Manualshelf

Security Management Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
51525354555657585960
Guardian System Security
Security Management Guide 522283-021
2 - 29
Enabling a PROGID Program
backs up a tape of files to which that operator does not have access. If the system
operator cannot use the super ID, a PROGID program provides a convenient and
secure solution.
To use PROGID in this example, the system manager creates a program that invokes
the system BACKUP utility with a predetermined argument list. The argument list
defines the files to be backed up. The system manager then provides the program as a
PROGID program owned by the super ID and accessible to only the system operators.
An operator can run this program as needed, thus obtaining the privilege of the super
ID, but only to perform the predefined backup operation.
Controlling Access to a Database
PROGID programs can provide controlled access to a database. Typical uses might
include:
Allowing operations on the system within predefined access hours
Allowing updates contingent upon completeness, quality, or independent
authorization of transaction data items
Granting access to selected fields of a record to which the user should not be
granted unlimited access
Auditing of database transactions to whatever degree of detail is needed
For example, a personnel application might allow employees to look at only their own
personnel records.
Without PROGID programs, the personnel database would have to be stored in files
that are directly accessible to all employees. However, this situation would allow an
employee to open the database files directly and examine other employees’ personnel
records.
A PROGID program owned by a personnel dep
artment could allow employees to look
at their own personnel records, while limiting more general access to members of the
personnel department.
Enabling a PROGID Program
To enable a PROGID program, the program file owner uses the FUP SECURE
command. To disable the PROGID program, the file owner uses the FUP REVOKE
command.
For example, to enable PROGFILE as a PROGID program, the file owner executes
this command:
1> FUP SECURE progfile,,PROGID
To disable PROGFILE as a PROGID program, the file owner executes this command:
2> FUP REVOKE progfile, PROGID