Manualshelf

TurboIMAGE/XL Database Management System Reference Manual MPE/iX V6.5 (30391-90011)

ManualsBrandsHP ManualsSoftwareMPE/iX 6.5 Operating System
41424344454647484950
50 Chapter2
Database Structure and Protection
Protecting the Database
Protecting the Database
TurboIMAGE/XL prevents unauthorized persons from gaining access to the database. It
provides external protection through the MPE/iX privileged file, account, and group
constructs and, in addition, provides the database designer and database manager with
methods to refine security within the database.
Privileged File Protection
All TurboIMAGE/XL database files are privileged files. (Refer to the MPE/iX Intrinsics
Reference Manual for a description of the MPE/iX privileged file capability.) Access by
unprivileged processes or through most MPE/iX file system commands is not allowed.
Therefore, non-privileged users are prevented from accidentally or deliberately gaining
access to the database.
Using MPE/iX commands that permit copying TurboIMAGE/XL files to tape represents a
potential breach of database privacy, and their use should be controlled. In particular,
anyone who uses the MPE/iX SYSGEN, STORE, or RESTORE commands should notify the
database manager. The SYSGEN and STORE commands permit system supervisors, system
managers, and other privileged users to copy files to tape. The RESTORE command can
purge and replace a database file with a different file from tape if the files have the same
name.
Account and Group Protection
To gain access to a TurboIMAGE/XL database, you must be able to access the files in the
account and group in which the database resides. The system manager and account
manager administer the security levels for accounts and groups. The system manager
creates accounts, and either the system or account manager creates new groups and users.
The system and account managers can prevent members of other accounts from accessing
the database by specifying access as user type AC (account member) for the account and
group containing the database. They can prevent users who are members of the account,
but not of the group, containing the database from accessing it by specifying GU (group
user) for the group access. On the other hand, they can allow access from other accounts by
specifying user type ANY at both the account and group levels.