Security Management Guide (G06.24+, H06.03+)
Guardian System Security
Security Management Guide—522283-008
2-27
Enabling a PROGID Program
•
Allowing updates contingent upon completeness, quality, or independent
authorization of transaction data items
•
Granting access to selected fields of a record to which the user should not be
granted unlimited access
•
Auditing of database transactions to whatever degree of detail is needed
For example, a personnel application might allow employees to look at only their own
personnel records.
Without PROGID programs, the personnel database would have to be stored in files
that are directly accessible to all employees. However, this situation would allow an
employee to open the database files directly and examine other employees’ personnel
records.
A PROGID program owned by a personnel department could allow employees to look
at their own personnel records, while limiting more general access to members of the
personnel department.
Enabling a PROGID Program
To enable a PROGID program, the program file owner uses the FUP SECURE
command. To disable the PROGID program, the file owner uses the FUP REVOKE
command.
For example, to enable PROGFILE as a PROGID program, the file owner executes
this command:
1> FUP SECURE progfile,,PROGID
To disable PROGFILE as a PROGID program, the file owner executes this command:
2> FUP REVOKE progfile, PROGID
Effect of Giving a Program to Another User
A PROGID program given to another user becomes an ordinary (not PROGID)
program. Of course, the new owner can reenable the program as a PROGID program.
Effect of Loading a Program From Magnetic Tape
A PROGID program restored from magnetic tape becomes an ordinary program. The
owner can reenable the program as a PROGID program.
Possible Security Concerns
Inappropriate design of PROGID programs can result in serious security holes.