HP 3000 Manuals HP 3000 Manuals
General User Tasks
This section describes the account and security responsibilities of a MPE
general user. It tells how to:
* Ensure the security of files.
* Establish user-level UDCs.
Keeping Your Files Secure
A general user's most important concern is the security of files. Files
contain important information and reflect hours of work. In general, you
should prevent other users from writing over or erasing the information
in files. In some cases, the information in files is proprietary or
confidential, and it is necessary to prevent others from reading it. In
other situations, the information in private files must be shared with
other users.
There are two tools for guarding the security of files. Give files
lockwords and establish file access restrictions for individual files.
When other users need temporary access to your files, release and then
secure them.
Establishing File Access Restrictions. By default, the system gives all
group users READ, APPEND, WRITE, LOCK, EXECUTE, and SAVE access to the
files in a group. For example, if group-level files access restrictions
permit any group user to write to files in the group, any other group
user can modify the file you created.
In most cases, the default security provisions are sufficient to protect
your files. In cases where stricter or more lenient security is
required, the general user can change a file's security provisions with
the ALTSEC command.
ALTSEC Syntax
ALTSEC filereference[;([fileaccess[;[fileaccess][;...]]])]
Table 2-15 describes ALTSEC parameters.
Table 2-15. ALTSEC Parameters
---------------------------------------------------------------------------------------------
| | |
| Parameter | Description |
| | |
---------------------------------------------------------------------------------------------
| | |
| filereference | The file name. |
| | |
---------------------------------------------------------------------------------------------
| | |
| (fileaccess; fileaccess;...) | File access restrictions. |
| | |
---------------------------------------------------------------------------------------------
For example, to change a file's security provisions so that all users
have READ and EXECUTE access, but only you, the creator, has WRITE,
APPEND, and LOCK access, enter:
ALTSEC MYFILE.MYGROUP.MYACCT;(R,X;ANY;W,A,L:CR)
For more information on the ALTSEC command, refer to the MPE XL Commands
Reference Manual (32650-90003).
Giving Files Lockwords. Another way to protect files is to give them
lockwords. If a file has a lockword, a user or program must specify the
lockword in order to access the file. System managers and account
managers have unlimited access to general users' files; they can list
file lockwords with the LISTF command. Give a file a lockword with the
FILE, BUILD, or RENAME command or with the FOPEN intrinsic.
Releasing and Securing Files. Sometimes other users need temporary
access to your files. For example, individual members of a project team
might keep their own records of the hours they worked on different
aspects of the project. At the end of the month, the project manager
compiles the individual reports into a team report. To compile the team
report, the manager might copy the team members' time record files into a
single file. To do so, the manager needs temporary access to the team
members' time record files.
Give all users temporary access to a file by releasing that file.
Releasing a file removes all access restrictions from it. Releasing and
securing a file can only be executed by the creator of that file.
Release a file with the RELEASE command. For example:
RELEASE MYHOURS.SMITH.PROJECTX
The file remains released until it is secured with the SECURE command.
For example:
SECURE MYHOURS.SMITH.PROJECTX
When the system default file access restrictions are in effect, general
users can only release and secure files in their logon group and account.