Cms Roles Assignment; Who Needs To Be Present; Understanding Operating System Setup (Users, Groups, And File Permissions) - Netscape MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR Administrator's Manual

Understanding the Common Criteria Environment
Operating System Environment
Because CMS relies on the IT environment to provide the basic operating system
file system security, inter-process communication, and process space protection, it
is highly recommended that you install and run CMS on an operation system
certified at a Common Criteria assurance level no less than the level of CMS itself.

CMS Roles Assignment

In order to maintain accountability, it is prudent to require individual users to log
into their individual accounts for regular CMS operations and maintenance. To
achieve this, you first have to assign CMS privilege roles to users. It is also
recommended that the user ID at the operating system level is the same user ID
that is used in CMS. CMS allows more than one user to have the same role (for
example, you can have two CA agents); however, CMS does not allow one person
to have more than one role within the same subsystem (for example, the user Joe
cannot be both the CA Administrator and Agent for the same CA subsystem). See
"CMS Privileged Users and Groups (Roles)" on page 714, for a description of the
various CMS privileged roles.

Who Needs to be Present

During the installation and configuration, the CMS audit function is not
operational, so it is crucial that all CMS roles be present to witness the installation
and make necessary operations and decisions.
Understanding Operating System Setup (Users,
Groups, and File Permissions)
There is a requirement to allow only the CMS auditor to view the signed audit logs
from the IT environment, and a requirement to prohibit any one person from
editing any CMS configuration undetected or unaccounted for. The procedure for
setting up such an environment on a Solaris 8.x system involves utilization of
operating system users, groups, and file system manipulation. The detailed
procedure can be found in the CMS Common Criteria Environment Setup and
Installation Process (see CMS Common Criteria Setup Procedure). If you are
installing on a trusted operating system on which you can assign privileges, you
need to follow the operating system instructions on setting them to achieve the
proper levels of access.
722 Netscape Certificate Management System Administrator's Guide • June 2003