Security Management Guide (G06.24+, H06.03+)
Safeguard System Security
Security Management Guide—522283-008
3-17
Licensing Programs Through SAFECOM
Licensing Programs Through SAFECOM
Programs already under Safeguard protection must be licensed using SAFECOM
commands.
For example, to license the executable program MYPROG, the super ID issues this
command:
1> SAFECOM ALTER DISKFILE MYPROG, LICENSE ON
To revoke the license, the super ID issues this command:
2> SAFECOM ALTER DISKFILE MYPROG, LICENSE OFF
Setting PROGID Through SAFECOM
Programs already under Safeguard protection must be enabled for PROGID through
SAFECOM commands.
For example, to enable PROGID for a program stored in PROGFILE, the primary
owner executes this command:
3> SAFECOM ALTER DISKFILE PROGFILE, PROGID ON
To disable the PROGID, the file owner executes this command:
4> SAFECOM ALTER DISKFILE PROGFILE, PROGID OFF
Determining Access Needs
Before you secure any objects, determine what authorities are needed to perform tasks
on the system. Be sure to consider all Safeguard settings. For example, a user who
needs to create and execute a program must have:
•
READ and WRITE authorities for editing the disk file containing the source code
•
EXECUTE authority for the disk file containing the object code
•
CREATE authority on the disk volume (only if there is a volume authorization
record)
•
CREATE authority on the subvolume (only if there is a subvolume authorization
record)
•
CREATE authority for the process name that the program runs under
In addition, if there is an OBJECTTYPE DISKFILE authorization record, you might
want to grant CREATE authority so the user can secure the disk file containing the
object code.
Command Files
If several objects require similar security settings, you might be able to use a command
file to make the task of securing them easier. You can create a command file that