FUJ00087994
FUJ00087994
ICL Pathway __ Group Definitions for the Secure NT Build Ref: RS/REQ/012
Document Title:
Document Type:
Abstract:
Status:
Distribution
Author:
Release 2 Version: 4.0
Date: 22/12/98
Group Definitions for the Secure NT Build
Requirement Definition
The ACP requires that access to Pathway systems be
controlled by the use of pre defined roles to which users can
be assigned. Such roles will allow users to access only those
parts of the system, with associated objects, they need in order
to complete the tasks associated with that particular role. This
document summarises this requirement and defines the roles,
with associated objects, domains and access requirements.
Approved
Barry Procter, Mark Ascott, Chris Sundt, Joe Brown, lan
Morrison, John Allen, Belinda Fairthorne, Gerry Boyce, Mik
Peach, Graham Chatten, Stephen Doyle, Alan Ward, Chris
Humphries, Library
Alan D’Alvarez
COMMERCIAL IN CONFIDENCE Page 1
ICL Pathway
FUJ00087994
FUJ00087994
Group Definitions for the Secure NT Build Ref: RS/REQ/012
Release 2 Version: 4.0
Date: 22/12/98
0. Document control
0.1 Document history
Version
0.1
0.2
1.0
1.1
2.0
2.1
2.2
3.0
3.1
3.2
3.3
4.0
Date Reason
2/9/98 Initial draft with limited circulation for comment.
3/9/98 Incorporates comments from Chris Sundt and Barry Procter
8/9/98 Approved version
9/9/98 MIS component breakdown
18/9/98 Approved with amended set of tools for support roles
8/10/98 Incorporates changes identified as a result of test and
meetings
9/10/98 Incorporates changes identified as a result of document
review
21/10/98 Approved for NR2 MOT build
7/12/98 Defines implementation standards, revisions made to groups
via CP1710.
17/12/98 Superseded by 3.3
17/12/98 Alignment of Group Names to those implemented.
22/12/98 For approval.
0.2 Approval authorities
Name
Position Signature Date
Stephen Doyle
Design Manager
Associated documents
Reference Vers Date Title
ACP RS/POL/0003 2.0 24/2/98 Access Control Policy
SFS RS/FSP/0001 3.0 3/12/97 Security Functional Specification
0.3 Abbreviations and definitions
Local
Access via the console attached directly to an NT platform
COMMERCIAL IN CONFIDENCE Page 2
FUJ00087994
FUJ00087994
ICL Pathway __ Group Definitions for the Secure NT Build Ref: RS/REQ/012
Release 2 Version: 4.0
Date: 22/12/98
0.4 Changes in this version
From V3.0: Alignment of Group Names to implementation. Revisions to groups and toolsets. Addition of RDMC
Groups and Base Installation for RODB Group. Defines implementation standards.
