Establishing and maintaining security: Difference between revisions

From m204wiki
Jump to navigation Jump to search
mNo edit summary
m (link repair)
 
(4 intermediate revisions by 2 users not shown)
Line 8: Line 8:
explains how to maintain the CCASTAT data set, which contains a password table of encrypted user and file security information. </p>
explains how to maintain the CCASTAT data set, which contains a password table of encrypted user and file security information. </p>
<p>
<p>
For information about <var class="product">Model&nbsp;204</var> and standard commercial security interfaces, refer to the  <var class="book">Rocket Model 204 Security Interfaces Manual</var>. </p>
For information about <var class="product">Model&nbsp;204</var> and standard commercial security interfaces, refer to [[:Category:Security interfaces|Security interfaces]]. </p>
 
==File security==
==File security==
<p>
<p>
Line 164: Line 164:
===Adding and removing security from files===
===Adding and removing security from files===
<p>
<p>
To secure a file, issue the <var>[[SECURE FILE command|SECURE FILE]]</var> command, which ensures that a user cannot access a file illegally by running a <var class="product">Model&nbsp;204</var> program with its own password table.</p>
To secure a file, issue the <var>[[SECURE command: File|SECURE]]</var> command, which ensures that a user cannot access a file illegally by running a <var class="product">Model&nbsp;204</var> program with its own password table.</p>
<p>
<p>
A special field in the password table serves as the key for securing files. When a secured file is opened, the key is compared with a copy placed in the file by the <var>SECURE</var> command. The file is accessed only if the two passwords match. The comparison with the key is performed even when the file is opened as part of a group.</p>
A special field in the password table serves as the key for securing files. When a secured file is opened, the key is compared with a copy placed in the file by the <var>SECURE</var> command. The file is accessed only if the two passwords match. The comparison with the key is performed even when the file is opened as part of a group.</p>
Line 171: Line 171:
<p>
<p>
For additional information about
For additional information about
the <var>SECURE</var> and <var>DESECURE</var> commands, see [[Security#SECURE command, definition format|SECURE command, definition format]].
the <var>SECURE</var> and <var>DESECURE</var> commands, see [[Model 204 security features#SECURE command, definition format|SECURE command, definition format]].
</p>
</p>
<p>
<p>
Line 249: Line 249:
   
   
<li>To initiate record security, set the <var>OPENCTL</var> parameter in the <var>CREATE</var> command for the file and describe the special record security field in the <var>INITIALIZE</var> command.  
<li>To initiate record security, set the <var>OPENCTL</var> parameter in the <var>CREATE</var> command for the file and describe the special record security field in the <var>INITIALIZE</var> command.  
For more information about these commands, see [[Security#Creating files with file security|Creating files with file security]] and [[Initializing files#Initializing a record security file|Initializing a record security file]].
For more information about these commands, see [[Model 204 security features#Creating files with file security|Creating files with file security]] and [[Initializing files#Initializing a record security file|Initializing a record security file]].
</li>
</li>
   
   
Line 274: Line 274:
<p>
<p>
The way access levels are determined for files that are also members of groups is summarized in
The way access levels are determined for files that are also members of groups is summarized in
[[Security#Determining user access levels|Determining user access levels]]. </p>
[[Model 204 security features#Determining user access levels|Determining user access levels]]. </p>
   
   
===Field access types===
===Field access types===
Line 335: Line 335:
<li>Certain privileges (such as <var>SECURE</var> and <var>DESECURE</var>) associated with file and group passwords indicate the user privileges that pertain to the procedures for that file or group.</li>
<li>Certain privileges (such as <var>SECURE</var> and <var>DESECURE</var>) associated with file and group passwords indicate the user privileges that pertain to the procedures for that file or group.</li>
   
   
<li>To assign user class and procedure class mappings (see [[Security#Procedure security|Procedure security]]) to file and group passwords, use the <var>LOGCTL</var> command to add the mappings to the password table.
<li>To assign user class and procedure class mappings (see [[Model 204 security features#Procedure security|Procedure security]]) to file and group passwords, use the <var>LOGCTL</var> command to add the mappings to the password table.
<p>
<p>
Use <var>LOGCTL</var> to add, delete, or change the user class for procedures defined for a file or group. </p></li>
Use <var>LOGCTL</var> to add, delete, or change the user class for procedures defined for a file or group. </p></li>
Line 379: Line 379:
</ul>
</ul>
   
   
[[Category:System Manager]]
[[Category:System management]]
[[Category:Managing security]]
[[Category:Security management]]

Latest revision as of 23:04, 25 July 2017

Overview

Model 204 provides basic internal security features at all levels.

