This chapter is intended for persons who will be involved in using, developing, or securing applications and data. It should be read by:
In order to fully understand the MAGEC security system, it is necessary to understand the overall MAGEC environment. Other chapters of the MAGEC manuals offer detailed explanations which would be valuable to you. As needed, please refer to the following manuals/chapters:
Since it is also possible for your application programs (MMP's) to have logic within them to accommodate special security requirements, you may need to also refer to the following chapters:
The MAGEC Online Security System is designed to:
Security verification is done for every online transaction and yet imposes no appreciable overhead because it is done in the resident MAGEC nucleus in highly optimized modules. All security parameters are stored in the MAGEC Dictionary, with full online real-time updating accommodated, but are compressed and loaded into main memory "buffers" in order to eliminate I/O overhead at execution time.
An automatic Menu facility produces three levels of user Menu screens from the MAGEC Dictionary. No coding or maintenance is required and no overhead is imposed on the applications, users may bypass all or any portion of the menus as they desire. Thus, the Security System serves both to prevent unauthorized accesses and to assist authorized accesses.
The basic unit of control is the Function Code, a six-character identification for every MAGEC transaction. The Function Code is the first data field (top line, left corner) on every screen, whether a MAGEC system screen or an application screen, it is usually a mnemonic code which describes what the transaction does. For instance, the screen to add customers might have a function code of "CUSADD", to change customers "CUSCHG", etc.
MAGEC's nomenclature for generated online programs is MMP's (MAGEC Message Processors). Standard MMP's will contain a set of nine function codes which represent nine complementary online functions done against the database. In the example of "CUS" data, the Functions would be: CUSADD, CUSCHG, CUSDEL, CUSSEE, CUSNXT, CUSDUP, CUSLOC, CUSSCN, and CUSFND. Each of these represents a different operation which can be done against the "CUS" data even though all of them would actually be handled by the same one MMP and use the same one screen format Mask (except that the SCN, FND, and LOC Functions are "browses" and use a common "browse Mask").
If the developer has added customization to the generated application then there might be more than the standard nine functions, or some or all of the standard ones may be suppressed or replaced.
There are no restrictions on the naming of "non-standard" function codes except that they must all be six characters in length and must be unique.
The Security System, by controlling access to Function Codes, thus controls who may do what operation to what data. This is a finer level of control than just providing security by either program or file.
The MAGEC Dictionary is used to define up to 50 Logical Applications. A Logical Application is any meaningful grouping of Function Codes as defined by the company's needs. Examples of Logical Applications might be: General Ledger, Payroll, Security System, etc.
As new systems are developed using MAGEC, new Logical Applications may be defined, each having a unique Logical Application (LAP) number assigned to it (from 01 to 50 inclusive). The LAP's 48, 49, and 50 are reserved for the MAGEC system software, they are defined at the time of the installation of the software as: TP Spooling (48), Security System (49), and Development and Testing (50).
Every Function Code (FCD) must be specified as being part of one (and only one) LAP.
Video and hardcopy devices are defined to the MAGEC Dictionary. The device (DVC) profile specifies WHERE the device is, WHEN it may be legally used, and WHICH LAP's it may access, and with what maximum level of authorization for each LAP.
Hardcopy devices need only be defined to the Dictionary if the MAGEC TP Spooler option is to be used to print reports at local printers.
Operators are defined to the MAGEC Dictionary. The Operator's Security Information File (SIF) profile controls his/her access to LAP's as well as When and Where he/she may access them. Password security is verified against the SIF profile at Log On time.
Provision is made to manually or automatically suspend an Operator based on Termination date, failed Log On attempts, etc.
Automatic time-out is accommodated for Operators who forget to Log Off before leaving the terminal.
A User View is an arbitrary grouping of Functions (regardless of which LAP's they belong to), Devices, and Files. Any Function, Device, or File may belong to one or many User Views. MAGEC contains 16 User Views, they are defined by the 16 Transaction ID's (TS01 - TS08, and PR01 - PR08).
If a database management system (DBMS) is installed then selected files may be opened and accessible to selected User Views via the mechanism provided by the DBMS vendor or TP Monitor access tables.
The Dictionary profiles for each Function, Device, and Operator contains a specification as to which User View(s) may be accessed by or have access to (as appropriate) that entity.
User Views are a high-level security parameter which eclipses all other parameters. Regardless of any other authorizations and restrictions, an Operator who is authorized only to access MAGEC applications via, say, User View PR01, is thus limited to only those Devices and Functions which are allowed via User View PR01. A Device which is only authorized access via User View PR01 may only be Logged On to in that User View and is thus limited to only those Functions allowed in PR01. A Function which is only authorized to be executed in User View PR01 thus may only be done by Operators and Devices authorized for PR01.
