SSM Option 3 - Define Security Profiles
This option allows you to maintain security profiles. Security profiles are kept in the SECURITY system file under the SYSMAN account.
On selecting Option 3 on the SSM screen, the following screen is displayed.
S E C U R I T Y F I L E M A I N T E N A N C E -------------------------------------------------------------------------------- Security ID > 1 Accessible Accounts : 14 Remote Logon : 2 Inaccessible Accounts : 15 System Debugger : 3 Allowed Logon Times : 16 Basic Debugger : 4 Disallowed Logon Times : 17 A*L*L Debugger : 5 TCL Access : 18 RPL Debugger : 6 Software User IDs : 19 Shell Security Level : 7 Max System Privilege : 20 Directory View : 8 Alt Server Profiles : 21 SQL Catalog Maintenance: 9 TCL Logging : 22 TIPH password required : 10 Environment Control. : 23 Remote Basic : 11 Passworded Acct Logon : 24 Tandem : 12 Remote File Access : 25 Reality Encryption Keys: 13 Logto : 26 Reserved Enter security id. (or 'CR' to exit, '?' for list, 'D' for default or '*' for current)
There are common features of profiles screens that you can use to create, edit and delete profiles.
The following is an example of the screen displayed for the new profile-id entry USERS. The parameters displayed are the default settings derived from the DEFAULT profile in the SECURITY file.
S E C U R I T Y F I L E M A I N T E N A N C E -------------------------------------------------------------------------------- Security ID >USERS *NEW ITEM* 1 Accessible Accounts :none 14 Remote Logon :No 2 Inaccessible Accounts :none 15 System Debugger :No 3 Allowed Logon Times :none 16 Basic Debugger :No 4 Disallowed Logon Times :none 17 A*L*L Debugger :No 5 TCL Access :Yes 18 RPL Debugger :No 6 Software User IDs :none 19 Shell Security Level :2 7 Max System Privilege :1 20 Directory View :Yes 8 Alt Server Profiles :none 21 SQL Catalog Maintenance:No 9 TCL Logging :Inhibited 22 TIPH password required :Yes 10 Environment Control. :0 23 Remote Basic :Inhibited 11 Passworded Acct Logon :No 24 Tandem :Disabled 12 Remote File Access :No 25 Reality Encryption Keys:none 13 Logto :Yes 26 Reserved Enter option# (1-26) to change; EX to exit; FI to file; FD to delete :
Note
The DEFAULT profile is assigned to a user if a specific profile is not included in their user profile.
SECURITY file maintenance options
1 Accessible Accounts
Specifies the accounts onto which the user is able to logon.
If you have already specified accessible accounts, the number of accounts is displayed on the screen.
Prompt:
Accounts available for access (separated by ','; A=Add; D=Delete
Add or delete a valid account name, by entering A or D, as appropriate, then type one or more account name(s) which are to be accessible to a user. Separate multiple account names with commas.
If accessible accounts are already specified, a message is displayed which lists them.
2 Inaccessible Accounts
Specifies the accounts that the user is not allowed to logon to.
If you have already specified inaccessible accounts, the number of accounts is displayed on the screen.
Prompt:
Accounts restricted to access (separated by ','; A=Add; D=Delete
Add or delete a valid account name, by entering A or D, as appropriate, then type one or more account name(s) which are to be inaccessible to a user. Separate multiple account names with commas.
If inaccessible accounts are already specified, a message is displayed which lists them.
Note
If any accessible accounts are specified, the inaccessible accounts setting is ignored.
3 Allowed Logon Times
Specifies time periods within each day of the week, in which the user is allowed to logon to the database.
Prompt:
Allowed logon time periods :
SUNDAY :
MONDAY :
TUESDAY :
WEDNESDAY :
THURSDAY :
FRIDAY :
SATURDAY :
Against each day prompt, you can enter a time period in the format:
hh:mm-hh:mm{,hh:mm-hh:mm}
The default is all - the user can log to the database at any time.
4 Disallowed Logon Times
Specifies time periods within each day of the week in which the user is not allowed to logon to the database.
Prompt:
Disallowed logon time periods :
SUNDAY :
MONDAY :
TUESDAY :
WEDNESDAY :
THURSDAY :
FRIDAY :
SATURDAY :
Against each day prompt, you can enter a time period in the format:
hh:mm-hh:mm{,hh:mm-hh:mm}
The default is none, that is, the user can log to the database at any time.
5 TCL Access
Denies the user access to TCL.
Prompt:
Allow access to TCL ? (Y/N)
Enter:
YAllow TCL access (default).
NDisallow TCL access.
6 Software User IDs
Assigns an identifier to a user group. This can have two forms: a simple identifier and a name/value pair, usually consisting of an application name and a user-id.
Software user-ids (SUIs) can reduce the amount of security checking required by applications software, as this data can be returned to a DataBasic program via the SYSTEM(51) function.
Prompt:
Software User IDs (separated by ','; A=Add; D=Delete)
:
The current Software user-ids, if any, are listed below the prompt.
