The privilege concept of SRPM increases security for system administration and simplifies task delimitation in the data center (see the “SECOS” manual [11]).

VIRTUAL-MACHINE-ADMINISTRATION privilege

A user task with the system-global privilege VIRTUAL-MACHINE-ADMINISTRATION is allowed to execute a subset of the VM2000 commands and thus to operate a virtual machine as the VM administrator.

The commands for the VM administrator and their demarcation from the VM2000 administrator commands are described in section "Types of command".

When the product is shipped, the privilege is assigned to the user ID TSOS. If SECOS is used, the security representative can assign the privilege to any other user ID (except his/her own).

VM2000-ADMINISTRATION privilege

A user task with the system-global privilege VM2000-ADMINISTRATION is allowed to execute all VM2000 commands and thus to operate the whole VM2000 system and all virtual machines as a VM2000 administrator.

The types of commands and their privileged functions are described in section "Types of command".

When the product is shipped, the privilege is assigned to the user ID TSOS. If SECOS is used, the security representative can assign the privilege to any other user ID (except his/her own).

OPERATING privilege

A user task with the system-global privilege OPERATING is allowed to execute all operator commands. In particular, it can also execute all VM2000 commands and thus operate the whole VM2000 system and all virtual machines as a VM2000 administrator.

When the product is shipped, the privilege is assigned to the user ID SYSOPR. If SECOS is used, the security representative can assign the privilege to any other user ID (except his/her own).