FUJ00087991
FUJ00087991
ICL Pathway Group Definitions for the Secure NT Build Ref:RS/REQ/012
Release 2 Version:3.0
Date:21/10/98
Document Title:
Document Type:
Abstract:
Status:
Distribution
Author:
Group Definitions for the Secure NT Build
Requirement Definition
The ACP requires that access to Pathway systems be
controlled by the use of pre defined roles to which users can
be assigned. Such roles will allow users to access only those
parts of the system, with associated objects, they need in order
to complete the tasks associated with that particular role. This
document summarises this requirement and defines the roles,
with associated objects, domains and access requirements.
Approved
Barry Procter, Mark Ascott, Chris Sundt, Joe Brown, lan
Morrison, John Allen, Belinda Fairthorne, Gerry Boyce, Mik
Peach, Graham Chatten, Stephen Doyle, Alan Ward, Chris
Humphries, Library
Alan D’Alvarez
COMMERCIAL IN CONFIDENCE Page 1
FUJ00087991
FUJ00087991
ICL Pathway Group Definitions for the Secure NT Build Ref:RS/REQ/O12
Release 2 Version:3.0
Date:21/10/98
0. Document control
0.1 Document history
Version Date Reason
0.1 2/9/98 Initial draft with limited circulation for comment.
0.2 3/9/98 Incorporates comments from Chris Sundt and Barry Procter
1.0 8/9/98 Baselined version
14 9/9/98 CP1523 - MIS component breakdown
2.0 18/9/98 Baseline with amended set of tools for support roles
21 8/10/98 CP 1583 - Incorporates changes identified as a result of test
and meetings
2.2 9/10/98 Incorporates changes identified as a result of document review
3.0 21/10/98 Approved for NR2 MOT build
0.2 Approval authorities
Name Position Signature Date
Stephen Doyle Design Manager
Associated documents
Reference Vers Date Title
ACP RS/POL/0003 2.0 24/2/98 Access Control Policy
SFS RS/FSP/0001 3.0 3/12/97 Security Functional Specification
0.3 Abbreviations and definitions
Local Access via the console attached directly to an NT platform
0.4 Changes in this version
[Changes since V2.1] Use of Exceed for the SSC. Amendments to ICL Outsourcing roles including creation of
additional users and revisions to toolsets. Additional tools for Pathway FRM Manager. Change of name for FCMS
user to Pathway FRM User. Ad hoc changes identified after review of previous version. Revisions to
Authentication/Resource Domain access.
COMMERCIAL IN CONFIDENCE Page 2
FUJ00087991
FUJ00087991
ICL Pathway Group Definitions for the Secure NT Build Ref:RS/REQ/012
Release 2 Version:3.0
Date:21/10/98
0.5 Changes Forecast
Identify further tools for the SSC to replace the use of the POSIX subsystem for the filtering of Riposte scans.
COMMERCIAL IN CONFIDENCE Page 3
FUJ00087991
FUJ00087991
ICL Pathway Group Definitions for the Secure NT Build Ref:RS/REQ/012
Release 2 Version:3.0
Date:21/10/98
0.6 Table of content
0. Document CONtIOI....... ee cece eeeec cece cece cece neeeeeeneeeeeeseeceeienaeenesieieneseeseneeeete 2
0.1 Document history................cececceccecceceseeeesceceeeceecaeeeteceseeecsetseeaeeseeeeateaes 2
0.2 Approval authorities...
0.3 Associated documents.
0.4 Abbreviations and definitions. ................cccceceseseseeseeeseeeeeeseseseeeseeeeeeneess 2
0.5 Changes in this version.................cccceseceeseseseseececeeeeeeeeeeeneeeeeeeeeereneeeecee 2
0.6 Changes Forecast.
0.7 Table of content.
Appendices
A. Table of roles and associated access requirements
COMMERCIAL IN CONFIDENCE Page 4
FUJ00087991
FUJ00087991
ICL Pathway Group Definitions for the Secure NT Build Ref:RS/REQ/012
Release 2 Version:3.0
Date:21/10/98
1. Introduction
The nature of the Pathway system requires that access to the core systems should be
strictly controlled. [ACP] states that effective control depends on having a clear definition
of the roles and responsibilities of all personnel who need some form of access to the
system. Users will gain access by being assigned to these roles. This will be core to
Pathway implementing the principles of least privilege.
This document summarises the requirement and defines the human roles that will be
implemented for NT platforms; which objects will be used by each role; the domains each
role will function within; access point for the role; and associated privileges.
2. Scope
This document addresses the roles to be implemented as part of the Pathway central NT
systems and access rights assigned to each role.
3. Requirements
The requirement to implement a role based access control system emanates from [ACP].
[ACP] further defines the roles that are required for access to the Pathway Systems and
the responsibilities of these roles.
