HP-UX Directory Server 8.1 deployment guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

some information may only need access controls and authentication measures to restrict access

adequately; other sensitive information may need to be encrypted within the database as it is

stored.

In many countries, data protection laws govern how enterprises must maintain personal

information and restrict who has access to the personal information. For example, the laws may

prohibit anonymous access to addresses and phone numbers or may require that users have the

ability to view and correct information in entries that represent them. Be sure to check with the

organization's legal department to ensure that the directory deployment follows all necessary

laws for the countries in which the enterprise operates.

The creation of a security policy and the way it is implemented is described in detail in

Chapter 8 “Designing a secure directory”.

2.4 Documenting the site survey

Because of the complexity of data design, document the results of the site surveys. Each step of

the site survey can use simple tables to track data. Consider building a master table that outlines

the decisions and outstanding concerns. A good tip is to use a spreadsheet so that the table's

contents can easily be sorted and searched.

Table 2-4 “Example: Tabulating data ownership and access” identifies data ownership and data

access for each piece of data identified by the site survey.

Table 2-4 Example: Tabulating data ownership and access

IS writableHR writableGlobal readSelf read/writeSupplier

server/Application

OwnerData name

YesYesYes

(anonymous)

Read-onlyPeopleSoftHREmployee

name

YesNoNoRead/WriteDirectory US-1ISUser password

NoYesNoRead/writePeopleSoftHRHome phone

number

YesNoYes (must log

in)

Read-onlyDirectory US-1ISEmployee

location

NoNoYes

(anonymous)

Read-onlyPhone switchFacilitiesOffice phone

number

Each row in the table shows what kind of information is being assessed, what departments have

an interest in it, and how the information is used and accessed. For example, on the first row,

the employee names data have the following management considerations:

• Owner

Human Resources owns this information and therefore is responsible for updating and

changing it.

• Supplier Server/Application

The PeopleSoft application manages employee name information.

• Self Read/Write

A person can read his own name but not write (or change) it.

• Global Read

Employee names can be read anonymously by everyone with access to the directory.

24 Planning the directory data