Do one of the following:
-
Enter a comma-separated list of identifiers and/or application/user-id pairs. An application and user-id pair must be separated by an equals sign (
=).Note that any existing list will be overwritten.
-
Enter
Ato add a new Software user-id. The following prompts are displayed:SUI to add :
Enter an identifier or application name.
Enter optional user id, or CR.
Enter a user-id to be used by the application or press RETURN. The new definition will be added to those already specified.
-
Enter
Dto delete a Software user-id. The following prompt is displayed:SUI to delete :
Enter an identifier or application name. The specified definition will be deleted.
7 Max System Privilege
Specifies the maximum system privilege level that the user is allowed. The software checks this value against the level specified in the account definition item for the first account logged-on to and assigns the lower of the two for the entire session.
Prompt:
Maximum system privilege level :
Enter:
0Lowest level. Severely restricted access to TCL commands.
1Restricted access to system level TCL commands.
2Highest level. Access to all commands/functions, except SYSMAN/SYPROG only commands.
8 Alt Server Profiles
This option allows you to specify alternative security profiles to be used when the user is accessing the system using server programs such as ROSFS.
Prompt:
Alternate Server Profiles (separated by ','; A=Add; D=Delete)
:
The current alternative server profiles, if any, are listed below the prompt.
Do one of the following:
-
Enter a list of servers and security profiles in the form:
Server=SecurityID{,Server=SecurityID {...} }
Any existing list will be overwritten.
-
Enter
Ato add a new profile. The following prompts are displayed:Server to add :
Enter the name of a server program.
Enter alternate profile id.
Enter the ID of a security profile. The new definition will be added to those already specified.
-
Enter
Dto delete a profile. The following prompt is displayed:Server to delete :
Enter the name of a server program. The specified definition will be deleted.
9 TCL Logging
Specifies whether the TCL commands entered by the user will be logged (see Command Logging).
Prompt:
(I)nhibited / a(L)lowed / auto start (S)upport , (A)udit or (B)oth logs. Enter new value, <return> to leave unchanged or ? for help.
Enter:
ITo inhibit logging.
LTo allow logging.
STo automatically start support logging when the user logs on. Audit logging is allowed.
ATo automatically start audit logging when the user logs on. Support logging is allowed.
BTo automatically start both support and audit logging when the user logs on.
For users that are logged on, changes do not take effect until they next log on.
Unless logging is inhibited or has been automatically started, the START-AUDIT-LOG, START-SUPPORT-LOG, STOP-AUDIT-LOG, STOP-SUPPORT-LOG TCL commands can be used to start and stop logging as required.
10 Environment Control
Specifies the action to take if the operating environment specified for the user cannot be found or is invalid.
Prompt:
Enter environment control access level (0,1 or 2) :
Enter:
0Deny logon (does not prevent login by users with the SYSMAN security profile).
1Use the environment called DEFAULT. If this is not found or is invalid, deny logon.
2Use the environment called DEFAULT. If this is not found or is invalid, use the system default environment.
If the required Environment cannot be applied an error message is displayed and an error is logged in the daemon.log file.
11 Passworded Acct Logon
Restricts access at initial logon to those accounts that require a password. This field is ignored if a default account name is specified in the user profile.
Prompt:
Logon to passworded accounts only ? (Y/N) :
Enter:
YAllow access to passworded accounts only.
NAllow access to all accounts. (default).
12 Remote File Access
Restricts access to another database on the network.
Prompt:
Allow access to remote files ? (Y/N) :
Enter:
YAllow access to remote files.
NDeny access to remote files. (default).
13 Logto
Disables/enables the LOGTO command (which allows connection to another account).
Prompt:
Enable LOGTO verb ? (Y/N) :
Enter:
EEnabled (default).
DDisabled.
14 Remote Logon
Specifies that a user is allowed to logon to an account that is defined as remote.
Prompt:
Enable remote logons :
Enter:
EEnabled.
DDisabled (default).
15 System Debugger
Specifies whether the user is allowed into the System debugger by using the BREAK key. See Note 2.
Prompt:
Enable system debugger ? (Y/N) :
Enter:
YEnable debugger.
NDisable debugger (default).
16 DataBasic Debugger
Specifies whether the user is allowed into the DataBasic debugger by using the BREAK key. See Notes 2 and 3.
Prompt:
Enable DATA/BASIC debugger ? (Y/N) :
Enter:
YEnable debugger.
NDisable debugger (default).
17 A*L*L Debugger
Specifies whether the user is allowed into the A*L*L debugger by using the BREAK key. See Note 2.
Prompt:
Enable A*L*L debugger ? (Y/N) :
Enter:
YEnable debugger.
NDisable debugger (default).
18 RPL Debugger
Specifies whether the user is allowed into the RPL debugger by using the BREAK key. See Note 2.
Prompt:
Enable RPL debugger ? (Y/N) :
Enter:
YEnable debugger.
NDisable debugger (default).
Then:
Enter RPL debug priv. level (0,1 or 2):
Enter the level number, 0, 1 or 2, where 0 is the lowest (most restrictive) level.
