Real Time Information Director User Documentation

RTID Security and Auditing

Hewlett-Packard Company 4 529618 - 002

Event Date

If you look back at the example above, you’ll notice that the header includes a date. This

date indicates when the reported event occurred and is automatically recorded in the audit

record as the event date.

An audit record also includes the system time (on the NonStop Server) when the

document was processed.

Role

The role signifies the relation of the agent to the consumer. In the example above, the

agent claims to be the consumer’s personal physician. This information is recorded as

part of the audit record.

A security policy can refer to the role as a criterion for authorizing or denying access to

data, or to verify that the relationship an agent claims to have with the consumer matches

the relationship on record for that agent in the data store.

Security: Who Can Do What

The Security system is designed primarily to guarantee the rights of the consumer,

including privacy. Those rights determine which agents have access to each consumer's

data.

Director Role in Security Implementation

Although security requirements vary by industry and institution, most real-time solutions

have at least the following security requirements:

• The necessity to ensure that a user is legitimate, i.e., not an imposter

impersonating a known user.

• The necessity to restrict access to physical components of a system, such as

workstations.

• The necessity to restrict access to system resources, such as communication ports,

disk drives, or running processes.

• The necessity to restrict the types of transactions users can perform. For example,

a user might be allowed to query, but not update, a data store.

• The necessity to make specific data accessible only to specific users.