All security features are optional. Any combination of features is supported.

Storing security information (CCASTAT) explains how to maintain the CCASTAT data set, which contains a password table of encrypted user and file security information.

For information about Model 204 and standard commercial security interfaces, refer to Security interfaces.

File security

The file security feature limits access to particular files by requiring a password to open the file. The type of operation a particular user can perform on the file is also controlled by the file password.

OPENCTL parameter

The OPENCTL parameter, issued during creation of the file (or reset during a Model 204 run) determines whether a file is public (no password required) or is protected by one of several levels of file, group, and record security.

For OPENCTL settings that pertain to Parallel Query Option/204, see OPENCTL parameter.

PRIVDEF parameter

Access to a file is limited by the settings on the PRIVDEF parameter. The PRIVDEF parameter summarizes the default file privileges that are assigned when a public file is opened, or when a semipublic file is opened without a password or with an invalid password. User privileges are included in the PRIVDEF specification.

Set PRIVDEF to any combination of values listed below in PRIVDEF parameter settings.

If you must restrict the viewing of file-related parameters, reset the default value (X'BFFF') of PRIVDEF with the RESET PRIVDEF command. Otherwise, the odd setting of PRIVDEF allows a user to view file-related parameters through one of the following display commands or functions:

  • DISPLAY FILE or DISPLAY VIEW
  • $View
  • IFDISP or IFPERM

PRIVDEF parameter settings

The following table lists PRIVDEF settings, which you can add in any combination.

PRIVDEF parameter values
Setting User can...
X'8000' Use privileged commands such as INITIALIZE, SECURE, and DESECURE. The user can also reset file parameters if ad hoc update privileges (X '2000') are obtained.
X'4000' Override record security.
X'2000' Update data with ad hoc requests or host language programs.
X'1000' Make changes to procedures defined in the same file as the data but cannot delete them.
X'0800' Update data with internal procedures.
X'0400' Retrieve data with ad hoc requests or host language programs.
X'0200' Display, echo, and copy internal procedures.
X'0100' Retrieve data with internal procedures.
X'0080 Update data with procedures defined in a different file from the data.
X'0040' Retrieve data with external procedures.
X'0020' Include internal procedures.
X'0010' Define internal procedures.
X'0008' Delete internal procedures.
X'0001' Access file related parameters.

File password table maintenance

The password table contains one entry for each file password. These entries consist of the following information:

  • File or group name
  • Password that the user must specify in order to be granted the file or group privileges
  • Two-byte representation of the user privileges that is granted when the user successfully opens the file or group (see the "PRIVDEF parameter values" table, above)
  • User class for procedures
  • Field-level security SELECT, READ, UPDATE, and ADD levels

Using LOGCTL to modify the file password table

The LOGCTL command allows you to add or delete file entries in the password table. For example, the following command adds a file to the password table:

LOGCTL A :filename

You can specify an index character, necessary to differentiate entries for future changes or deletions, when a file has more than one password.

If you change a file or group password entry and omit one or more specifications, the corresponding entries in the password table are preserved.

To list all the file entries in the password table, along with the associated privileges (but not the passwords), issue the LOGFILE command.