Before Logging On to a Device the Operator must "enter MAGEC" via one of its User Views, unless that has already been done. He/She does this by entering the appropriate Transaction ID. Then, when the Log On Function is entered, MAGEC verifies that this Device and Operator are allowed in this User View. If not , the Log On is rejected. As each transaction is received by MAGEC, the Security System verifies that the Function Code entered is allowed in this User View.
When a database administrator defines data Elements to the MAGEC dictionary he/she can also specify security authorization levels required to develop batch and online applications accessing this Element. This enables you to give limited development privileges to your users without risking their developing screens and reports which reveal sensitive information.
Since the MAGEC dictionary consists of ordinary data files which can be accessed by ordinary programs, and since they contain some sensitive information (i.e. Passwords), certain Data Items are stored "encrypted". The encryption routine used is not yet available to you; however, it might be made available at some future time to enable you to encrypt some of your own data.
A four-character Password is associated with each Operator and is stored on his/her Security Information (SIF) profile. When the Operator is initially set-up, the Security Officer assigns the initial Password. Thereafter the Operator may alter the Password at will any time he/she Logs On to MAGEC.
There is no requirement that an Operator's Password be unique with respect to any other Operator's. However, MAGEC prevents him/her from changing the Password to an obvious and easy-to-guess code, such as his/her first name, etc. A complex "guessing routine" is invoked to attempt to "guess" the new Password. If it is guessed, the Operator is signalled to choose a better new Password to change to.
The SIF profile may specify that this Operator MUST alter the Password at some given interval. The interval is specified as the number of days this Operator's Password is "good for", if that number of days has passed since the Password was last changed, the Operator will be told to change it when he/she next attempts to Log On. The Log On will not be accepted until the Password is successfully changed.
In the Log On process MAGEC always "darkens" the Password on the screen and clears it to spaces on the screen as an added precaution. Therefore, if the Operator has to re-key any portion of the screen data because of any entry error(s) the Passowrd(s) must always be re-keyed.
The Operator's SIF profile includes Termination Date. MAGEC will check if today's date is later than the Operator's Termination Date at the time the Operator attempts to Log On. If it is, MAGEC rejects the Log On and suspends the Operator by setting a "Hold Flag" in the SIF profile.
Each time the Operator's Password is altered the Last Changed Date is stored in the SIF profile. When the Operator attempts to Log On, the Last Changed Date is compared to today's date and the difference is compared to the number of days the Password is Good For (from the SIF). If the number of days has elapsed, the Operator is forced to enter a new Password (twice for verification) before the Log On will be accepted.
Each time an Operator successfully Logs On to MAGEC today's date is stored into the SIF profile as the Last Logon Date. Before accepting the Log On, MAGEC compares the Last Logon Date to today's date and then compares the difference to the number of Inactive Days specified in the SIF profile. If the number of days since the Operator's last successful Log On exceeds the maximum number of Inactive Days specified, MAGEC rejects the Log On and suspends the Operator by setting a "Hold Flag" in the SIF. This feature automatically "terminates" operators who may have resigned or transferred but whom the Security Officers neglected to terminate.
The Operator profile (SIF) and the Terminal profile (DVC) both include specifications for which days of the week are permitted. At the time that an Operator attempts to Log On to a Device, MAGEC checks the parameters for both the Operator and Device to see that they are allowed to Log On or to be Logged On to today, if not then the Log On is rejected.
A standard MAGEC Lookup Table (Table # 244) defines the legal Holidays for the company. It is maintained by the Security Officers using the standard MAGEC system Functions: TBLADD, TBLCHG, etc. The profiles for Operators (SIF) and for Devices (DVC) both contain a specification for whether the defined entity may Log On to MAGEC on Holidays. At the time an Operator attempts to Log On, MAGEC looks up today's date in the Holiday Table, if today is a Holiday then it checks the Holiday parameter for the Operator and Device. If either is "No" then the Log On is rejected.
The profiles for Operator and Device both include a starting and ending time of day (hours and minutes, 24-hour clock) to define the time period during which they may Log On or be Logged On to MAGEC. At the time that an Operator attempts to Log On to a terminal, MAGEC compares the current time of day against the ranges specified for both the Operator and Device. If the current time is not within both ranges then the Log On is rejected.
Each time an Operator tries and fails to successfully Log On, a counter in the SIF profile is incremented. Each time the Operator successfully Logs On, the counter is zero'd. The Operator's SIF profile includes a Maximum Number of Failed Logons parameter. Each time the Failed Logons counter is incremented it is compared to the Maximum parameter. If the Maximum is reached then MAGEC suspends the Operator by setting a "Hold Flag" in the SIF profile. This feature prevents would-be intruders from "guessing" the correct Password by iteratively trying every possible combination, probably using another computer to do so.
The Operator's SIF profile includes a specification for the maximum number of times the Operator may attempt to do any Function Code for which he/she is not authorized before MAGEC suspends him/her by setting the "Hold Flag" in the SIF profile.
The Operator and Device profiles both include parameters to specify the number of minutes which may elapse since the last time a transaction was entered, after which MAGEC automatically Logs them Off. At the time that an Operator successfully Logs On to a Device, MAGEC saves the lesser of the two Time Out specifications (either from the SIF or DVC profiles) and as each subsequent transaction is received compares the number of elapsed minutes since the last transaction versus the saved Time Out specification. If the Time Out period has elapsed, MAGEC Logs Off the Operator instead of processing the transaction. This feature provides some protection for Operators who forget to Log Off leaving all of their own security authorization available to anyone who happens to sit down at that terminal. The greater the Operator's authorization, the lower the Time Out should be set; the greater the terminal's exposure to uncontrolled access, the lower the Time Out should be set.
The Operator's SIF profile includes a specification as to whether this Operator is allowed to be concurrently Logged On to more than one Device. If an Operator is permitted to be Logged On to more than one Device, when Logging onto the second or subsequent terminals a warning message will advise him/her that he/she is already Logged On to another terminal. If the Operator is not allowed to be Logged On to more than one terminal, the second and subsequent Log On attempts will be rejected until a Log Off is done at the first terminal. A similar message is issued to advise him/her.
The Operator's SIF profile includes an optional Group Identifier which may contain any 10-character literal value to identity that Operator as belonging to an organization or project. MAGEC's security system does not act upon this in any way, however, facilities are provided for the Security Officers to do online "Scan and Find" operations to locate all Operators based on Group Identifier (and other Parameters). One useful purpose for this feature might be to terminate a group of contract workers at the conclusion of their project.
Since all security parameters for this session are passed (read-only) to the MMP's, it is possible that the MMP might interrogate the Group ID and impose certain security restrictions of its own.
A standard MAGEC Lookup Table (Table # 252) defines the company's Location Codes. Location Codes may be used to describe physical locations (NYC = New York, DAL = Dallas) or to describe departments (FIN = Financial, ACP = Accts. Payable) or virtually any division of the entire environment appropriate for the company's needs. They are set up and maintained by the Security Officers using the standard functions: TBLADD, TBLCHG, etc.
The Device (DVC) profile, which is used to define terminals or network nodes, includes the Location Code to indicate the Location of this Device. If the TP Spooler option of MAGEC is installed then the Location Code specified on the DVC record which defines each printer will also be used for routing report data.
The Operator's (SIF) profile includes an Authorized Location parameter to indicate at which Locations he/she is allowed to Log On to MAGEC. MAGEC, at the time an operator is logging on, compares the Location Code of the device with the operator's Authorized Location code to determine whether this operator may log onto this terminal. The Authorized Location parameter may be "generic". That is, it need not specify an exact Location Code. For instance, it might contain "N . .", which would allow access at any Location with a Code having an N in the first position and any other characters in the second and third. Likewise, a value of ". . L" would allow access at any Location Code ending in "L". The dot (.) is a "wild card" used to indicate that MAGEC is to ignore comparisons on that position. A value of ". . ." would allow access at any Location.
The profiles for Operators, Devices, and Function Codes each include a "Hold" or "Disable" code which may be set or reset by Security Officers in real-time. In many cases MAGEC might automatically set a "Hold" in a profile also as discussed above. An Operator whose Hold Code is set to Y may be said to be "suspended".
An Authorization Level is expressed as a one-digit number from 0 through 9 inclusive, 0 being the lowest and 9 being highest. Each Function code (FCD) profile includes a Test Authorization Level and a Production Authorization Level for that Function Code. Remember, too, that each Function Code must belong to one (no more, no fewer) Logical Application.
The Operator's profile includes up-to 50 Authorization Levels, one for each Logical Application (LAP). The Device profile also includes up-to 50 such Authorization Levels, one per LAP. When an Operator Logs On to a Device, MAGEC saves his list of Authorization Levels for this session. In each LAP it saves the lower of either the Operator's or the Device's authorization level.
As each online transaction is received, MAGEC compares the Authorization Level for the Function Code (either Test or Production, depending upon User-View) against the corresponding saved Authorization Level (for this session) for the LAP to which the Function Code belongs.
Before MAGEC passes control to an MMP, it fills in an area near the top of the TWA (Task Work Area) named: TWA-SECURITY-DATA. That area contains information about the Operator and Terminal, including Location, Authorization Levels, the Logical Application of this transaction's Function Code, Group ID, and other security data. The MMP is free to interrogate this area and to restrict Operator access to, say, certain fields or certain values in certain fields.
When an operator successfully logs on, MAGEC saves the necessary security data (Authorization Levels, etc.) into main memory in order to avoid having to re-read it for each subsequent transaction. MAGEC recognizes that main memory is ordinarily vulnerable to corruption by programs which might accidentally or deliberately alter it. In order to protect against possible Security Violations, MAGEC senses any change in the sensitive portion of memory and aborts the offending task with a message. It also logs off the operator who initiated that task and issues a marginally polite message.
In order to prevent unauthorized users from modifying any given member on the MAGEC Librarian, a Password facility is built in. Any user who is authorized to access and update a given member can also set a Password for it. Thereafter, only that user and others who know the Password can update that member. Refer to the "Librarian" chapter for more information.
A Security Officer might wish to know if and when a given application was last modified. This is especially valid when there is a suspicion that a production application was used to violate security restrictions or to access data which should not have been accessed. Because of MAGEC's central active dictionary, version numbers and date-changed information is always available; however, since an application consists of many different entities, the task of verifying versions could become tedious. MAGEC includes a special Version Verification function to take the drudgery out of the job. To execute it (online), enter the command: VERZUN MSKxxx, or VERZUN MMPyyy. Where xxx = Mask number, or yyy = MMP number.
The VERZUN function will produce a display showing (regardless which format of the command you chose) the status and versions for the load library member of the program, the screen Mask, the dictionary specifications used to create the Mask and program, the copybooks included into the program when it was compiled, and so forth. This accomplishes in one stroke what would take an average of ten or more individual transactions.
The database administrator (DBA), in defining files to MAGEC, specifies for each file whether or not its records include an Audit Stamp. An Audit Stamp is a 36-byte Element (portion of a record) which is used to note Who, When, Where, and What program last updated/added this record. If a file is specified as having Audit Stamps, MAGECIO (MAGEC's I/O module) will automatically maintain them as the online MMP's and batch MBP's (MAGEC Batch Programs) update the file. If a file does have Audit Stamps then it may also be specified for "Pseudo Deleting". In that case MAGECIO will update a "Delete Flag" in the Audit Stamp instead of actually deleting the record when an MMP or MBP requests a delete. Thereafter, MAGECIO will simulate a "NOT FOUND" condition whenever a program tries to read that record. The record will remain on file intact indefinitely until an application program is run to "Purge" flagged records to a history file (tape) and physically delete them. It is the responsibility of the application developers to provide such a Purge program. In cases where the data is extremely sensitive it is worthwhile to provide such protection for deleted data.
The MAGEC Activity Logging (MAL) facility is provided to produce a record of online activity (mainframe versions of MAGEC, only) for use in System Tuning, User Chargeback, and Security activities. A system global parameter specified in the MAGEC paramaters table (Table #243) determines whether this feature is activated or not. The Logging is done in the resident MAGEC nucleus and may be activated or deactivated by changing the global parameter (named "MAG-ACT-LOG" in Table #243) and issuing the **LOAD command at any time. Since there is usually a complete MAGEC system installed for Test and another for Production, MAL may be activated for either, both, or neither as needs dictate. The MAGEC nucleus consists of the modules MAGECCP and MAGECIO.
If the feature is activated, statistics will be recorded for Functions, Terminals, and Operators. The statistics captured include detailed I/O counts, transaction counts, and error counts. An offline (batch) utility program (MALUTIL) is provided to extract statistics from the Log file (MAL file) and append them to a cumulative Log tape. This may be done on any desired frequency without losing any data. A utility reporting program is also provided (MALRPT) which produces a variety of reports from the tape file. Detailed or summarized figures may be reported in a variety of sequences and with consolidation capabilities. Summaries of activity by Location and by Logical Application may be produced. Potential Security violations will be highlighted on the report.
Online inquiry Functions are provided for Security Officers and other concerned parties to view MAL statistics as the system is running. In seconds, the Security Officer can see who may do any Function (WHOMAY function code), or who did do any Function (WHODID function code), or peruse Operator activity (OPRACT function code).
All the Security parameters are stored on MAGEC Dictionary files and maintained online via real-time Functions. In most cases the standard set of nine Functions is provided against each type of data, the standard functions are:
In all cases there is full online documentation for all Functions. The Security Officer who requires assistance may reference this chapter and/or review the online documentation. To see the online documentation for any MAGEC Function just enter the Function Code, when the screen returns (in the proper format for that Function) then press PF1 (F1 on a PC), the universal MAGEC "HELP" key. When entering the desired Function Code (in upper left corner of the screen) it is a good idea to clear the screen key area, SKEY (immediately following Function Code) to spaces so that MAGEC will not think that you have mis-entered the key and, therefore, present the key analysis rather than the function-level HELP text.
While doing these (or any) Functions, entry errors will be noted by Error messages presented on the last three lines of the screen. Pressing the HELP key while Error messages are shown will result in MAGEC's displaying documentation for those Error messages instead of for the Function Code. Also, it is possible that there might be a "Broadcast Message" which MAGEC "thinks" the Terminal Operator has not yet seen. In that case there would be a "Notification" on the last line of the screen, pressing HELP then would result in a display of the "Broadcast Message" instead of documentation for the Function. The Notification will disappear after the Broadcast Message has been seen and the HELP key will revert to its usual purpose.
The Functions ending in LOC, SCN, or FND are browse Functions. From any browse Function screen the cursor may be used to select an item. By positioning the cursor on the line of the screen on which an item is listed and pressing the ENTER key (large plus key, on a PC) control will transfer to the SEE (full screen display) Function for the selected item. Pressing PF4 (F4, on a PC) instead of ENTER will pass control to the CHG (update) Function.
The MAGEC Menu Facility may be used to access any of the Security Maintenance Functions by entering a Function Code of: **MENU. When the MAIN MENU appears the cursor may be moved down to select the Security System Logical Application (49) second-level Menu. The second-level menu shows a list of functions and groups of functions which are part of the security system and for which you are authorized. You can cursor-select one of these items. If you select an individual function, you will be transferred to its screen immediately. If you select a group, you will be transferred to a low-level menu for that group. You may then select a function from the group.
There are two levels of Security Officers, Central Security Officers and Local Security Officers. The determination of which type one is is solely a factor of the Authorization Level He/She possesses in the Security System Logical Application (49) on the SIF profile. Operators with a Level of 9 in LAP 49 are, by definition, Central Security Officers. Those with a Level of 8 are, by definition, Local Security Officers. Operators having a Level 0 through 7 in LAP 49 are not Security Officers at all.
A Central Security Officer has virtually unrestricted access to any MAGEC Function and any MAGEC User View. Many of the restrictions which limit ordinary Operators are summarily bypassed when a Central Security Officer Logs On. Needless to say, there should be a limited number of Central Security Officers and their Passwords should be carefully guarded.
A Local Security Officer has the ability to do maintenance Functions to the Dictionary profiles which control security, but only within certain limitations. The Local Officer can inquire into almost all the security profiles but will be able to update only those for his/her Location. Passwords will be suppressed from all displays except for Operators at the same Location. Local Officers may update Device profiles only for Devices at that Location, and Function Code profiles may be updated only if the Local Officer's Authorization would allow access to them.
When a (SIF) profile for a Security Officer is displayed on the screen, a heading will be displayed on the right half of the top line of the screen (SCOMPL). The heading will say either CENTRAL SECURITY OFFICER or LOCAL SECURITY OFFICER as appropriate. If the Operator is Suspended or Terminated, whether a Security Officer or not, SCOMPL will contain a message saying so.
The MAGEC Security System does not interfere with any other System which may be installed. It does not involve any alterations to the TP Monitor or Operating System software. It is totally acceptable to use the MAGEC Security system and also continue using another security system as well to control access to Trans-ID's.
You can interface between MAGEC and an external security system, One way of doing that is to use the interface program provided with MAGEC to extract security ID's from some other security system and to automatically log the Operator onto MAGEC. This means that the Operator never sees the MAGEC Log On screen, but full security protection is still afforded. The interface program is a Cobol program for which source code is available. The interface program is named MAGLOGON. It enables interfaces to TopSecret, RACF, ACF2, Novell NetWare, and even to home-grown security systems.
A trans-id of MAGL is provided to invoke the Automatic Log On facility which provides the same functionality on either a mainframe or on a Novell network. Also refer the the topic "Auto Log On" later in this section
Another approach is to allow the MAGEC security system to be the controlling, or master, system for all online applications, MAGEC or non-MAGEC. This is done using the transfer-in, transfer-out utilities provided with MAGEC (MAGXFRIN, MAGXFROT) to seamlessly transfer control back and forth between MAGEC and non-MAGEC programs. You can then write a simple dispatcher, or menu, program in MAGEC which governs access to external Trans-ID's based upon Operator ID and authorization levels.
Yet another architecture is provided to interface with external security systems. You can specify that MAGEC is to issue a call to an external security module after doing any appropriate security checking against the intrinsic MAGEC security parameters. This enables you to code a program which accesses any other security system and makes a determination as to whether a given operator is authorized to do a given transaction.
MAGEC will first do all of its own security checking. If the transaction is rejected by the intrinsic checks, it will issue the standard "unauthorized..." message without ever calling the external security module; however, if MAGEC security parameters show the operator to be authorized, it will then call your module for further checking. If your module passes back an unauthorized status, a message is issued to the operator. If your module returns an authorized status, the transaction will be allowed to process.
The external security program you write is an ordinary, usually Command-Level Cobol, program which may issue calls to an interface provided with your external security system. You specify to MAGEC the name of that program in the MAGEC System Parameters table, Table #243. The parameter is named SECURITY-EXIT. Thus, you could enter the command online:
and then set or alter the name of your security checking program. If you specify a name of all spaces, MAGEC will bypass attempting to call your program and only the intrinsic MAGEC security parameters will be used.
In order to write a security checking program you must follow a few simple conventions. Those conventions are discussed in this chapter under the heading Security Exit.
Some MAGEC users may wish to bypass MAGEC's security checking altogether. Normally this would be because they have written a security exit program which will accomplish the necessary authorization checking instead.
To bypass MAGEC's security the MAGEC-SECURITY System Parameter should be set to NO. This can be done using the online command:
A setting of YES (the default) will allow normal MAGEC security checking, a setting of NO will bypass MAGEC's security checking altogether.
If you choose to bypass MAGEC's security you should be careful to consider that the activity logging and automatic menu systems are based upon the security parameters and ID's. Also,the employee ID in any audit stamp (maintained by the MAGEC I/O module) is taken from the employee number given when the operator logs on. With MAGEC's security bypassed, it is not necessary for an operator to log on to MAGEC in order to do any function; therefore, the empoloyee number would be zero.
One suggestion which might help minimize difficulties associated with bypassing MAGEC security is to have a SECURITY-EXIT program set a meaningful value into the employee number in the TWA security area. It could also set authorization levels to help the dynamic menu system in MAGEC to produce more concise menus.
Prerequisite Reading
Overview
Entities Controlled
Function Codes
Logical Applications
Terminals
Operators
User Views
Security Entity Relationships
Data Elements
Control Parameters
Passwords
Dates
Day of Week
Holidays
Time of Day
Maximum Number Logon Attempts
Maximum Unauthorized Functions
Time Out
Multi-Terminal Log On
Group Identifier
Location Code
Hold Codes
Authorization Levels
Other Features
Custom Security Within MMP
Protection Against Program Violations
Passwords on Library Members
VERZUN - Version Verification
Audit Trails
Database Records
Online Activity
Dictionary Maintenance
Security Officers
Compatibility
Co-Existence with Other Security
Automatic Log On
MAGEC Security as the Master
Dynamic Calls to External Security
Bypassing MAGEC Security
Online Maintenance
LAPxxx nn |
FCDxxx ffffff |
Security data is maintained on online Dictionary files but is transferred into main memory tables for run-time efficiency. Data from the FCD-File, DCL-File, ELT-File, and KYF-File are handled this way for use by the Security system and other MAGEC Features.
When the Security Officer does an update to the FCD-File, for example, the file record is changed, but not the in-memory image. At system start-up time (when the TP Monitor is "brought-up") these in-memory images are loaded from the files. In order to permit dynamically changing Security parameters without stopping and starting the TP Monitor; a special Function is provided for Security Officers (and others who need it). The Function is:
Any other value defaults to "ALL ". This permits reloading only the Function Code Table from the FCD-File or only the database definitions from the DB definition files or all of them. The loading of these in-memory tables will take (usually) 30 to 60 seconds during which MAGEC must quiesce online processing. Any operator who enters a transaction while the tables are being loaded will receive the message:
The operator's screen will not be destroyed. Pressing ENTER (or any other transmit key) again will retransmit the same transaction.
**LOAD Function
SYSTEM LOADING - ONE MOMENT
***LOAD xxxxxxxx nnnn Functions Loaded |
FCDGBL xxxxxx Enter values in fields to be changed |
DVCxxx tttt |
DVCGBL tttt Enter values in fields to be changed |
SIFxxx nnnnnnnnn ++ CENTRAL SECURITY OFFICER ++ |
Each of the Dictionary files described in the preceding discussions includes the standard set of MAGEC Functions, which includes a SEE Function for full-screen display using the screen format shown. Each also includes the browse Functions LOC, SCN, and FND which may be used to browse through, search, and select data to be displayed to the Security Officer. Since the Online Documentation feature will provide complete succinct instructions and explanation for each of these simply by pressing the Help key (PF1, F1 on PC) this chapter will not attempt to re-explain them. It will just present some of the possible applications of these very powerful Functions here as an example.
In addition to the standard inquiry and browse functions several special Functions are also provided. They may be used to quickly find information of particular interest to Security Officers, such as: who may access a given Function or who has accessed it or what Functions has a given Operator done and where.
Inquiries & Browses
SIFSCN 1 END OF LIST - PF5=Restart/PF7=Backward |
SIFFND 1 END OF LIST - PF5=Restart/PF7=Backward |
SIFGBL tttt Enter values in fields to be changed |
WHOMAY ffffff END OF LIST - PF5=Restart/PF7=Backward |
To obtain a list of Operators who have done a given Function Code, the WHODID Function may be used. This Function is only supported when the MAL Activity Logging (TIMACCT=YES) is specified in the installation parameters. It is not supported on the PC implementation of MAGEC.
The key value (ffffff) is any valid Function Code. The display shows data from the MAL Logging file. The specified Function Code is shown along with the Device ID's and Operator ID's and associated Logging statistics of I/O, errors, etc.
The OPRACT Function Code uses the same screen format and provides displays of activity for selected Operators, Terminals, and Functions with the ability to specify Terminals and Functions generically using the Dot (.) as a generic character as in the SCN Functions. Pressing HELP while in the OPRACT Function will result in full online documentation and explanation of the capabilities of OPRACT.
Placing the cursor onto any line of display and pressing ENTER will result in a more detailed full-screen display which includes the Function Code's description, Device description, and Operator Name. The full-screen inquiry uses the Function Code MALSEE, described below.
WHODID Function
WHODID ffffff END OF LIST - PF5=Restart/PF7=Backward |
MALSEE ffffff/tttt/nnnnnnnnn |
**MENU END OF DATA Reached |
++MENU 01 END OF DATA Reached |
$$MENU 01 |
SYSLOG ON MAGEC User-View TS01, Term-ID .... |
An optional Activity Logging facility is provided with MAGEC in a mainframe environment. The Logging is done in MAGEC's Control Program and I/O Module. Whether activity logging is active or not is controlled by a MAGEC Global Parameter Table entry. The parameter may be set to "YES" or "NO "; Yes activates the option, No deactivates it. After altering the setting of a parameter in the table, you should enter the **LOAD command to put the new parameter into effect immediately. To look at "MAG-ACT-LOG" enter:
When Logging is activated, the system will update the MAGEC Log File (MAL file) for every online transaction. The file is keyed by a combination of Function Code, Operator ID, and Terminal ID. It holds statistics of cumulative transactions, error screens, program (MMP) allocations, and DB activity (Adds, Reads, etc.). "Transaction" is defined as: every time an Operator sends a message to the host CPU by pressing the ENTER or any PF key, PA key, or the CLEAR key.
Online inquiries are provided to permit monitoring activity as the system is running. They are:
Each of these functions is fully documented online via the standard "PF1" key Online Documentation facility of MAGEC.
A batch utility program (and job stream) is provided to extract the cumulative statistics from the MAL-File to tape. The program name is "MALUTIL" and the job stream is "MALUTLEX". No control card is needed. The program reads the MAL file and builds a work file of statistics records. It then reads the old, input tape file (Ignored/Dummied the first time it is run) and writes to a new output tape file all the old records plus all those new records from the extracted work file. After it does that it then goes back to the MAL file and "subtracts out" the activity it has "added" to the cumulative tape, thus this extract may be done while the system is running and Logging without interrupting processing.
The "MALUTLEX" job may be run on any frequency desired since the extracted records are stamped with the "From/To" dates and times for which they apply. Running it more frequently, say daily, will provide a finer breakdown of activity but will also produce a larger (more records) cumulative tape file.
A batch utility report program and job stream are provided to print a report of statistics from the tape. The program is named 'MALRPT' and the job stream is called 'MALRPTEX'. A control card is used to specify various options which will result in the report being listed in detail or consolidated form and in a variety of sequences. The report uses data selected from the tape file. The control card also defines selection criteria.
The MALRPT Control Card format is:
The Start and End Dates are used to limit the extract to activity records between the two. If Start Date is omitted (Blank) then '000000' is assumed. If End Date is omitted then '999999' is assumed. The extract will select statistics records having a Start Date or End Date which is between the Control Card Start and End Dates.
If Operator-ID is given then only that Operator's activity will be extracted. If omitted then all Operators will be assumed.
It Terminal (Device) ID is given then only that Terminal's activity will be extracted, otherwise all Terminals will be assumed.
If Function Code is given then only that Function (or Functions if generic) will be extracted, otherwise all Functions will be assumed.
The Function Code and Terminal-ID entries may be Generic, that is, they may contain the Mask Character Dot (.) in positions in which the matching comparison is to be ignored. Thus, a Function Code entry of "CUS..." will select all Function Codes starting with "CUS", an entry of "...ADD" will select all Function Codes ending with "ADD", etc.
The Consolidate Flags control whether the report is to show detailed or consolidated entries for the respective fields. A "C" indicates consolidation while a "D" or Blank indicates detail.
The Report Sequence Code controls the sort and report sequence. It may contain:
If the Op-ID Suppress Flag is "S" then the Operators' Employee numbers will not be shown on the report. If the Flag is "P" or Blank then the numbers will be shown.
If the Op-Name Suppress Flag is "S" the Operators' names will not be shown. If the Flag is "P" or Blank the names will be shown.
If the Control Card is omitted entirely then a card of:
is assumed, where YYMMDD equal Today's Date.
The MALRPT report columns are:
A general purpose Broadcast Message facility is provided by MAGEC for use by Security Officers and other Central Site personnel having the need from time to time to distribute information to all Operators.
There is a single record on the DOC File designated to contain the Broadcast Message, which may be up-to 15 lines long. Standard Functions are provided to enter or alter, and delete the message. The Functions used are:
If there is already a message record on file the ADD Function acts as a CHG Function. The DEL Function merely updates the message record with a "message" of all Blanks.
Whenever a non-blank message is ADDed or CHG'd MAGEC sets a flag in the TWA records for all terminals indicating "there is a message for you". Operators who are currently Logged On to the system then begin seeing a Notification on the bottom line of their screens, such as:
While this Notification is shown the PF1 Key is temporarily equated to the Function Code MSGSEE. When the Operator presses PF1 (or enters the Function Code MSGSEE) the Broadcast message will be displayed with the Function Code set to MSGSAW. Pressing ENTER again (with MSGSAW) will set the TWA flag off and the Notification will disappear. The Operator may still use MSGSEE to re-read the message, but the PF1 Key reverts to its standard usage (HELP Key).
Whenever any Operator Logs On MAGEC checks whether the Broadcast Message record on the DOC File is Blank, if not then it sets the TWA flag on and the new Operator will begin seeing the Notification until he/she reads the message.
Whenever the Broadcast Message record is "deleted" (blanked) MAGEC sets the TWA flag off for all terminals. You can delete the message by using the MSGCHG Function and blanking the message text or by using the MSGDEL Function (same results).
Some MAGEC users may wish to provide their own security logic and to have MAGEC invoke it to determine whether an operator or terminal is authorized to access a given function or screen. This can be accomplished via the security exit of MAGEC's Control Program.
A security exit program is an ordinary CICS program. It may be Cobol, Assembler, or any other language supported in your environment. It may call any external security system (i.e. ACF2, RACF, TopSecret, or homegrown system) to make a determination of authorization or no authorization. Most users will probably wish to specify, in the DFHPPT, that the security exit program is to be RESIDENT in order to minimize overhead as online transactions are processed.
You must first code and compile (or assemble) and link the security exit program. It may have any valid 8-character (7-character for VSE) name and it must be defined to CICS's PPT. MAGEC's Control Program will access the security exit via the EXEC CICS LINK command, when appropriate.
To tell MAGEC that a security exit program exists, and its name, you must specify the name in the MAGEC table number 243. This can be done online using the command:
The first 8 characters of the description will be accepted as the program name. If the first 8 characters are blank, MAGEC assumes that there is no security exit.
When MAGEC calls the security exit program the exit program has access to the TWA. The security exit program may interrogate any area of the TWA and may even alter the contents, but you should be careful. The TWA contains the standard fields SFUNCT and SKEY which contain the function code and key value. It also contains a field named TWA-ACF-OK which is one byte long (PIC X).
The exit program is expected to set a value of '0' thru '9' into TWA-ACF-OK. A value of '0' indicates that access is denied, any greater value indicates that access is approved. The application MMP's may interrogate the TWA-ACF-OK field to determine a degree of authorization, if desired.
Before calling the security exit program MAGEC's Control Program defaults the TWA-ACF-OK field to a value of '9', the highest possible authorization level.
If the security exit sets a value of '0' MAGEC's Control Program will issue a message indicating that the external security system has rejected the transaction and will not pass control to the MMP.
If the operator is a Central Security Officer, MAGEC's Control Program will give him/her access regardless what authorization level the security exit program returns. This enables a Central Security Officer to break deadlocks.
The security exit program may access any external security system via any valid means provided. It must obtain addressibility to the TWA and it must include a definition of the TWA in order to communicate with the MAGEC Control Program. This means that the exit program should probably include the standard TWA definition provided with MAGEC via:
This should be included into the LINKAGE SECTION of the exit program (the member TWADSC-C begins with the LINKAGE SECTION statement, so you should not code such a statement into your program).
In the PROCEDURE DIVISION (probably near the very beginning of it) you should get addressibility to the TWA. This is done one of two ways, depending on whether you are using Cobol II or VS Cobol. For Cobol II, code:
The ADDRESS-FROM-CICS field is defined as:
It may be in WORKING-STORAGE.
For VS Cobol, code:
The TWAPTR, TWAPTR2, TWAPTR3, and TWAPTR4 fields are BLL cells (PIC S9(8) COMP).
Activity Logging
'MALRPT YYMMDD YYMMDD '
Broadcast Message
** THERE IS A MESSAGE FOR YOU - PRESS PF1 TO SEE IT **
Security Exit
TBLCHG 243/SECURITY-EXIT
Coding the exit program
-MAGECINC TWADSC-C
EXEC CICS ADDRESS TWA(ADDRESS-FROM-CICS)
END-EXEC
SET ADDRESS OF TWA TO ADDRESS-FROM-CICS.
01 ADDRESS-FROM-CICS USAGE IS POINTER.
EXEC CICS ADDRESS TWA(TWAPTR)
END-EXEC
ADD 4096 TTWAPTR GIVING TWAPTR2
ADD 4096 TWAPTR2 GIVING TWAPTR3
ADD 4096 TWAPTR3 GIVING TWAPTR4
SERVICE RELOAD TWA.