Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

111

112

113

114

115

116

117

118

119

120

Concerns for the Application Programmer

Security Management Guide—522283-008

6-3

Authentication User IDs

Name Selection

If you decide that the standard user IDs or aliases are satisfactory for your application,

consult your security administration staff to work out the user names and user IDs for

anyone who will use your application.

Creating and Maintaining the Name Database

The Guardian environment maintains the database for user IDs. The system

administrator and security administrator use standard Guardian and Safeguard tools to

create and maintain this name database.

Using the Name Database to Authorize Use of the

Application

You can use standard Guardian security settings to establish a security setting for an

application that allows a particular user, group of users, anyone on a system, or

anyone on the network to execute your application.

If you need to limit permission on an individual user basis, you must use a Safeguard

access control list (ACL). The ACL limits the ability execute the program to a specific

set of individual users.

For example, if only CLERK.ROBIN, CLERK.PAT, and AUDIT.KELLY should access

the application program $DATA.APP.PROG, restrict access as follows:

1> SAFECOM ADD DISKFILE $data.app.prog, &

1>& ACCESS (clerk.robin, clerk.pat, audit.kelly) E

This example puts the program $DATA.APP.PROG under Safeguard control and

specifies an ACL that allows only the specified users execute (E) authority for the

program.

If you are not using the Safeguard software, you can use various system parameters to

determine whether the user is valid within your program.

For example, if your application requires a time restriction on access, such as allowing

CLERK.ROBIN to execute the program only on weekdays from 8:00 a.m. to 5:00 p.m.,

your application could call on the appropriate system procedures to get the following:

•

The effective user ID or process access ID (PAID) of the user

•

The current system time-of-day and day-of-week

Using this information, your program would allow or deny access to the remainder of its

routines.

If you have developed a security event exit, you can include in it time constraints for

user authentication and object access authorization.