ENFORM Subsystem


ENFORM is a reporting tool that retrieves data from Enscribe files. The ENFORM Subsystem is used to:

Retrieve data from databases, sort and group data from databases

Perform calculations and formulas on the retrieved data

Format and print a report containing the retrieved data

Create a new physical file containing the retrieved data

ENFORM is a reporting program. It does not alter any data in the files it queries.

The ENFORM subsystem consists or three sets of components :

  1. The user must do the following using the DDL Language:

    Define the Dictionary

    Define the database object(s)

  2. The ENFORM subsystem processes are:

    Query compiler/report writer

    Query processor

  3. Optional user-provided components:

    A host language program

    An ENFORM server

    Caution

    A dictionary is a collection of files that define the contents of a database. It describes the structure of each record in the database. ENFORM accesses the dictionary before retrieving any data and stores the information in the internal table of the query compiler/report writer.

    The database is the physical file(s) containing the data. ENFORM searches the database to find the information requested , and then returns it as output.

ENFORM Components

The components of ENFORM are (See Figure 6-6):

BUILDMK

ENFORM

ENFORMMK

ENFORMMT

ENFORMSV QP

click to expand
Figure 6.6: ENFORM Components

Query Specification with ENFORM

A query is made up of ENFORM statements, clauses, and commands describing the requested information to be retrieved from the database. ENFORM uses the specification to determine:

The query environment

The data to be retrieved

The form in which the retrieved data should be displayed

Using ENFORM statements, ENFORM performs the following functions:

Compiling the query

Formatting and writing a report

RISK: ENFORM allows anyone with READ access to data files and their corresponding dictionary to run ad-hoc reports against the data, with the potential of exposing sensitive information such as account numbers and social security numbers . Running ad hoc reports cannot be audited beyond file opens and process starts. There is no way to audit or limit the report contents.

RISK ENFORM makes intensive use of system resources, CPU, memory space and disk space (for its temporary files). Many companies restrict the use of ENFORM on secure systems to a few select user groups.

RISK ENFORM makes it possible to view sensitive data in Enscribe databases.

Databases should be secured against unauthorized queries by restricting READ access to only those users who must view secure data to perform their jobs.

The Query Processor (QP)

The query processor (QP) receives the query specifications and dictionary information from the query compiler and then gathers the data from the database.

Optional User-provided Components

Companies can also develop application programs and ENFORM servers to access and report on data that might otherwise not be usable by ENFORM.

The following files are supplied by HP to facilitate the creation of custom ENFORM servers.

BUILDMK A file containing object code that converts the EDIT version of the message table into the special key- sequenced file required by ENFORM.

ENFORMMK The default version of the message table in a key-sequenced file that contains the ENFORM messages and help text. This file can be customized to suit the environment.

ENFORMMT An EDIT version of the default message table. This file can be customized. If altered , use BUILDMK to convert the EDIT version of the message table into the special key-sequenced file required by ENFORM.

ENFORMSV A DDL source file that contains all of the message definitions necessary for a dialogue between the ENFORM query processor and a custom ENFORM server. This can be used to generate message definitions for programs.

Optional ENFORM Plus Components

Companies using Format 2 files (very large files) must use ENFORM Plus servers to access and report on data.

HP provides a TACL macro (ENFPMAC) to switch the ENFORM executables between the 2 types of files. Once the macro is run, the executables are renamed to the same names as Format 1 ENFORM. Only SUPER.SUPER can perform these functions.

Using ENFPMAC to switch from ENFORM to ENFORM Plus:

ENFORM Renamed to OENFORM

QP Renamed to OQP

BUILDMK Renamed to OBUILDMK

ENFORMP Renamed to ENFORM

QPP Renamed to QP

BUILDMKP Renamed to BUILDMK

Using ENFPMAC to switch from ENFORM Plus to ENFORM:

ENFORM Renamed to ENFORMP

QP Renamed to QPP

BUILDMK Renamed to BUILDMKP

OENFORM Renamed to ENFORM

OQP Renamed to QP

OBUILDMK Renamed to BUILDMK

RISK During conversion, the ENFORM files are renamed but not secured to match the original files. (Therefore, following the conversion, the new files must be secured to match the original files.)

Securing ENFORM Components

Files used only by ENFORM:

BP-FILE-ENFORM-01 ENFORM should be secured "UUNU".

BP-OPSYS-OWNER-02 ENFORM should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-02 ENFORM must reside in $SYSTEM.SYSTEM.

BP-FILE-ENFORM-02 BUILDMK should be secured "UUNU".

BP-OPSYS-OWNER-02 BUILDMK should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-02 BUILDMK must reside in $SYSTEM.SYSTEM.

BP-FILE-ENFORM-03 ENFORMMK should be secured "NUNU".

BP-OPSYS-OWNER-02 ENFORMMK should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-02 ENFORMMK must reside in $SYSTEM.SYSTEM.

BP-FILE-ENFORM-04 ENFORMMT should be secured "NUNU".

BP-OPSYS-OWNER-02 ENFORMMT should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-02 ENFORMMT must reside in $SYSTEM.SYSTEM.

BP-FILE-ENFORM-05 ENFORMSV should be secured "NUNU".

BP-OPSYS-OWNER-02 ENFORMSV should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-02 ENFORMSV must reside in $SYSTEM.SYSTEM.

