Security Management Guide (G06.29+, H06.08+, J06.03+)
Safeguard System Security
Security Management Guide — 522283-021
3 - 17
Setting CLEARONPURGE Through SAFECOM
Setting CLEARONPURGE Through SAFECOM
You can set CLEARONPURGE for individual files with the ALTER DISKFILE
command. To specify CLEARONPURGE for disk files that do not have Safeguard
authorization records, use FUP to set CLEARONPURGE. To set CLEARONPURGE
for all files on the system, use the Safeguard global configuration attribute
CLEARONPURGE-DISKFILE. However, setting CLEARONPURGE for all files might
have an adverse effect system performance.
Licensing Programs Through SAFECOM
Programs already under Safeguard protection must be licensed using SAFECOM
commands.
For example, to license the executable program MYPROG, the super ID issues this
command:
1> SAFECOM ALTER DISKFILE MYPROG, LICENSE ON
To revoke the license, the super ID issues this command:
2> SAFECOM ALTER DISKFILE MYPROG, LICENSE OFF
Setting PROGID Through SAFECOM
Programs already under Safeguard protection must be enabled for PROGID through
SAFECOM commands.
For example, to enable PROGID for a program stored in PROGFILE, the primary
owner executes this command:
3> SAFECOM ALTER DISKFILE PROGFILE, PROGID ON
To disable the PROGID, the file owner executes this command:
4> SAFECOM ALTER DISKFILE PROGFILE, PROGID OFF
Determining Access Needs
Before you secure any objects, determine what authorities are needed to perform tasks
on the system. Be sure to consider all Safeguard settings. For example, a user who
needs to create and execute a program must have:
READ and WRITE authorities for editing the disk file containing the source code
EXECUTE authority for the disk file containing the object code
CREATE authority on the disk volume (only if there is a volume authorization
record)
CREATE authority on the subvolume (only if there is a subvolume authorization
record)
CREATE authority for the process name that the program runs under