Access to Start, Stop and List configurations is controlled by using the CONFIGURATION 'subsys' with the GRANT and REVOKE parameters. Access to the SECURITY Configuration itself is controlled in this way, just the same as other configuration types, but with an implicit grant rule allowing full access for the user who started the SECURITY Configuration. This means that the user who started the SECURITY Configuration can always List, Start and Stop it, unless there is a REVOKE entry in the configuration to explicitly prevent this.
When Prognosis is started, the SECURITY Configuration is started by the user that Prognosis is running as (since it is not explicitly started by an actual logged-on user on startup).
Even though the implicit grant rule for the user who started the SECURITY Configuration exists, it is probably advisable to always explicitly allow only a particular user or users access to Start the SECURITY subsystem. This ensures that the user(s) who can change the security settings can always be determined from the configuration and that other users cannot change it. There is not much point in carefully limiting access to various features with a SECURITY Configuration, if a user can simply change the configuration to gain access to what it currently denies.
The following example illustrates a skeleton configuration that gives the users OPS.MGR and SUPER.SUPER control of the SECURITY Configuration. All the other configurations and subsystems are open to any user.