0.5 Changes Forecast
None
COMMERCIAL IN CONFIDENCE Page 3
FUJ00087994
FUJ00087994
ICL Pathway __ Group Definitions for the Secure NT Build Ref: RS/REQ/012
Release 2 Version: 4.0
Date: 22/12/98
0.6 Table of content
0. Document CONtION. ee eee eceeeeeeeceeeceeeeceeeeeeceeeeneeeesceseseseeecenasieeeeseesetetetete 2
0.1 Document history...
0.2 Approval authoritie:
0.3 Associated documents.
0.4 Abbreviations and definitions... ceeceeeeseeeeeeeeeeeeeeseeeeeeeeeeeteree 2
0.5 Changes in this version. ............ccecccescseecsseeeseseseeeeeeseacseseeeeerecseseeeseeseaeee 3
0.6 Changes Forecast.
0.7 Table of content.
1. Introduction.
2. SCOPC 2c eee ceceeceseeceeeeseeseeseseeeceeesesseeaesecsessesaeseeeeseceecaeeseeceeesenecseeaeeeeeeeeeeaees 5
3. Requirement..............cecccecee cece cee cecesce eee eeeceeceeceeceeeeceececeeseeceeseeeeseesseeaneeeate 5
4. Implementation .............. 0.0... ceececeeeeeece cee eeeeeeeeeeeeeeeeeeceeeeeeeeeeteseeeeses 4
Appendices
A. Table of roles and associated access requirements
COMMERCIAL IN CONFIDENCE Page 4
FUJ00087994
FUJ00087994
ICL Pathway __ Group Definitions for the Secure NT Build Ref: RS/REQ/012
Release 2 Version: 4.0
Date: 22/12/98
1. Introduction
The nature of the Pathway system requires that access to the core systems should be
strictly controlled. [ACP] states that effective control depends on having a clear definition
of the roles and responsibilities of all personnel who need some form of access to the
system. Users will gain access by being assigned to these roles. This will be core to
Pathway implementing the principles of least privilege.
This document summarises the requirement and defines the human roles that will be
implemented for NT platforms; which objects will be used by each role; the domains each
role will function within; access point for the role; and associated privileges.
2. Scope
This document addresses the roles to be implemented as part of the Pathway central NT
systems and access rights assigned to each role.
3. Requirements
The requirement to implement a role based access control system emanates from [ACP].
[ACP] further defines the roles that are required for access to the Pathway Systems and
the responsibilities of these roles.
It should be noted that the Pathway solution has moved on since Version 2 of the ACP
was issued and, as such, the Groups defined at Appendix A do not always correlate with
the roles defined in [ACP]. This will be addressed by feeding these role definitions into
the current review of the ACP which will be subject to a CP once all necessary changes
have been agreed.
4. Implementation
Each role will be set up as a Group within NT. Individual users will be assigned to these
Groups in which access to objects, domains, servers and associated privileges will be
controlled. These Groups are defined in Appendix A.
Roles will have defined access points which will have an accompanying Platform Design
Document. Access to objects will be made available to each role at the relevant access
point.
The definition of the users will be held in a spreadsheet, or similar, and automated tools
will be used for the production of the relevant command scripts.
Human roles, as defined in this document, will be implemented using command scripts
that will be separate from the command scripts that implement service users. By doing
this, it will simplify the implementation and maintenance of the roles defined in Annex A.
Exceptions to this are those roles within the support services, ICL Outsourcing and SSC,
who will access toolsets via the command line. All roles only have authority to access the
toolsets specified in this document.
COMMERCIAL IN CONFIDENCE Page 5
FUJ00087994
FUJ00087994
ICL Pathway __ Group Definitions for the Secure NT Build Ref: RS/REQ/012
Release 2 Version: 4.0
Date: 22/12/98
4.1 NT Administrator User
The Windows NT operating system is provided with a super user known as the
‘Administrator. This user has full administration and configuration privileges which is
exercised at both system/server and domain level. This capability cannot be removed
from Windows NT. Pathway recognises the power that this user has and the ability that a
human user, using the administrator user, has to interfere with the day to day operation of
the Pathway solution.
To address this issue, Pathway will limit and restrict the use of the NT Administrator User.
This will be achieved by:
> Renaming the Administrator User on all NT Servers so that it is hidden from the system.
The account name and password will be specified by the Pathway Security Manager,
which will be strictly controlled and stored in a secure safe.
> Restrict full administrator privileges to the ‘Operational Management’ role. Use of this
role will be subject to the management and procedural controls set out in the ‘Pathway
Code of Practice’, PA/STD/010.