It should be noted that the Pathway solution has moved on since Version 2 of the ACP
was issued and, as such, the Groups defined at Appendix A do not always correlate with
the roles defined in [ACP]. This will be addressed by feeding these role definitions into
the current review of the ACP which will be subject to a CP once all necessary changes
have been agreed.
4. Implementation
Each role will be set up as a Group within NT. Individual users will be assigned to these
Groups in which access to objects, domains, servers and associated privileges will be
controlled. These Groups are defined in Appendix A.
Roles will have defined access points which will have an accompanying Platform Design
Document. Access to objects will be made available to each role at the relevant access
point.
4.1 NT Administrator User
The Windows NT operating system is provided with a super user known as the
‘Administrator. This user has full administration and configuration privileges which is
exercised at both system/server and domain level. This capability cannot be removed
from Windows NT. Pathway recognises the power that this user has and the ability that a
human user, using the administrator user, has to interfere with the day to day operation of
the Pathway solution.
COMMERCIAL IN CONFIDENCE Page 5
FUJ00087991
FUJ00087991
ICL Pathway Group Definitions for the Secure NT Build Ref:RS/REQ/012
Release 2 Version:3.0
Date:21/10/98
To address this issue, Pathway will limit and restrict the use of the NT Administrator User.
This will be achieved by:
> Renaming the Administrator User on all NT Servers so that it is hidden from the system.
The account name and password will be specified by the Pathway Security Manager,
which will be strictly controlled and stored in a secure safe.
> Restrict full administrator privileges to the ‘Operational Management’ role. Use of this
role will be subject to the management and procedural controls set out in the ‘Pathway
Code of Practice’, PA/STD/010.
COMMERCIAL IN CONFIDENCE Page 6
FUJ00087991
FUJ00087991
ICL Pathway Group Definitions for the Secure NT Build Ref:RS/REQ/012
Release 2 Version:3.0
Date:21/10/98
APPENDIX A
Group Name to be I Tools NT Servers Access Rights Authentication Resource Domain I Access Point ACP Equivalent
implemented Domain access
ICL Outsourcing
Application SUP » Discoverer 2000 B/W SLAM Read / Write / PWYDCS B/WSLAM CFM NT Client PC Application
> PC Xware Domain User Execute Support (CFM)
» Microsoft Office
>» PC Anywhere Access to Sequent
> Onnnet (telnet/ftp)
>» Patrol v3.2.05
» Legato Adimistrator
> 164.0
>_SQL Server Admin
Base Installation NT Administrator All Servers Administrative Local Server Console Server Console Base Installation &
& Configuration Full Configuration
(not an (CFM)
account
template - no
system policy)
Engineer PW Event viewer All Servers Read / Execute PWYDCS B/WSLAM Server Console Engineers (NT
SEQSUP B/WPOCL Data Centres)
System Shut Down Engineers require ORASUP B/WRELS
an account that PWYHQ B/WOPSS.
has log on locally TEWKDLR B/WSECS
rights and is a SITTDLR B/WDLR
member of the DUNSDLR PWYMAS
local Power Users WYCODLR BRASUP
group. FELURS
Security > PW User Admin All Servers Read/Write PWYDCS All CFM NT Client PC Security
Management > PW Event Viewer Management
> SQL Server Admin
> SQL Server
SecurityManager
(Operational >» Compag systems IAll Servers [Administrative IPWYDCS. All CFM NT Client PC IOperational
Management reference library Full Management
COMMERCIAL IN CONFIDENCE
Page 7
ICL Pathway
Group Definitions for the Secure NT Build
Release 2
Ref:RS/REQ/012
Version:3.0
Date:21/10/98
FUJ00087991
FUJ00087991
VVVVVVVVVVVY
Insight Manager
SQL Server Admin
Technet
Microsoft Office
NT Resource Kit
Onnnet (telnet/ftp)
Patrol v3.2.05
Legato Administrator
nt srvtools
Tivoli desktop
IE4.0 for access to
Tivoli web
NT resource kit
remote console
server
PC Xware
[Access to Sequent
(CFM)
IRiposte Managemen
Network
Management
Telnet
Router Configuration
Software
Network Diagnostic
software
P/WDCS
N/A
Network Client PC
Network
IManagement
(Configurer
ISequent Support
PC Anywhere
Hyper Terminal
[Access to Sequent
Read
ISEQSUP
N/A
ISequent Client PC.
