Introduction to NonStop Operations Management

ManualsBrandsHP ManualsServerHP NonStop G-Series

181

182

183

184

185

186

187

188

189

190

Security Management

Introduction to NonStop Operations Management–125507

9-22

PROGID Programs

Implications for Your Security Policy

Your security policy should establish guidelines for:

•

File security during the development process. If the development environment and

production environment are on the same system, create separate production disk

volumes or subvolumes. If the Safeguard product is installed, secure the volumes

and subvolumes so that developers do not have create or write authority to

production files.

•

Moving programs from development to production. When the program moves from

the development environment to a production environment, your staff should:

•

Coordinate the move with the change management staff

•

Verify that all programs are tested before they are released to production

systems

•

Review file security settings and logons so that users have access only to the

processes and files that they need

•

Use only authorized, documented versions of the programs

•

Make sure that all program files and production data files are adequately

protected according to your company’s security policy

PROGID Programs

PROGID programs allow one user to temporarily use a controlled subset of another

user’s privileges. When a user executes a PROGID program, the program operates using

the privileges of the program owner and accesses only those resources that the program

owner has access to. PROGID programs are used to:

•

Control access to system operations. Certain operations that are easily performed by

the super ID (255,255) might have to be performed by users who aren’t super IDs—

for example, a system operator who backs up files to which the operator does not

have access. If the system operator is not the super ID, a PROGID program provides

a convenient and secure solution.

•

Control access to a database.

A PROGID program becomes an ordinary program when ownership of the program file

is changed or when the program is restored from magnetic tape. In both cases, the

owners can reenable the program as a PROGID program.

To determine whether a program is secured with PROGID, use FUP or the DSAP utility.

Note. For more requirements on application program development, refer to Section 11,

“Application Management.” For guidelines on the change control process, refer to Section 7,

“Change and Configuration Management.”