BP-FILE-ENFORM-06 QP should be secured "UUNU".

BP-OPSYS-OWNER-02 QP should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-02 QP must reside in $SYSTEM.SYSTEM.

Files used only by ENFORM PLUS:

BP-FILE-ENFORM-07 BUILDMKP should be secured "UUNU".

BP-OPSYS-OWNER-02 BUILDMKP should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-02 BUILDMKP must reside in $SYSTEM.SYSTEM.

BP-FILE-ENFORM-08 ENFORMP should be secured "UUNU".

BP-OPSYS-OWNER-02 ENFORMP should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-02 ENFORMP must reside in $SYSTEM.SYSTEM.

BP-FILE-ENFORM-09 ENFPMAC should be secured "UUUU".

BP-OPSYS-OWNER-02 ENFPMAC should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-02 ENFPMAC must reside in $SYSTEM.SYSTEM.

BP-FILE-ENFORM-10 QPP should be secured "UUNU".

BP-OPSYS-OWNER-02 QPP should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-02 QPP must reside in $SYSTEM.SYSTEM.

Files present only after conversion to ENFORM Plus:

BP-FILE-ENFORM-11 OBUILDMK should be secured "UUNU".

BP-OPSYS-OWNER-02 OBUILDMK should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-02 OBUILDMK must reside in $SYSTEM.SYSTEM.

BP-FILE-ENFORM-12 OENFORM should be secured "UUNU".

BP-OPSYS-OWNER-02 OENFORM should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-02 OENFORM must reside in $SYSTEM.SYSTEM.

BP-FILE-ENFORM-13 OQP should be secured "UUNU".

BP-OPSYS-OWNER-02 OQP should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-02 OQP must reside in $SYSTEM.SYSTEM.

AP-ADVICE-ENFORM-01 Normal application reports should be generated within the application, limiting the data fields retrieved as appropriate to the various users' job functions so that only those users who must view sensitive data can.

AP-ADVICE-ENFORM-02 Separation of duties dictates that no individuals should be able to query, whether via a single report or several, all the data required to commit fraud.

AP-ADVICE-ENFORM-03 ENFORM creates swap files either on $SYSTEM (where the ENFORM object file resides) or in the location specified by NSKCOM or in a user specified location. The disk must have sufficient space for the temporary files.

If available, use Safeguard software or a third party object security product to grant access to ENFORM for necessary personnel, and deny access to all other users.

BP-SAFE-ENFORM-01 Add a Safeguard Protection Record to grant appropriate access to the ENFORM object file.

BP-SAFE-ENFORM-02 Add a Safeguard Protection Record to grant appropriate access to the ENFPMAC disk file.

Discovery Questions Look here:

FILE-POLICY

Is ENFORM or ENFORM Plus being used?

Policy

OPSYS-OWNER-02

Who owns the ENFORM object file?

Fileinfo

OPSYS-OWNER-02

Who owns the BUILDMK object file?

Fileinfo

OPSYS-OWNER-02

Who owns the ENFORMMK object file?

Fileinfo

OPSYS-OWNER-02

Who owns the ENFORMMT object file?

Fileinfo

OPSYS-OWNER-02

Who owns the ENFORMSV object file?

Fileinfo

OPSYS-OWNER-02

Who owns the QP object file?

Fileinfo

FILE-POLICY

Is ENFORM Plus used?

Policy

OPSYS-OWNER-02

Who owns the ENFPMAC TACL file?

Fileinfo

OPSYS-OWNER-02

Who owns the ENFORMP or OENFORM object file?

Fileinfo

OPSYS-OWNER-02

Who owns the BUILDMKP or OBUILDMK object file?

Fileinfo

OPSYS-OWNER-02

Who owns the QPP or OQP object file?

Fileinfo

FILE-POLICY

Who is allowed to execute ENFORM on the system?

Policy

FILE-ENFORM-01
SAFE-ENFORM-01

Is the ENFORM object file correctly secured with the Guardian or Safeguard system?

Fileinfo Safecom

FILE-ENFORM-02

Is the BUILDMK object file secured correctly?

Fileinfo

FILE-ENFORM-03

Is the ENFORMMK object file secured correctly? Fileinfo

FILE-ENFORM-04

Is the ENFORMMT file secured correctly?

Fileinfo

FILE-ENFORM-05

Is the ENFORMSV file secured correctly?

Fileinfo

FILE-ENFORM-06

Is the QP object file secured correctly?

Fileinfo

FILE-ENFORM-07

Is the BUILDMKP object file secured correctly?

Fileinfo

FILE-ENFORM-08

Is the ENFORMP object file secured correctly?

Fileinfo

FILE-ENFORM-09 SAFE-ENFORM-02

Is the ENFPMAC file correctly secured with the Guardian or Safeguard sytem?

Fileinfo Safecom

FILE-ENFORM-10

Is the QPP object file secured correctly?

Fileinfo

FILE-ENFORM-11

Is the OBUILDMK object file secured correctly?

Fileinfo

FILE-ENFORM-12

Is the OENFORM object file secured correctly?

Fileinfo

FILE-ENFORM-13

Is the OQP object file secured correctly?

Fileinfo

Related Topics

DDL




HP NonStop Server Security 2004
HP NonStop Server Security 2004
ISBN: 159059035X
EAN: N/A
Year: 2004
Pages: 157

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net