ISequent Support
Oracle Support
Telnet
[Access to Sequent
Read
IORASUP
N/A
[Oracle Client PC
Oracle Support
IEMC Support
VIVIV Vv
EMC proprietary
Client software
[Access to Sequent
Read
P/WOCS
N/A
EMC Client PC
INone
COMMERCIAL IN CONFIDENCE
Page 8
FUJ00087991
FUJ00087991
ICL Pathway Group Definitions for the Secure NT Build Ref:RS/REQ/012
Release 2 Version:3.0
Date:21/10/98
Group Name to be I Tools NT Servers Access rights Authentication Resource Domain I Access Point ACP Equivalent
implemented Domain access
SSC Application I Tivoli Remote Console All Servers Read/Write/ PWYDCS All SSC NT Client PC ‘Application Support
Management ExCeed for Windows NT (V Execute (SSC)
6.1) Also:
Relient Access to Sequent
RiposteGetMessage.exe
RiposteNode.exe
RiposteObjectSecurity.exe
RiposteObject.exe
RipostePing.exe
RipostePriorityMessage.exe
RiposteQueryUK.exe
RiposteNextMessage.exe
RipostePutMessage.exe
RiposteScanMessage.exe
RiposteStatus.exe
RODBClient.exe
SQLServer V6.5 client
NT utilities
Microsoft Diagnostics
Visual Basic I.D.E.
PW Event Viewer
WinZip/Pkzip
CD Rom writing software
Textpad
Microsoft Word/ Excel/
Access/ Explorer
Internet Explorer
Services Manager
CMD Prompt
Performance Monitor
Registry editor
In-house Utilities
Archve Viewer
COMMERCIAL IN CONFIDENCE
Page 9
FUJ00087991
FUJ00087991
ICL Pathway Group Definitions for the Secure NT Build Ref:RS/REQ/012
Release 2 Version:3.0
Date:21/10/98
Expiry Reporter
Stops Reporter
Formatted File Utility
MessageStore Utility
EndO{Day Reporter
MessageStore Sort Utility
SSC Application I Tivoli Remote Console All Servers Read / Execute I PWYDCS All SSC NT Client PC Application Support
Support ExCeed for Windows NT (V (SSC)
6.1)
Relient Also;
RiposteGetMessage.exe Access to Sequent
RiposteNode.exe
RiposteObject.exe
RipostePing.exe
RipostePriorityMessage.exe
RiposteNextMessage.exe
RiposteQueryUK.exe
RiposteScanMessage.exe
RiposteStatus.exe
RODBClient.exe
SQLServer V6.5 client
NT utilities
Microsoft Diagnostics
Visual Basic I.D.E.
W Event Viewer
WinZip/Pkzip
CD Rom writing software
Textpad
Microsoft Word/ Excel/
Access/ Explorer
Internet Explorer
Services Manager
CMD Prompt
Performance Monitor
In-house Utilities
Archve Viewer
Expiry Reporter
COMMERCIAL IN CONFIDENCE Page 10
FUJ00087991
FUJ00087991
ICL Pathway Group Definitions for the Secure NT Build Ref:RS/REQ/012
Release 2 Version:3.0
Date:21/10/98
Stops Reporter
Formatted File Utility
MessageStore Utility
EndO{Day Reporter
MessageStore Sort Utility
COMMERCIAL IN CONFIDENCE Page 11
FUJ00087991
FUJ00087991
ICL Pathway Group Definitions for the Secure NT Build Ref:RS/REQ/012
Release 2 Version:3.0
Date:21/10/98
Group Name to be I Tools NT Servers Access rights Authentication Resource Domain I Access Point ACP Equivalent
I implemented Domain access
Pathway Roles
Auditor Legato client.exe Audit Archive and Read/ Execute PWYDCS B/WOPSS Audit PC NAO Auditor
RiposteRQueryUK. Retrieval Server DSS Auditor
SD/DES/077 POCL Auditor
Pathway Business
Functions Auditor
Auto-Configuration I ACDB Client.exe Auto-Configuration Read/Write/Execute I PWYDCS B/WRELS. Auto-Configuration. None
Administrator (assign member of Server Client PC
ACDB Admin
Group) SD/DES/026
Auto-Configuration I ACDB Client.exe Auto-Configuration Read/Write/Execute I PWYDCS B/WRELS Auto-Configuration None
User (assign member of Server Client PC
ACDB User Group)
SD/DES/026
Business Support Discoverer Client Access to PAS/CMS I Read / Execute PWYHQ /WOPSS Business Support Client I Business Support
RiposteQueryUK.exe PC Pathway
Management
SD/DES/092
MIS BPS Users MIS Client B/W SLAM Read/Execute PWYHQ B/WSLAM SLAM Client PC Implicit in text
> BPS_MIS
Universe Also: SD/DES/015
Windows Explorer Access to Data
MS Office Warehouse
WinZip v6..3
3.5 floppy
CD ROM
Printer
CD Writer Software
(Easy CD from
adaptec)
COMMERCIAL IN CONFIDENCE
Page 12
ICL Pathway
Group Definitions for the Secure NT Build
Release 2
Ref:RS/REQ/012
Version:3.0
Date:21/10/98
FUJ00087991
FUJ00087991
Group Name to be
implemented
Tools
NT Servers
Access rights
Authentication
Domain
Resource Domain
access
Access Point
ACP Equivalent
SLAM Users
MIS Client
>» SLAM Users
» CON SQL*
Forms
» Ad Hoc reporting
> BO_REP
Universe
»® CCS SQL* Forms
» Reference Data
SQL*Forms app
> BO Designer
> Supervisor
Windows Explorer
MS Office
Printer
3.5 floppy
CD ROM.
