The SECURITY privilege lets a process perform
security-related functions such as modifying the system password with
the DCL command SET PASSWORD/SYSTEM or modifying the system alarm
and audit settings using the DCL command SET AUDIT. The privilege
not only lets a user process start and stop the audit server process
with SET AUDIT, it also permits the process to use SET AUDIT to modify
the characteristics of the auditing database, including those of the
audit server, the system audit journal, the security archive file,
resource monitoring, and the audit, alarm, or failure mode.
Grant this privilege only to security administrators.
Irresponsible users who obtain this privilege can subvert the system's
security mechanisms, lock out users through improper application of
system passwords, and disable security auditing.
The SECURITY privilege also lets a process perform
the following tasks:
| Task|| Interface|
system auditing information about the system audit log file, audit
server settings, and so on
the system intrusion list or delete a record
SHOW INTRUSION, DELETE/INTRUSION
the security operator terminal
subsystems on a volume
$MOUNT, SET VOLUME/SUBSYSTEM