Sample dialogue using LOGCTL

The following dialogue illustrates the use of LOGCTL to add, change, and delete file entries in the password table:

LOGCTL A :CENSUS1 *** M204.0374: ENTER FILE/GROUP PASSWORD, PRIVILEGES, CLASS, SELECT, READ, UPDATE, ADD ACCESS,X'0900',60,20,30,30,40 *** M204.0379: ENTER TERMINAL LIST,ALL,NONE,ADD,DEL,OR RETURN 21,31 LOGCTL C :TCENSUS3 ***M204.0374:ENTER FILE/GROUP PASSWORD, PRIVILEGES, CLASS, SELECT, READ, UPDATE, ADD ,,70 *** M204.0379: ENTER TERMINAL LIST, ALL, NONE, ADD, DEL, OR RETURN LOGCTL D :XCENSUSA

Adding and removing security from files

To secure a file, issue the SECURE command, which ensures that a user cannot access a file illegally by running a Model 204 program with its own password table.

A special field in the password table serves as the key for securing files. When a secured file is opened, the key is compared with a copy placed in the file by the SECURE command. The file is accessed only if the two passwords match. The comparison with the key is performed even when the file is opened as part of a group.

To reverse the security placed upon a file by the SECURE command, issue the DESECURE command.

For additional information about the SECURE and DESECURE commands, see SECURE command, definition format.

To change the key in the password table, issue the LOGKEY command.

Group security

The group security feature restricts access to particular file groups to certain users. When the group is created, access is limited by parameter settings of the CREATE GROUP command. A group can be classified as:

Classification Meaning
Public When a public group is opened, default group privileges are defined on the PRIVDEF parameter in the group definition.
Semipublic When a semipublic group is opened without a password or with an invalid password, default group privileges are defined on the PRIVDEF parameter in the group definition.
Private A password is required to open the group.

In addition to the file privileges discussed in the File security section, you can assign two additional classifications with the PRIVDEF parameter:

Classification User can...
X'0004' Update data via procedures from the procedure file.
X'0002' Retrieve data via procedures from the procedure file.

Group entries have the same format as that shown for file entries earlier on this page.

LOGCTL and LOGGRP commands

The following considerations apply:

  • Use the LOGCTL command to add or delete group entries in the password table. For example, the following command changes the entries in the password table for the group named AREA:

    LOGCTL C ,AREA

  • You can specify an index character, necessary to differentiate entries for future changes or deletions, when a file has more than one password.
  • To list all the group entries in the password table, along with the associated privileges (but not the passwords), issue the LOGGRP command.

Record security

The record security feature limits access to individual records in a file. Each user can retrieve and update only records that the user has stored in the file or that other users have agreed to share. The existence of other records is not apparent.

The following considerations apply:

  • Record security can be in effect for one or more of the files in a group, but not for the group as a whole.
  • Access to a single record depends only on the record security field defined for the record's file.
  • Record security cannot be used unless login security is in effect.
  • To initiate record security, set the OPENCTL parameter in the CREATE command for the file and describe the special record security field in the INITIALIZE command. For more information about these commands, see Creating files with file security and Initializing a record security file.
  • Record security can be overridden if the user has been granted the record security override privilege at login time (the X'04' bit must be set) and the user's file password also contains the record security override privilege (X'4000').
  • Record security can be overridden for a file in a permanent file group if login and group privileges (X '4000') allow it.

Field-level security

The field-level security feature (FLS) controls access to the individual fields of a Model 204 file, if access to a record is allowed by previous file-level and record-level security checks.

Every field definition (created by the DEFINE FIELD command) can have a security level from 0 to 255 associated with it.

A level of 0 implies no security for the field; 255 implies the highest security. Field access types are described in the following sections.

Scope of field-level security

Field-level security controls only explicit field references. Implicit references, such as retrieving a record security field with a FIND statement or adding a record security key value with STORE, are not controlled.

To include user field access levels to file and group passwords in the password table, use the LOGCTL command to add or delete access entries.

The way access levels are determined for files that are also members of groups is summarized in Determining user access levels.

