ENFORM is a reporting tool that retrieves data from Enscribe files. The ENFORM Subsystem is used to:
Retrieve data from databases, sort and group data from databases
Perform calculations and formulas on the retrieved data
Format and print a report containing the retrieved data
Create a new physical file containing the retrieved data
ENFORM is a reporting program. It does not alter any data in the files it queries.
The ENFORM subsystem consists or three sets of components :
The user must do the following using the DDL Language:
Define the Dictionary
Define the database object(s)
The ENFORM subsystem processes are:
Query compiler/report writer
Query processor
Optional user-provided components:
A host language program
An ENFORM server
Caution | A dictionary is a collection of files that define the contents of a database. It describes the structure of each record in the database. ENFORM accesses the dictionary before retrieving any data and stores the information in the internal table of the query compiler/report writer. The database is the physical file(s) containing the data. ENFORM searches the database to find the information requested , and then returns it as output. |
The components of ENFORM are (See Figure 6-6):
BUILDMK
ENFORM
ENFORMMK
ENFORMMT
ENFORMSV QP
A query is made up of ENFORM statements, clauses, and commands describing the requested information to be retrieved from the database. ENFORM uses the specification to determine:
The query environment
The data to be retrieved
The form in which the retrieved data should be displayed
Using ENFORM statements, ENFORM performs the following functions:
Compiling the query
Formatting and writing a report
RISK: ENFORM allows anyone with READ access to data files and their corresponding dictionary to run ad-hoc reports against the data, with the potential of exposing sensitive information such as account numbers and social security numbers . Running ad hoc reports cannot be audited beyond file opens and process starts. There is no way to audit or limit the report contents.
RISK ENFORM makes intensive use of system resources, CPU, memory space and disk space (for its temporary files). Many companies restrict the use of ENFORM on secure systems to a few select user groups.
RISK ENFORM makes it possible to view sensitive data in Enscribe databases.
Databases should be secured against unauthorized queries by restricting READ access to only those users who must view secure data to perform their jobs.
The query processor (QP) receives the query specifications and dictionary information from the query compiler and then gathers the data from the database.
Companies can also develop application programs and ENFORM servers to access and report on data that might otherwise not be usable by ENFORM.
The following files are supplied by HP to facilitate the creation of custom ENFORM servers.
BUILDMK A file containing object code that converts the EDIT version of the message table into the special key- sequenced file required by ENFORM.
ENFORMMK The default version of the message table in a key-sequenced file that contains the ENFORM messages and help text. This file can be customized to suit the environment.
ENFORMMT An EDIT version of the default message table. This file can be customized. If altered , use BUILDMK to convert the EDIT version of the message table into the special key-sequenced file required by ENFORM.
ENFORMSV A DDL source file that contains all of the message definitions necessary for a dialogue between the ENFORM query processor and a custom ENFORM server. This can be used to generate message definitions for programs.
Companies using Format 2 files (very large files) must use ENFORM Plus servers to access and report on data.
HP provides a TACL macro (ENFPMAC) to switch the ENFORM executables between the 2 types of files. Once the macro is run, the executables are renamed to the same names as Format 1 ENFORM. Only SUPER.SUPER can perform these functions.
Using ENFPMAC to switch from ENFORM to ENFORM Plus:
ENFORM Renamed to OENFORM
QP Renamed to OQP
BUILDMK Renamed to OBUILDMK
ENFORMP Renamed to ENFORM
QPP Renamed to QP
BUILDMKP Renamed to BUILDMK
Using ENFPMAC to switch from ENFORM Plus to ENFORM:
ENFORM Renamed to ENFORMP
QP Renamed to QPP
BUILDMK Renamed to BUILDMKP
OENFORM Renamed to ENFORM
OQP Renamed to QP
OBUILDMK Renamed to BUILDMK
RISK During conversion, the ENFORM files are renamed but not secured to match the original files. (Therefore, following the conversion, the new files must be secured to match the original files.)
Files used only by ENFORM:
BP-FILE-ENFORM-01 ENFORM should be secured "UUNU".
BP-OPSYS-OWNER-02 ENFORM should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 ENFORM must reside in $SYSTEM.SYSTEM.
BP-FILE-ENFORM-02 BUILDMK should be secured "UUNU".
BP-OPSYS-OWNER-02 BUILDMK should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 BUILDMK must reside in $SYSTEM.SYSTEM.
BP-FILE-ENFORM-03 ENFORMMK should be secured "NUNU".
BP-OPSYS-OWNER-02 ENFORMMK should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 ENFORMMK must reside in $SYSTEM.SYSTEM.
BP-FILE-ENFORM-04 ENFORMMT should be secured "NUNU".
BP-OPSYS-OWNER-02 ENFORMMT should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 ENFORMMT must reside in $SYSTEM.SYSTEM.
BP-FILE-ENFORM-05 ENFORMSV should be secured "NUNU".
BP-OPSYS-OWNER-02 ENFORMSV should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 ENFORMSV must reside in $SYSTEM.SYSTEM.
BP-FILE-ENFORM-06 QP should be secured "UUNU".
