SECOM is a command management and session control tool. It enforces a sharp differentiation between:

  • functional users (generic user IDs, e.g. SUPER.SUPER), and
  • individual users (real people, e.g. GHS.CARL, Alias Weber_Carl)

and provides a method for separation and segregation of duties. 

The Problem

Normally, individual users must logon to a function to perform tasks on behalf of the function. For example:

  • System wide backup, where the operator needs READ access to all files, but just for backup tasks
  • Application management (e.g. PATHCOM access to $APPL)
  • Database management (e.g. SQLCI, FUP)
  • System management (e.g. start-up at cold load time, executing OBEY files or TACL macros)

Logging on to a function has several drawbacks:

  • The password has to be known, and it can be used any time to get access to the function.
  • Because a password allows a logon from scratch, real auditing cannot be enforced.
  • The password can be given to 'anybody' - without any trace - and misused.
  • Logging on to a function means having access to all the resources the function has access to.

The only Tandem based solution available today to address these types of problems is to use PROGIDed programs, where programs have a SAFEGUARD ACL to protect them against misuse. But the management of PROGIDed software is itself problematic, especially when a GUARDIAN release change has to be performed.

An additional point for concern is that accessing a program (FUP, SQLCI) means having access to all of the program?s functions. For example: to 'UP' a disk volume, the program PUP must be started with a SUPER-group ID. But running PUP with a SUPER-group ID also allows the user to 'DOWN' a disk. 

The SECOM Solution

SECOM provides a solution. You can quickly and effectively administer command management and session control across a network from a single system.

SECOM Management

Manage SECOM with the browser based management system iWAMS, the integrated Web Administration Management Suite.
iWAMS allows the central management of GreenHouse products within an EXPAND network, where the manager can switch between nodes without the need to re-logon, and a context sensitive switch between products.

Traced SECOM command SUPERTACL and evaluation of input/output session data with iWAMS:

Download product information of Secure Command Manager (SECOM)

Order Free Trial

Four steps to your free trial license:

  1. Download the freeware tool Sysinfo and run it on the target TANDEM machine
  2. Put the system information in the following form
  3. Select the product form the drop down list
  4. GreenHouse will send the license key via EMail

Data protection: If you contact us via the order trial form, your details will be taken from the form including the contact details provided by you for the purpose of processing the request and in case of follow-up questions stored with us. We do not give this data without yours consent continues.