B/W SLAM
Read/Execute
PWYHQ
B/WSLAM
SLAM Client PC
SD/DES/015
Implicit in text
MIS Business
Development Users
MIS Client
> BPS_MIS
Universe
Windows Explorer
MS Office
Printer
B/WSLAM
Access to Data
Warehouse
Read/Execute
PWYHQ
B/WSLAM
SLAM Client PC
SD/DES/015
Implicit in text
ECCO MIG users
As per SD/DES/016
Migration Agent
Server
Read/Write/Execute
PWYMAS
PWYMAS.
B/WOPSS
ECCO Migration Laptop
SD/DES/016
None
COMMERCIAL IN CONFIDENCE
Page 13
ICL Pathway
Group Definitions for the Secure NT Build
Release 2
Ref:RS/REQ/012
Version:3.0
Date:21/10/98
FUJ00087991
FUJ00087991
Pathway FRM
Manager
MIS Client
» FCMS
SQL*Forms App
FRM Universe
FCMS Audit
Fraud Universe
Designer
Supervisor
Ad hoc universe
‘indows Explorer
MS Office
Printer
CD ROM
3.5 inch floppy
CD Writer Software
(Easy CD from
adaptec)
EVVVVVY
Access to Sequent
only
Read / Execute
PWYDCS
B/WSLAM
FRM Client PC
SD/DES/091
Pathway FRM
Pathway FRM
Analyst
MIS Client
» FCMS
SQL*Forms App
>» FRM Universe
Fraud Universe
> FraudAud
Universe
» Ad hoc universe
> Designer
> Supervisor
Windows Explorer
MS Office
Printer
CD ROM
3.5 inch floppy
CD Writer Software
(Easy CD from
adaptec)
v
Access to Sequent
only
Read / Execute
PWYDCS
/WSLAM
FRM Client PC
SD/DES/091
None
Pathway FRM
User
MIS Client
>» FCMS
SQL*Forms App
>_FRM Universe,
Access to Sequent
only
Read / Execute
PWYDCS
B/WSLAM
FRM Client PC
SD/DES/091
Girobank FRM
COMMERCIAL IN CONFIDENCE
Page 14
ICL Pathway
Group Definitions for the Secure NT Build Ref:RS/REQ/012
Release 2 Version:3.0
Date:21/10/98
FUJ00087991
FUJ00087991
> Fraud Universe
» Ad hoc universe
Windows Explorer
MS Office
Printer
CD ROM
3.5 inch floppy
CD Writer Software
(Easy CD from
adaptec)
Roll Out Support RODB Client RODB Server Read / Execute PWYDCS /WRELS RODB Client PC Roll Out Support
Advisor Desk Advisors
SD/DES/050
Roll Out RODB Client RODB Server Read/ Write/ PWYDCS B/WRELS RODB Client PC None
Administrator ACDB Server Execute
NT Shares to RODB SD/DES/050
and ACDB
Security Event SecurID admin.client I All Read / Execute PWYDCS All SecurID Admin W/S Pathway Security
Auditor PW Event Viewer Event Auditor
Tivoli Web Browser SD/DES/090
Pathway Security SecurID admin.client I All Read /Execute PWYDCS All SecurID Admin W/S Pathway Security
Management PW Event Viewer Access to Enterprise Manager
Tivoli Web Browser Server (SecurID) SD/DES/090
Other Roles COR ie CONE t Eva eee ce
DSS FIT MIS Client Access to Sequent Read / Execute PWYDCS B/WSLAM FRM Client PC DSS FIT
> FCDB SQL*Forms I only
Application SD/DES/091
FTMS Remote User I Windows Explorer Local share Read / Execute TEWKDLR NIA DLR Client PC None
DLR SITTDLR [Server Console]
WYCODLR
DUNSDLR SD/DES/060
RODB external Windows Explorer Roll out database Read/Write/ External supplier N/A RODB Gateway Remote I Pathway External
COMMERCIAL IN CONFIDENCE
Page 15
FUJ00087991
FUJ00087991
ICL Pathway Group Definitions for the Secure NT Build Ref:RS/REQ/012
Release 2 Version:3.0
Date:21/10/98
supplier I Execute domain PC Suppliers
SD/DES/065
COMMERCIAL IN CONFIDENCE Page 16