beautypg.com

Object file access security, Configuration security, A-19 – HP Integrity NonStop J-Series User Manual

Page 193: Product security, System database security, Mapping database security

background image

System Management

HP NonStop AutoTMF Software User’s Guide429952-017

A-19

Object File Access Security

Object File Access Security

Normally, only execute access authority is required to run a program. With AutoTMF,
however, both read and execute access authority is required to run a prepared
program.

The AutoTMF runtime needs to determine if a program has embedded SQL and a few
other important facts obtained by reading the object file. Thus, you must give each user
who runs an object file both execute and read access authority to the file; write access
authority is not required.

To prepare an application program to use AutoTMF, the object file is modified to
intercept procedure calls and assign a user library; this requires write access authority.

Configuration Security

When used in production, AutoTMF becomes an essential part of the application and
must be protected against damage or misuse. Ideally, the installation should have a
designated person or small group that is responsible for performing basic maintenance
of the AutoTMF environment.

Product Security

The files in the product subvolume should be managed in a manner similar to the
system components in $SYSTEM.SYSTEM. The files should be protected against
change or deletion by unauthorized persons.

System Database Security

The System Database (SysDB) contains the licensing information and many global
settings that will affect all applications that are prepared to use AutoTMF. To prevent
inadvertent changes to the SysDB, you should limit write access authority to the users
that are responsible for maintaining the AutoTMF environment. This is usually
accomplished when the SysDB is created (see the

CREATE SYSDB

on page 6-56) or

by use of a SQLCI ALTER TABLE command for both the REGISTRY and MAPDBS
tables.

Application programs have no need to access the SysDB; the monitor process
provides all the SysDB information required by applications.

Mapping Database Security

Security of the Mapping Database (MapDB) is less of an issue than the security of the
SysDB as long as the personnel accessing and updating it can be expected to act
responsibly. Often, personnel in operations, development, testing, and production
control update the MapDB for their own file and program entities.

This manual is related to the following products:
See also other documents in the category HP Computer hardware: