCACCESS permissions (if any) established via the
SET:RCACCESS
input message.
235-105-210
October 1999
Copyright © 1999
Page 34
Summary of Contents for 5ESS-2000
Page 96: ...235 105 210 October 1999 Copyright 1999 Page 2 ...
Page 184: ...235 105 210 October 1999 Copyright 1999 Page 3 ...
Page 300: ...13 STOP YOU HAVE COMPLETED THIS PROCEDURE 235 105 210 October 1999 Copyright 1999 Page 55 ...
Page 339: ...7 STOP YOU HAVE COMPLETED THIS PROCEDURE 235 105 210 October 1999 Copyright 1999 Page 13 ...
Page 342: ...235 105 210 October 1999 Copyright 1999 Page 2 ...
Page 359: ...235 105 210 October 1999 Copyright 1999 Page 5 ...
Page 609: ...2 STOP YOU HAVE COMPLETED THIS PROCEDURE 235 105 210 October 1999 Copyright 1999 Page 12 ...
Page 676: ...235 105 210 October 1999 Copyright 1999 Page 9 ...
Page 792: ...3 STOP YOU HAVE COMPLETED THIS PROCEDURE 235 105 210 October 1999 Copyright 1999 Page 9 ...
Page 799: ...Figure 11 36 3 1 Cleaning Points 235 105 210 October 1999 Copyright 1999 Page 7 ...
Page 801: ...235 105 210 October 1999 Copyright 1999 Page 9 ...
Page 839: ...2 STOP YOU HAVE COMPLETED THIS PROCEDURE 235 105 210 October 1999 Copyright 1999 Page 16 ...
Page 999: ...2 STOP YOU HAVE COMPLETED THIS PROCEDURE 235 105 210 October 1999 Copyright 1999 Page 13 ...
Page 1008: ...Figure 11 55 1 CTSNS DIP Switch Settings 235 105 210 October 1999 Copyright 1999 Page 2 ...
Page 1011: ...235 105 210 October 1999 Copyright 1999 Page 5 ...
Page 1053: ...235 105 210 October 1999 Copyright 1999 Page 15 ...
Page 1289: ...Figure 15 17 2 AMATPS Data Link 235 105 210 October 1999 Copyright 1999 Page 2 ...
Page 1292: ...235 105 210 October 1999 Copyright 1999 Page 5 ...
Page 1303: ...9 STOP YOU HAVE COMPLETED THIS PROCEDURE 235 105 210 October 1999 Copyright 1999 Page 2 ...
Page 1360: ...Figure 15 47 2 Typical SCANS III Link Diagram 235 105 210 October 1999 Copyright 1999 Page 2 ...
Page 1372: ...235 105 210 October 1999 Copyright 1999 Page 2 ...
Page 1374: ...235 105 210 October 1999 Copyright 1999 Page 4 ...
Page 1421: ...Table 1 1 O M Checklist 235 105 210 October 1999 Copyright 1999 Page 3 ...