BP-OPSYS-OWNER-02 QP should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 QP must reside in $SYSTEM.SYSTEM.
Files used only by ENFORM PLUS:
BP-FILE-ENFORM-07 BUILDMKP should be secured "UUNU".
BP-OPSYS-OWNER-02 BUILDMKP should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 BUILDMKP must reside in $SYSTEM.SYSTEM.
BP-FILE-ENFORM-08 ENFORMP should be secured "UUNU".
BP-OPSYS-OWNER-02 ENFORMP should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 ENFORMP must reside in $SYSTEM.SYSTEM.
BP-FILE-ENFORM-09 ENFPMAC should be secured "UUUU".
BP-OPSYS-OWNER-02 ENFPMAC should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 ENFPMAC must reside in $SYSTEM.SYSTEM.
BP-FILE-ENFORM-10 QPP should be secured "UUNU".
BP-OPSYS-OWNER-02 QPP should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 QPP must reside in $SYSTEM.SYSTEM.
Files present only after conversion to ENFORM Plus:
BP-FILE-ENFORM-11 OBUILDMK should be secured "UUNU".
BP-OPSYS-OWNER-02 OBUILDMK should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 OBUILDMK must reside in $SYSTEM.SYSTEM.
BP-FILE-ENFORM-12 OENFORM should be secured "UUNU".
BP-OPSYS-OWNER-02 OENFORM should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 OENFORM must reside in $SYSTEM.SYSTEM.
BP-FILE-ENFORM-13 OQP should be secured "UUNU".
BP-OPSYS-OWNER-02 OQP should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 OQP must reside in $SYSTEM.SYSTEM.
AP-ADVICE-ENFORM-01 Normal application reports should be generated within the application, limiting the data fields retrieved as appropriate to the various users' job functions so that only those users who must view sensitive data can.
AP-ADVICE-ENFORM-02 Separation of duties dictates that no individuals should be able to query, whether via a single report or several, all the data required to commit fraud.
AP-ADVICE-ENFORM-03 ENFORM creates swap files either on $SYSTEM (where the ENFORM object file resides) or in the location specified by NSKCOM or in a user specified location. The disk must have sufficient space for the temporary files.
If available, use Safeguard software or a third party object security product to grant access to ENFORM for necessary personnel, and deny access to all other users.
BP-SAFE-ENFORM-01 Add a Safeguard Protection Record to grant appropriate access to the ENFORM object file.
BP-SAFE-ENFORM-02 Add a Safeguard Protection Record to grant appropriate access to the ENFPMAC disk file.
Discovery Questions Look here: | ||
---|---|---|
FILE-POLICY | Is ENFORM or ENFORM Plus being used? | Policy |
OPSYS-OWNER-02 | Who owns the ENFORM object file? | Fileinfo |
OPSYS-OWNER-02 | Who owns the BUILDMK object file? | Fileinfo |
OPSYS-OWNER-02 | Who owns the ENFORMMK object file? | Fileinfo |
OPSYS-OWNER-02 | Who owns the ENFORMMT object file? | Fileinfo |
OPSYS-OWNER-02 | Who owns the ENFORMSV object file? | Fileinfo |
OPSYS-OWNER-02 | Who owns the QP object file? | Fileinfo |
FILE-POLICY | Is ENFORM Plus used? | Policy |
OPSYS-OWNER-02 | Who owns the ENFPMAC TACL file? | Fileinfo |
OPSYS-OWNER-02 | Who owns the ENFORMP or OENFORM object file? | Fileinfo |
OPSYS-OWNER-02 | Who owns the BUILDMKP or OBUILDMK object file? | Fileinfo |
OPSYS-OWNER-02 | Who owns the QPP or OQP object file? | Fileinfo |
FILE-POLICY | Who is allowed to execute ENFORM on the system? | Policy |
FILE-ENFORM-01 | Is the ENFORM object file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
FILE-ENFORM-02 | Is the BUILDMK object file secured correctly? | Fileinfo |
FILE-ENFORM-03 | Is the ENFORMMK object file secured correctly? Fileinfo | |
FILE-ENFORM-04 | Is the ENFORMMT file secured correctly? | Fileinfo |
FILE-ENFORM-05 | Is the ENFORMSV file secured correctly? | Fileinfo |
FILE-ENFORM-06 | Is the QP object file secured correctly? | Fileinfo |
FILE-ENFORM-07 | Is the BUILDMKP object file secured correctly? | Fileinfo |
FILE-ENFORM-08 | Is the ENFORMP object file secured correctly? | Fileinfo |
FILE-ENFORM-09 SAFE-ENFORM-02 | Is the ENFPMAC file correctly secured with the Guardian or Safeguard sytem? | Fileinfo Safecom |
FILE-ENFORM-10 | Is the QPP object file secured correctly? | Fileinfo |
FILE-ENFORM-11 | Is the OBUILDMK object file secured correctly? | Fileinfo |
FILE-ENFORM-12 | Is the OENFORM object file secured correctly? | Fileinfo |
FILE-ENFORM-13 | Is the OQP object file secured correctly? | Fileinfo |
Related Topics
DDL