Jargon Building BlocksTM
Implementing Security
Contents
Related Documents
Overview
The system's security architecture allows a wide
range of possible implementations, because organizations and applications
can have very different security philosophies and requirements.
This security system is designed to handle many possible
security scenarios, while at the same time doing its best to achieve multiple
goals:
-
Allowing the maximum possible control over user access privileges.
-
Minimizing security setup and maintenance requirements.
-
Enabling the use of different security models for different
applications.
-
Providing different granularity of controls for different
applications and users.
As you might guess, these goals can sometimes be in conflict
with each other. Organizations can choose whatever balance on the spectrum
of control vs. ease of use that they find appropriate.
Security features that can be implemented in this
system include:
-
User ID and password checking at login and
at each host interaction
-
User Session logging and Session ID verification
-
Assigning each User an initial Menu to limit the Applications
that can be accessed.
-
Limiting Users' access to specific printers, for physical
control of printed output.
-
Using a hierarchical Security Matrix to enforce security
by any or all of:
-
User ID and Procedure (program)
-
User ID and Application (a group of procedures)
-
Group ID (a group of users) and Procedure
-
Group ID and Application
-
Possible restrictions in each matrix record include:
-
Ability to add records
-
Ability to delete records
-
Level of fields which can be updated (0=none, 1-8=partial,
9=all)
-
Level of fields which can be viewed (same values)
-
Day of Week and Time of Day access restrictions
-
Other application-specific security entries
Security testing uses a "hierarchical default" approach,
which checks for an appropriate security control record until one is found,
based on the User ID and Procedure that is being run during each host interaction
by a client. Each Procedure belongs to exactly one Application, while each
User ID can belong to one or multiple Groups.
Security tests are done in the following sequence. At
each step, if testing for any of the values (User ID, Group ID, Application
ID, Procedure ID) has not been "turned on" in the System Control table,
then that step is skipped. When checking by Group, a User is granted the
maximum privileges of any of the Groups to which that User belongs, using
a "mix and match" approach to the add/delete/update/view permissions, subject
to Day and Time restrictions.
-
Check for the most specific security control (User ID and
Procedure)
-
Check for the next most specific control (by User ID and
Application ID)
-
Check by Group ID and Procedure for each of the groups the
user belongs to
-
Check by Group ID and Application for each of the groups
the user belongs to
-
Check the Procedure's default security method
-
Use the Application's default security method if no other
controls are found
Security
Strategy
Before setting up security records
in the database, the security administrator should ideally plan the overall
security strategy for the entire system. Issues to be decided include:
-
Defining which Applications
will be created.
-
Deciding how Procedures will
be grouped into Applications.
-
Will all Procedures within an Application
have similar security controls?
-
Defining which user Groups will
be created.
-
Defining which Groups each User
ID will be assigned to.
-
Will all Users in a Group have similar
privileges for a given Application or Procedure?
-
Picking a basic security model for
each Application:
-
Open (everything is allowed
unless specifically forbidden- the "trusting" model)
-
Secured (everything is forbidden
unless specifically allowed - the "paranoid" model)
These decisions will have a major impact
on the number of security matrix records that must be set up and maintained.
Consider an example with:
-
200 Procedures, grouped into 10 Applications
-
200 Users, grouped into 10 Groups
Depending on the strategy chosen,
the number of security matrix records that would have to be set up and
maintained could range from:
-
Zero - all Applications are "Open".
-
10 - one security matrix record for
each "Secured" Application for one Group, if only one Group can access
a given Application and all Users in a Group have identical privileges.
-
100 - one security matrix record for
each Application for each Group, if each Group has different access privileges
to each Application.
-
2,000 - one security matrix record
for each "Secured" Procedure for one Group, if only one Group can access
a given Procedure.
-
2,000 - one security matrix record
for each Application for each User, if each User has different access privileges
to each Application.
-
40,000 - one security matrix record
for each Procedure for each User, if each User has different access privileges
for each Procedure.
-
Any value in between is also possible,
since this can be run as a "sparse" matrix (if a given level of matrix
entry is not set up, the next "most general" level is used).
So, you can see the importance of thinking
through the strategy up front, to avoid needless work and to achieve a
workable security system. Any model that results in thousand of security
records might benefit from rethinking how Applications and Groups are defined.
Security
Setup
To initially configure your security
system, follow these steps:
-
Decide on your overall strategy as
outlined above.
-
Create a list of the Applications,
Groups and Security Periods to be set up.
-
Run System
Codes Setup. Add Security Period definitions, as required.
-
Run Group
Setup and add the Groups you have decided to use. The base system already
has an "Admin" group.
-
Run User
Setup and add users for each Group, including their default printer
and startup menu. The base system already has an "sa" User ID for initial
use during installation and setup.
-
Run Application
Setup and add the Applications you have decided to use. The base system
already has "SA" and "Util" Applications for its Procedures.
-
Run Procedure
Setup and add a record for each procedure in your applications.
-
Run Security
Matrix Setup and create any desired security control records.
-
Run System
Control Setup and turn on the desired security features. Be sure you
have already given yourself sufficient security permissions in the Security
Matrix, so you don't get locked out!
Defining
Secured Periods
Secured Periods are defined in the System Codes
table to restrict the Day of Week and Time of Day that a Procedure or Application
can be run. Fill in Codes records as follows:
-
Code Type: "Secured Period".
-
Code ID: a short unique
term for this secured period profile, such as "Mon-Fri 8-5".
-
Description: a longer description of the period (may
be same as Code ID).
-
Value 1: "Include" to allow access only
during the periods specified in value 2.
-
"Exclude" to allow access any time except during the periods
specified in value 2.
-
Value 2: A list of day names or day numbers
or
"All" for all days, separated by spaces. Each day entry can also have an
optional suffix of a colon (":") and a range of hours (0-24) within
that day. So, the full format of each entry is: "Day:StartHour-EndHour".
Day numbers are 1=Sunday through 7=Saturday.
Day names can be abbreviated down to "Su, M, Tu, W, Th,
F, Sa".
Example 1:
-
Code ID: "Mon-Fri 8-5"
-
Descrip.: "Only weekdays from 8AM to 5PM"
-
Value 1: "Exclude"
-
Value 2: "Sa Su ALL:0-8 ALL:17-24".
Example 2:
-
Code ID: "All week 7am-10pm"
-
Descrip.: "Every day from 7AM to 10PM"
-
Value 1: "Include"
-
Value 2: "ALL:7-22"
Special Security
by Procedure
The following procedures have special or particular security
controls associated with add, delete, update and view values:
Scheduling and Output Options
(x99sched):
Update Level
9 - all scheduling options allowed
7 - all scheduling options except Recurring Schedules
5 - only "online now" or "background now" scheduling
allowed
3 - no scheduling allowed (only "online now")
Manage Archived Reports (xr99arch):
Delete Allowed
yes - allowed to delete report files in System
Reports Directory
no - can only delete report files in Personal Reports
Directory
Update Level
9 - allowed to rename report files in System
Reports Directory
8 or lower - can only rename report files in Personal
Reports Directory
View Level
9 - allowed to view report files in System Reports
Directory
8 or lower - can only view report files in Personal Reports
Directory
Job Processor Control Panel
(x95jpctrl):
Add Allowed
yes - allowed to start a new Job Processor
no - cannot do so
Update Level
1 or higher - can change JobList Statuses, issue
JP Commands
(Pause, Resume, Kill, End), and reset Job Processor system
0 - cannot do any of these actions; view only
View Level
1 or higher - can view JP log, JP jobs, current
status, queue
0 - cannot do any of these views
Return to Top
Help Topics
Help Index