19 Shell Security Level
Specifies the level of access to host commands from Reality, to be given to the user (see below).
Prompt:
Enter Command Shell Security Level (0, 1 or 2) :
Enter:
0Allows essential host commands only.
1Allows both essential and user-defined commands.
2No restrictions.
20 Directory View
Specifies whether the user is allowed to used the DIR-VIEW command.
Prompt:
Allow Directory View Files ? (Y/N) :
Enter:
YAllows the user to use the DIR-VIEW command.
NPrevents the user from using the DIR-VIEW command.
21 SQL Catalog Maintenance
To enable/disable the ability to modify SQL Catalogs using SQLM or SQL statements at TCL.
For details of how to modify an SQL catalog, refer to SQL for Reality.
Prompt:
Allow Modification of SQL Catalog?
Enter:
YAllow modification.
NDo not allow modification.
22 TIPH password required
Specifies whether passwords are required to run TIPH processes.
Prompt:
User must supply a password where required when starting a TIPH ? (Y/N) :
Enter:
YTo require passwords if set.
NTo allow TIPHs to run without supplying passwords.
23 Remote Basic
Specifies whether the user is allowed to make use of Remote Basic, or is only allowed to use some Remote Basic subroutines.
Prompt:
Allow, Inhibit or Restrict access to Remote Basic. (A,I,R)
:
Current value is:Inhibited
Enter:
ATo allow access.
ITo inhibit access.
RTo restrict access.
If you enter R, you will be prompted:
Enter file specifier for lookup of allowed subroutines.:
Enter a file-specifier as defined in the general conventions. The file must contain a list of allowed subroutines as described in the Restricted Access Lookup File (see below).
24 Tandem
Specifies whether TANDEM connections are allowed to the user's port.
Prompt:
Disable, Allow or Enable Tandem. (D,A,E)
:
Enter:
DTo prevent access.
ATo prevent access unless enabled by the user with the system debugger.
ETo enable access without confirmation.
For more information, refer to the description of the TANDEM command.
25 Reality Encryption Keys
Assigns one or more encryption keys to the security profile. The keys concerned must be defined in the REK file using SSM Option 5 - Encryption Key Maintenance.
Prompt:
Encryption Key IDs (separated by ','; A=Add; D=Delete)
:
Do one of the following:
- Enter a comma-separated list of encryption key ids. Any existing list will be overwritten.
-
Enter A to add a new key id. The following prompts are displayed:
REK to add :
Enter the id of an encryption key in the REK file. When you press return, you are prompted for another key id. When you have entered all the key ids you need, press return without entering an id.
If there is no item in the REK file with an id you have entered, you will be prompted:
'id' is not an item in the REK file. Accept as is? (Y/N) :
Enter
YorNas required. -
Enter D to delete an encryption key. The following prompt is displayed:
REK to delete :
Enter the id of a REK item that is associated with this security profile. The specified key will be deleted.
Note
1. To display a help message, enter ? at the information prompt. To leave a field unchanged press RETURN. To null a field, enter a backslash (\).
2. Debugger options 15, 16, 17 and 18. Selecting one of these options allows the user access to the specified debugger according to the privilege level specified in option 7 and any other restrictions that might apply; for example, BREAK key disabled.
3. Option 16. If the user enters the DataBasic debugger due to an abort in DataBasic run time, END and OFF are the only commands that the DataBasic debugger will process.
Restricted Access Lookup file
Each account that contains subroutines to be called though Remote BASIC must contain a file with the name you specify in option 23. This file must contain an item with the following format for each allowed subroutine in this account:
Item-id SubroutineName
Attribute 1 V
Attributes 2 onwards Reserved for future use.
When you call a subroutine from Remote BASIC, the subroutine name is looked up in this file. If an item with the same name as the subroutine is found and attribute 1 of this item contains V, the subroutine is looked for in the Master Dictionary in the normal way (see Master Dictionaries).
host Command Shell Security
The host Command Shell Security Level (0 to 2), specified in option 19 on the SECURITY File Maintenance screen, determine the host commands that are allowed to be executed from Reality by the user. Restrictions apply to the following Reality processors:
-
SYS command.
-
User-created SYS commands.
-
System Debugger, rdb.
Reality compares the command to be executed by the processor against three lists of host commands which are set up by the database administrator in the following host files in the database's configs directory:
sys.neededLists host commands that are essential for running Reality.
sys.userLists host commands that the user wishes to explicitly permit.
sys.profileLists host commands that may be run by any user with the relevant security profile.
-
A user with Security Level 0 is restricted to being able to execute host commands in the sys.needed file, plus any commands in sys.profile, if the user has the appropriate security profile.
-
A user with Security Level 1 is restricted to being able to execute shell commands in the sys.needed and sys.user files, and also in sys.profile if the user has the appropriate security profile.
-
A user with Security Level 2 has unrestricted access to the host command prompt.
One set of SYS files is set up on a database, sys.needed, sys.user and any number of sys.profile. For details, refer to SYS Security Files.