beautypg.com

Licensing programs, Figure 16-4, Controlled access to a data file – HP NonStop G-Series User Manual

Page 340

background image

Managing Users and Security

Guardian User’s Guide 425266-001

16 -18

Licensing Programs

Licensing Programs

If a program contains privileged procedures (procedures having the CALLABLE or
PRIV attribute), it must be licensed before it can be run by any user other than the super
ID. Only a super ID user can license a file; licensing is performed with the FUP
LICENSE command.

Programs running in the privileged mode have total freedom to access operating system
tables and to execute privileged instructions and procedures, so it is possible for such
programs to circumvent the file security checks and thereby gain access to any file.
However, some privileged programs are needed in the system. Through licensing, the
installation can run privileged programs that it has authorized, but users may not run
unauthorized privileged programs. If a licensed file is opened with write access or read-
write access, the file becomes unlicensed.

For example, a privileged program called PRIVPROG exists in a software development
group. PRIVPROG is owned and licensed by the super ID so that all members of the
group can execute it. A programmer in the group has developed a revision to the
PRIVPROG program and wants to replace the object program with the revision.

Provided that the super ID user also gives the programmer write access to the program
file, the following TAL compilation replaces the program with the revision and causes
the program to become unlicensed:

This means that no users except super ID users (not even the programmer who replaced
the program) are allowed to execute the program. When PRIVPROG is debugged and
ready for use, the super ID can license it so that others in the group can run it.

Figure 16-4. Controlled Access to a Data File

10> RUN TAL / IN SOURCE / PRIVPROG

015

CDT

.CDD

Owner ID = 1,112
Security = "OOAO"
PROGID option on

Owner ID = 1,112
Security = "OOOO"

Employee

Data File

Process
Access
ID = 8,10

Query

Program

(P1)

User Running

the Program

This manual is related to the following products:
See also other documents in the category HP Computer hardware: