Security Management Guide (G06.29+, H06.08+, J06.03+)

Guardian System Security

Security Management Guide — 522283-021

2 - 28

Detecting Licensed Programs

To list the names of all licensed programs residing on a disk volume, use the DSAP

command. For example, this command lists the licensed programs on volume

$SYSTEM:

1> DSAP $SYSTEM,LICENSED

...



User

Name/ID Filename Type Code ...



SUPER.SYS

(255,0) SYS00.ADDUSER 100L

SYS00.BACKUP 100L

SYS00.CMP 100L

SYS00.CMPLIB 100L

SYS00.DEFAULT 100L

SYS00.DELUSER 100L

SYS00.DSAP 100L

SYS00.FUP 100L

SYS00.PASSWORD 100L

SYS00.PUP 100L

SYS00.RESTORE 100L

SYS00.RPASSWRD 100L

SYS00.USERS 100L

PROGID Programs

This subsection discusses the PROGID attribute and its implications for security.

When a user executes an ordinary program, the program operates using the privileges

of the user and accesses only resources to which the user has access.

When a user executes a PROGID program, the program operates using the privileges

of the program owner and accesses only resources to which the program owner has

access.

PROGID programs allow one user to temporarily gain a controlled subset of another

user

’s privileges.

Uses of PROGID Programs

The two main reasons for using PROGID programs are controlling access to system

programs and controlling access to a database.

Controlling Access to System Programs

Certain operations that are easily performed using the super ID might have to be

performed by users other than the super ID; for example, when a system operator