beautypg.com

Controlled access with program file id adoption, Figure 16-2, Effect of adopting the owner id of a program file – HP NonStop G-Series User Manual

Page 339: Figure 16-3, Employee record format

background image

Managing Users and Security

Guardian User’s Guide 425266-001

16 -17

Controlled Access With Program File ID Adoption

Controlled Access With Program File ID Adoption

In any application, some data files might require a controlled type of access—such as
letting many users access certain records, while denying access to other records that are
considered sensitive. For example, an employee file might contain such data as
employees’ identification numbers, names and addresses, and sensitive information such
as salaries. This data might be in a record format as shown in

Figure 16-3

.

This example shows how a user can control the access to such a data file and also
control any future file accesses or program functions.

An employee data file is owned by user 1,112 and is secured for local owner access only
(OOOO). This means that only the file owner (or the local super ID) has direct access to
the file. However, a controlled form of file access is allowed using a query program that
has been written to return only nonsensitive information. The program file is owned by
user 1,112 and is secured so that any local user can execute the process (OOAO).
Additionally, program file ID adoption has been specified (use owner ID as process
access ID).

As shown in

Figure 16-4

, user 8,10 (process access ID of 8,10) executes the query

program, which returns “limited data views” only. The query process adopts the owner
ID of the program file (1,112), which becomes its process access ID. (If the query
program were to create another process, that process would inherit 1,112 as both its
creator access ID and its process access ID.)

Figure 16-2. Effect of Adopting the Owner ID of a Program File

Figure 16-3. Employee Record Format

013

CDT

.CDD

The program file's security
has been set to "use owner
ID as process access ID."

Process Access ID = 8,10

Creator Access ID = 8,10
Process Access ID = 1,112

Program File
for Process p1;
Owner ID = 1,112

Creator Access ID = 1,112
Process Access ID = 1,112

(CI)

(p1)

(p2)

014

CDT

.CDD

emp name

address

benefits

salary

.....etc.

emp #

This manual is related to the following products:
See also other documents in the category HP Computer hardware: