|
Very good! I lumped this under "discretionary access control" which as you pointed out the 400 does well. To look at "Top Secret -- Crypto" classified data, a "Top Secret -- Nukes" clearance will not do. The security officer is always an issue, which is why this person must be trusted. Less of an issue with AS/400, as many functions which require "root" on UNIX can be done with a more granular special authority on the AS/400. You don't have to give away the whole machine just because a help desk person may need to reset passwords once in a while. But most businesses still need transactional security more -- you aren't keeping secrets so much as keeping people from writing checks to themselves & charging it to "suspense". Major fraud looks really bad when it hits the Wall Street Journal. At 01:54 PM 11/4/99 -0800, you wrote: >Actually, your description is partly correct regarding government >security clearance, but leaves something out. That is called the >"Need to know". Even though I have a secret security clearance >does not mean I have access to all data that is marked as secret. >I only have access to it if I have a "Need to know" the information. > >If something is marked as Top Secret, and I have a Secret clearance, >I can never see that data, even if I have a need to know it, unless my >clearance is upgraded to Top Secret. > >The AS/400 security handles this pretty well on a "Need to know" >basis if the security is set up correctly. The security administrator >must determine the need to know any piece of information, or access >to a program. All other data should be excluded, unless a need to >know is shown. > >A notable exception to this rule, however, is the Security Officer, >who basically has all access to the system. But then, the Security >Officer can be considered to have the "need to know" the entire >system. > >Regards, > >Jim Langston > >"V. Leveque" wrote: > >> I'm not sure how Bob/Martin would define it, but conventionally it is the >> security model followed for government classified information. Each item of >> information has a classification, based on the consequences if disclosed >> (e.g., Top Secret means it would cause "grave harm" to national security if >> disclsed, etc.). Each user is given a clearance level corresponding to how >> trustworthy they are(are they citizens? Did they pass the polygraph test? >> Did they ever "inhale"?). The higher the clearance you have, the higher the >> classification of information you can access. > ><SNIP> > >+--- >| This is the Midrange System Mailing List! >| To submit a new message, send your mail to MIDRANGE-L@midrange.com. >| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. >| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. >| Questions should be directed to the list owner/operator: david@midrange.com >+--- > > |----------------------------| "Outside of a dog, a book is a man's |\ / | \ / | best companion. Inside of a dog, | \/ INCENT |__E \/EQUE | it's too dark to read." |----------------------------| -- Groucho Marx +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact copyright@midrange.com.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.