SYSTEM COMMAND CONTROL (the CENSOR module) allows the Security Administrator to delegate the use of specific system commands to selected users. The delegated commands may be used without the need for any special user privileges, for example; Secadmin (in an InfoGuard environment), PU and SystemUser status.

Control Reduces Exposure

SYSTEM COMMAND CONTROL is designed to allow Security Administrators to reduce the requirements for privileged or systemuser usercodes on a system. By allowing delegation of ODT functionality, but maintaining accountability and security restriction, SYSTEM COMMAND CONTROL helps resolve daily security concerns in both large and small UNISYS ClearPath MCP environments.

Key Features

• Delegation of system commands
• Allocation to usercode or accesscode
• Optional user verification at time of command input
• Logging of command, usercode, accesscode and station name
• Comprehensive audit via the reporting software product, SECURE
• Command input interface and interrogation facilities

Delegation of System Commands

SYSTEM COMMAND CONTROL administrative functions are integrated into the simple-to-use, established screens of SAFE. Additions and updates to command authorisations are performed dynamically with immediate effect.

Click to enlarge

System commands may be delegated to users as 'interrogation only', thus restricting update functionality.

Allocation to Usercode or Accesscode

The allocation of system commands is accomplished through a hierarchical structure. For example, some inquiry commands may be open to all users, whilst more powerful commands may be made available on an individual basis. The hierarchical levels are defined as follows:

• Level 1 - All MARC users
• Level 2 - All users defined to SYSTEM COMMAND CONTROL
• Level 3 - Individual usercode
• Level 4 - Individual accesscode

Each command list may contain a maximum of 30 commands. A normal usercode user can therefore be authorised to use up to 90 commands, whilst an accesscode user can be authorised for up to 120 commands. A maximum of 147 user definitions may be established.

Verification of Identity

The Security Administrator may optionally enforce the confirmation of the user's identity when sensitive commands are input. This alleviates the potential security problem when a user who is permitted to use sensitive or 'dangerous' system commands leaves a workstation unattended. This is achieved by requesting the confirmation of the user's password before the command is accepted.

Audit and Reporting

The user's identity is logged to the system log together with the command used and the station name. Successful and failed confirmations are also logged for those commands requiring verification of the user's identity.

The CENSOR commands report is available through the SECURE software product, which supports all security software products developed by Locum Software Services Limited.

User Interface

SYSTEM COMMAND CONTROL allows the Security Administrator to establish a two-character code for the CENSOR directive. The user interface to SYSTEM COMMAND CONTROL is via input on MARC's action line of the two-character code established for the directive. By prefixing the system or COMS command by the two-character code, users are able to use the commands for which they are authorised. Entry of the two-character code with no further input will display the HELP screen. Entry of the two-character code followed by USERCODE displays the commands delegated to the user's usercode. All user responses are in the familiar MARC format.

Click to enlarge

Free Trial

If you would like to see how SYSTEM COMMAND CONTROL can help secure your Unisys ClearPath MCP system, e-mail Locum@LocumSoftware.co.uk today to take advantage of our FREE no-risk trial offer.