• Subject: RE: Security Admin package for multi level security
  • From: Buck Calabro <mcalabro@xxxxxxxxxxxx>
  • Date: Fri, 5 Nov 1999 08:51:06 -0500

Here's another shining chance to show off my ignorance.  I don't use AS/400
security much at my current job.  I don't understand how AS/400 security
alone can properly handle security without application programming.  

Let's say that I have an "update customer master" application that allows
access to name, address and telephone number.  If I want to give a trainee
Customer Service Rep "read-only" access to this application (look but don't
touch) I can't simply restrict his authority to "read-only", because the
program opens the file for update - with restricted authority, the open
fails.  Don't I really need to make the application "security aware" so that
if the user has "read-only" on the customer master file, the application
opens a read-only access path, protects the display fields from update, etc?

I always thought that OS security had to be built into (or recognised by)
the application.

Buck Calabro
Aptis; Albany, NY

> -----Original Message-----
> From: Jim Langston 
> Sent: Thursday, November 04, 1999 4:54 PM
> To:   MIDRANGE-L@midrange.com
> Subject:      Re: Security Admin package for multi level security
> 
-snip-

> The AS/400 security handles this pretty well on a "Need to know"
> basis if the security is set up correctly.  The security administrator
> must determine the need to know any piece of information, or access
> to a program.  All other data should be excluded, unless a need to
> know is shown.
> 
-snip-

> Regards,
> 
> Jim Langston
> 
> "V. Leveque" wrote:
> 
> > I'm not sure how Bob/Martin would define it, but conventionally it is
> the
> > security model followed for government classified information.  Each
> item of
> > information has a classification, based on the consequences if disclosed
> > (e.g., Top Secret means it would cause "grave harm" to national security
> if
> > disclsed, etc.).  Each user is given a clearance level corresponding to
> how
> > trustworthy they are(are they citizens?  Did they pass the polygraph
> test?
> > Did they ever "inhale"?).  The higher the clearance you have, the higher
> the
> > classification of information you can access.
> 
> <SNIP>
> 
> 
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2020 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].