COMMERCIAL IN CONFIDENCE Page 6
FUJ00087994
FUJ00087994
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/012
Release 2 Version: 4.0
Date: 22/12/98
APPENDIX A
Group Name to be I Tools NT Servers Access Rights Authentication Resource Domain I Access Point ACP Equivalent
implemented Domain access
ICL Outsourcing
Application SUP > Discoverer 2000 B/W SLAM Read / Write / PWYDCS B/WSLAM CFM NT Client PC Application
> PC Xware Domain User Execute Support (CFM)
> Microsoft Office
> PC Anywhere Access to Sequent
> Onnnet (telnet/ftp)
> Patrol v3.2.05
> Legato Adimistrator
> 1E4.0
>» SQL Server Admin
»>_CMD prompt
Base Installation I NT Administrator All Servers Administrative Local Server Console Server Console Base Installation &
& Configuration Full Configuration
(not an (CFM)
account
template -no
system policy)
Engineer Event logs All Servers Read / Execute PWYDCS B/WSLAM Server Console Engineers (NT
SEQSUP B/WPOCL Data Centres)
System Shut Down Assign as member ORASUP- B/WRELS
of power users PWYHQ B/WOPSS
group TEWKDLR B/WSECS
SITTDLR B/WDLR
DUNSDLR PWYMAS
WYCODLR BRASUP
FELURS
Security > PW User Admin All Servers Read/Write PWYDCS All CFM NT Client PC Security
Managers > SQL Server Admin Management
>» SQL Server
SecurityManager
> CMD prompt
Operational MAN I > Compaq systems All Servers Administrative PWwYDCS All CFM NT Client PC Operational
reference library Full Management
COMMERCIAL IN CONFIDENCE
Page 1
ICL Pathway
Group Definitions for the Secure NT Build
Release 2
Ref: RS/REQ/012
Version: 4.0
Date: 22/12/98
FUJ00087994
FUJ00087994
VVVVVVYVY
v
Insight Manager
SQL Server Admin
Technet
Microsoft Office
NT Resource Kit
Onnnet (telnet/ftp)
Patrol v3.2.05
Legato
Administrator
nt srvtools
Tivoli desktop
1E4.0 for access to
Tivoli web
NT resource kit
remote console
server
PC Xware
CMD prompt
Access to Sequent
(CFM)
Riposte
Management
Network
Managers
VVIVY
Telnet
Router
Configuration
Software
Network Diagnostic
software
P/WDCS
N/A
Network Client PC
Network
Management
Configurer
Sequent Support
PC Anywhere
Hyper Terminal
Access to Sequent
Read
SEQSUP
N/A
Sequent Client PC.
Sequent Support
Oracle Support
Telnet
Access to Sequent
Read
ORASUP
N/A
Oracle Client PC
Oracle Support
EMC Support
VIVIV Vv
EMC proprietary
Client software
Access to Sequent
Read
P/WDCS
N/A
EMC Client PC
None
COMMERCIAL IN CONFIDENCE
Page 2
FUJ00087994
FUJ00087994
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/O12
Release 2 Version: 4.0
Date: 22/12/98
Group Name to be I Tools NT Servers Access rights I Authentication Resource Domain I Access Point ACP Equivalent
implemented Domain access
SSC Apps MAN Tivoli Remote Console All Servers Read/Write/ PWYDCS All SSC NT Client PC Application Support
ExCeed for Windows NT (V Execute TEWKDLR (SSC)
6.1) Also; SITTDLR SD/DES/101
Relient Access to Sequent DUNSDLR
RiposteGetMessage.exe WYCODLR
RiposteNode.exe
RiposteObjectSecurity.exe
RiposteObject.exe
RipostePing.exe
RipostePriorityMessage.exe
RiposteQueryUK.exe
RiposteNextMessage.exe
RipostePutMessage.exe
RiposteScanMessage.exe
RiposteStatus.cxe
RODBClient.exe
SQLServer V6.5 client
utilities
NT utilities
Microsoft Diagnostics
Visual Basic I.D.E.
PW Event Viewer
WinZip/Pkzip
CD Rom writing software
Textpad
Microsoft Word/ Excel/
Access/ Explorer
Internet Explorer
Services Manager
CMD Prompt
Performance Monitor
Registry editor
In-house Utilities
COMMERCIAL IN CONFIDENCE Page 3
ICL Pathway
Group Definitions for the Secure NT Build
Release 2
Ref: RS/REQ/012
Version: 4.0
Date: 22/12/98
FUJ00087994
FUJ00087994
Archve Viewer
Expiry Reporter
Stops Reporter
Formatted File Utility
MessageStore Utility
EndOfDay Reporter
MessageStore Sort Utility
SSC Apps SUPP
Tivoli Remote Console
ExCeed for Windows NT (V
6.1)
Relient
RiposteGetMessage.exe
RiposteNode.exe
RiposteObject.exe
RipostePing.exe
RipostePriorityMessage.exe
RiposteNextMessage.exe
RiposteQueryUK.exe
RiposteScanMessage.exe
RiposteStatus.exe
RODBClient.exe
SQLServer V6.5 client
utilities
NT utilities
Microsoft Diagnostics
Visual Basic I.D.E.
