AutoTMF Software User's Guide (Update 12)

ManualsBrandsHP ManualsServerHP NonStop G-Series

181

182

183

184

185

186

187

188

189

190

System Management

HP NonStop AutoTMF Software User’s Guide—429952-014

A-19

Object File Access Security

additional Enscribe operations), but these operations are subject to the same security

control as provided for all application access to data.

Object File Access Security

Normally, only execute access authority is required to run a program. With NonStop

AutoTMF software, however, both read and execute access authority is required to run

a prepared program.

The NonStop AutoTMF software runtime needs to determine if a program has

embedded SQL and a few other important facts obtained by reading the object file.

Thus, you must give each user who runs an object file both execute and read access

authority to the file; write access authority is not required.

To prepare an application program to use NonStop AutoTMF software, the object file is

modified to intercept procedure calls and assign a user library; this requires write

access authority.

Configuration Security

When used in production, NonStop AutoTMF software becomes an essential part of

the application and must be protected against damage or misuse. Ideally, the

installation should have a designated person or small group that is responsible for

performing basic maintenance of the NonStop AutoTMF software environment.

Product Security

The files in the product subvolume should be managed in a manner similar to the

system components in $SYSTEM.SYSTEM. The files should be protected against

change or deletion by unauthorized persons.

System Database Security

The System Database (SysDB) contains the licensing information and many global

settings that will affect all applications that are prepared to use Escort. To prevent

inadvertent changes to the SysDB, you should limit write access authority to the users

that are responsible for maintaining the NonStop AutoTMF software environment. This

is usually accomplished when the SysDB is created (see the CREATE SYSDB on

page 6-54) or by use of a SQLCI ALTER TABLE command for both the REGISTRY

and MAPDBS tables.

Application programs have no need to access the SysDB; the monitor process

provides all the SysDB information required by applications.

Mapping Database Security

Security of the Mapping Database (MapDB) is less of an issue than the security of the

SysDB as long as the personnel accessing and updating it can be expected to act