Field access types

Each user is assigned access levels, ranging from 0 to 255, for each file and group opened. Access to a field is limited to any combination of the following access types:

Access type Means the ability to...
ADD Add new occurrences of a field, including those added by a Store Record statement. ADD access lets data entry clerks or other personnel add new field occurrences or records without being able to change existing occurrences, or possibly even to examine them. Add access can also provide a user with the ability to add occurrences of the record security field without altering existing occurrences.
READ Examine the value of a field (for example, in a SOUL Print or assignment statement).
SELECT Use the field in a SOUL Find statement or an IFFIND call.
UPDATE

Change the value of a previously stored occurrence of a field. UPDATE access can be granted without a corresponding READ access, which precludes updates of the form:

CHANGE fieldname=value1 TO value2

When a user attempts to access a field in a particular way, Model 204 compares the user's access levels with the field level defined for the field. If the user's level for the desired type of access is greater than or equal to the field's FLS level, the particular type of field access is allowed.

For example, a user who has a READ level of 30 is permitted to display any field that has a READ level between 0 and 30, but cannot display a field that has a READ level of 40.

Sample dialogue using LOGCTL

The following example adds field security levels 50 (SELECT), 40 (READ), 10 (UPDATE), and 0 (ADD); no other information is changed:

LOGCTL C :CENSUS *** M204.0374:ENTER FILE/GROUP PASSWORD, PRIVILEGES, CLASS, SELECT, READ, UPDATE, ADD ,,,50,40,10,0 *** M204.0379: ENTER TERMINAL LIST,ALL,NONE,ADD,DEL,OR RETURN

Procedure security

The procedure security feature limits access to defined procedures.

The following considerations apply:

  • You can specify privileges to enable a user to manipulate a procedure (display, define, or delete the procedure).
  • You can limit access to a procedure to a particular class of users by assigning a user class number to the procedure being secured.
  • Certain privileges (such as SECURE and DESECURE) associated with file and group passwords indicate the user privileges that pertain to the procedures for that file or group.
  • To assign user class and procedure class mappings (see Procedure security) to file and group passwords, use the LOGCTL command to add the mappings to the password table.

    Use LOGCTL to add, delete, or change the user class for procedures defined for a file or group.

Sample dialogue using LOGCTL

The following example adds a user class of 70 to an existing file entry; no other information is changed:

LOGCTL C :CENSUS *** M204.0374: ENTER FILE/GROUP PASSWORD, PRIVILEGES, CLASS, SELECT, READ, UPDATE, ADD ,,70 *** M204.0379: ENTER TERMINAL LIST,ALL,NONE,ADD,DEL,OR RETURN

Terminal security

The terminal security feature restricts access to certain login user IDs, files, or groups to users at identified terminals by associating a list of user numbers with each login, file, or group password. During Model 204 initialization, a terminal can be assigned a particular user number according to the order of the user parameter lines and the way in which they are assigned to specific telecommunications unit numbers in the JCL.

For example, a user at a particular terminal that has a specific number can log in to a specific user ID or open a specific file or group only if the terminal number is in the terminal list associated with the password for that user ID, file, or group. If it is not, Model 204 responds as if the user entered an invalid password.

Terminal security is generally used only with hard-wired terminals (terminals on leased lines). For dial-up terminals, the terminal can be connected to a number of similar telecommunications units and user parameter lines. Even though the location of a dial-up terminal is fixed, its terminal number can change every time it is dialed up.

The following considerations apply:

  • To insert terminal lists into the appropriate password table entries and to change existing terminal assignments, use the LOGCTL command.
  • To obtain listings of the login, file, or group entries in the password table, with legal terminal numbers included, issue a LOGLST, LOGFILE, or LOGGRP command.
  • To update all terminal lists at once, use the TMASKUPDATE command.

    TMASKUPDATE takes no arguments. It loops through the password table, displays each entry for which ALL has not been specified, and allows you to specify a new terminal list or a blank line (no change).

  • All password table entries are treated as if terminal security were in effect, even if the terminal security feature is not used:
  • Terminal lists are variable length, allowing you to add terminals even if you exceed the original number planned for.
  • If you specify ALL for a password table entry, the terminal list takes up no space beyond the basic entry.
  • A list representing NONE takes two bytes.
  • To compute the length of a list containing numbers, divide the highest specified number by eight and rounding up to a multiple of two.