W Event Viewer
WinZip/Pkzip
CD Rom writing software
Textpad
Microsoft Word/ Excel/
Access/ Explorer
Internet Explorer
Services Manager
CMD Prompt
Performance Monitor
In-house Utilities
All Servers
Also;
Access to Sequent
Read / Execute
PWYDCS
TEWKDLR
SITTDLR
DUNSDLR
WYCODLR
COMMERCIAL IN CONFIDENCE
All
SSC NT Client PC
SD/DES/101
Page 4
Application Support
(SSC)
FUJ00087994
FUJ00087994
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/012
Release 2 Version: 4.0
Date: 22/12/98
Archve Viewer
Expiry Reporter
Stops Reporter
Formatted File Utility
MessageStore Utility
EndOfDay Reporter
MessageStore Sort Utility
COMMERCIAL IN CONFIDENCE Page 5
FUJ00087994
FUJ00087994
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/012
Release 2 Version: 4.0
Date: 22/12/98
Group Name to be I Tools NT Servers Access rights Authentication Resource Domain I Access Point ACP Equivalent
implemented Domain access
Pathway Roles
Auditors Legato client.exe Audit Archive and Read/ Execute PWYDCS B/WOPSS Audit PC NAO Auditor
RiposteRQueryUK. Retrieval Server DSS Auditor
SD/DES/077 POCL Auditor
Correspondence Pathway Business
Server Functions Auditor
ACDB Admin ACDB Client.exe Auto-Configuration Read/Write/Execute I PWYDCS B/WRELS Auto-Configuration None
(assign member of Server Client PC
ACDB Admin
Group) SD/DES/026
ACDB User ACDB Client.exe Auto-Configuration Read/Write/Execute I PWYDCS B/WRELS Auto-Configuration None
(assign member of _ I Server Client PC
ACDB User Group)
SD/DES/026
Business Support _ I Discoverer Client ‘Access to PAS/CMS I Read / Execute PWYHQ B/WOPSS Business Support Client I Business Support
RiposteQueryUK.exe PC Pathway
Correspondence Management
Server SD/DES/092
MIS BPS Users MIS Client B/W SLAM Read/Execute PWYHQ B/WSLAM SLAM Client PC Implicit in text
> BPS_MIS
Universe Also: SD/DES/015
Windows Explorer Access to Data
MS Office Warehouse
WinZip v6..3
3.5 floppy
CD ROM
Printer
CD Writer Software
(Easy CD from
adaptec)
COMMERCIAL IN CONFIDENCE
Page 6
ICL Pathway
Group Definitions for the Secure NT Build
Release 2
Ref: RS/REQ/012
Version: 4.0
Date: 22/12/98
FUJ00087994
FUJ00087994
Group Name to be
implemented
SLAM Users
Tools
MIS Client
> SLAM Users
» CON SQL*
Forms
» Ad Hoc reporting
> BO_REP
Universe
» CCS SQL* Forms
> Reference Data
SQL*Forms app
> BO Designer
> Supervisor
Windows Explorer
MS Office
Printer
3.5 floppy
CD ROM
NT Servers
B/W SLAM
Access rights
Read/Execute
Authentication
Domain
PWYHQ
Resource Domain
acce:
B/WSLAM
Access Point
SLAM Client PC
SD/DES/015
ACP Equivalent
Implicit in text
MIS BUS DEV
Users
ECCO MIG Users
MIS Client
> BPS_MIS
Universe
Windows Explorer
MS Office
Printer
As per SD/DES/016
B/WSLAM
Access to Data
Warehouse
Migration Agent
Server
Read/Execute
Read/Write/Execute
PWYHQ
PWYMAS
B/WSLAM
PWYMAS
B/WOPSS
SLAM Client PC
SD/DES/015
ECCO Migration Laptop
SD/DES/016
Implicit in text
None
PWY FRM MAN
FCMS SQL*Forms
App
FRM Universe
FCMS Audit
Fraud Universe
Designer
Supervisor
Ad hoc universe
Windows Explorer
Access to Sequent
only
Read / Execute
PWYDCS
B/WSLAM
FRM Client PC
SD/DES/091
Pathway FRM
COMMERCIAL IN CONFIDENCE
Page 7
ICL Pathway
Group Definitions for the Secure NT Build
Release 2
Ref: RS/REQ/012
Version: 4.0
Date: 22/12/98
FUJ00087994
FUJ00087994
MS Office ‘97
Printer
CD ROM
3.6 inch floppy
CD Writer Software
(Easy CD from
adaptec)
PWY FRM
Analysts
FCMS SQL*Forms
App
FRM Universe
Fraud Universe
FraudAud Universe
Ad hoc universe
Designer
Supervisor
Windows Explorer
MS Office ‘97
Printer
CD ROM
3.7 inch floppy
CD Writer Software
(Easy CD from
adaptec)
Access to Sequent
only
Read / Execute
PWYDCS
B/WSLAM
FRM Client PC
SD/DES/091
None
PWY FRM USER
FCMS SQL*Forms
App
FRM Universe
Fraud Universe
Ad hoc universe
Windows Explorer
MS Office
Printer
CD ROM
3.8 inch floppy
CD Writer Software
(Easy CD from
adaptec)
Access to Sequent
only
Read / Execute
PWYDCS
B/WSLAM
FRM Client PC
SD/DES/091
Girobank FRM
COMMERCIAL IN CONFIDENCE
Page 8
FUJ00087994
FUJ00087994
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/012
Release 2 Version: 4.0
Date: 22/12/98
RDMC Admin RDMC Admin RDMC/RDDS Read/ Write/ PWYDCS RDMC Administrator
Workstation Setup Execute Workstation
(Assign as
administrator) SD/DES/048
MS Office ‘97
RDMC RDMC Admin RDMC/RDDS Read/ Write/ PWDCS RDMC Administrator
User Workstation Setup Execute Workstation
(Assign as user)
MS Office 97 SD/DES/048
RO Support Admin } RODB Client RODB Server Read / Execute PWYDCS B/WRELS RODB Client PC Roll Out Support
Desk Advisors
SD/DES/050.
RO Admin RODB Client RODB Server Read/ Write/ PWYDCS B/WRELS RODB Client PC None
ACDB Server Execute
NT Shares to RODB SD/DES/050
and ACDB
Security Auditors SecurID admin.client } All Read / Execute PWYDCS All SecurID Admin W/S Pathway Security
Event Viewer Event Auditor
Tivoli Web Browser SD/DES/090.
Pathway SECMAN I SecurID admin.client I All Read /Execute PWYDCS All SecurID Admin W/S Pathway Security
Event Viewer Access to Enterprise Manager
Tivoli Web Browser I Server (SecurID) SD/DES/090
MS Access
SQL*Net
Other Roles Ease au ne a CEU Ee Ns Ce ee ECs
DSS FIT MIS Client Access to Sequent Read / Execute PWYDCS B/WSLAM FRM Client PC DSS FIT
> FCDB SQL*Forms I only
Application SD/DES/091
FTMS - DLR Windows Explorer Local share Read / Execute TEWKDLR N/A DLR Client PC None
Remote SITTDLR [Server Console]
WYCODLR
DUNSDLR SD/DES/060
RODB external Windows Explorer I Local share on FTMS I Read/ Execute/ External supplier I N/A RODB Gateway Remote I Pathway External
COMMERCIAL IN CONFIDENCE
Page 9
FUJ00087994
FUJ00087994
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/012
Release 2 Version: 4.0
Date: 22/12/98
supplier remote Write domain PC Suppliers
SD/DES/065
RODB remote NT Administrator All Servers Administrative Local Server Console Server Console Base Installation &
FTMS base Full Configuration
installation and (CFM)
configuration
(not an
account
template - no
system policy)
COMMERCIAL IN CONFIDENCE
Page 10