ICL Pathway
FUJ00232447
FUJ00232447
Group Definitions for the Secure NT Build Core Ref:RS/REQ/O16
i Rel + Version:3.0
Services Release Date:18/10/2000
Commercial In Confidence
Document Title:
Document Type:
Abstract:
Status:
Author(s):
Distribution:
Graham Hooper
Geoffrey Vane
lain Janssens
Mike Holms-Sharp
Pete Lindsey
Nial Finnegan
Belinda Fairthorne
Suzanne Gordon
Andrew Walker
Library
Group Definitions for the Secure NT Build
Requirement Definition
The ACP requires that access to Pathway systems be
controlled by the use of pre defined roles to which users can
be assigned. Such roles will allow users to access only those
parts of the system, with associated objects, they need in order
to complete the tasks associated with that particular role. This
document summarises this requirement and defines the roles,
with associated objects, domains and access requirements.
APPROVED
Mark Ascott/Alan D’Alvarez
FELO1 Alan D’Alvarez BRAO1
FELO1 Dave Johns BRAO1
FELO1 Pete Dreweatt BRAO1
FELO1 Tom Northcott BRAO1
FELO1 Mik Peach BRAO1
FELO1 Gerry Boyce IRE11
REA23 Jenny Smith BRAO1
BRAO1 Frank Loftus FELO1
FELO1 Debbie Richardson BRAO1
© 2000 ICL Pathway Limited Commercial in Confidence Page I of 31
FUJ00232447
FUJ00232447
ICL Pathway Group Definitions for the Secure NT Build Core Ref:RS/REQ/O16
i Rel + Version:3.0
Services Release Date:18/10/2000
Commercial In Confidence
0. Document control
0.1 Document history
This table records the document history of RS/REQ/016, which is based on an identical copy of RS/REQ/012 v5.2.
VI
Version Date Reason
0.1 11/10/99 Initial draft for PVCS review cycle.
0.2 03/11/99 Incorporates comments received from Barry Procter and Patrick
Weightman resulting from PVCS review cycle.
1.0 04/11/99 Document set to Approved.
1.1 12/11/99 Amendments since document set to approved.
1.2 25/11/99 Updated to clarify toolsets for KMS SYSADM and KMS DBA roles.
1.3 07/12/99 Updated to identify toolsets for OCMS Admin & OCMS User roles.
1.4 17/12/99 Updated to further clarify tools sets for KMS roles
1.5 10/01/00 Updated to cater for CP2373 and CP2308
1.6 23/01/00 Updated to cater for CP2330 FTMS — OCMS links in FRODB
2.0 30/01/00 Issued for approval.
21 10/03/00 Updated to cater for CP2377 (WARWTIP), CP2373 (EPOSS
Reports), CP2272 (MIS Client Build) and CP2458 (OCMS).
2.2 19/04/00 Updated to cater for CP2502 (KMS Roles Printing to Network Printer).
2.3 05/05/00 Updated to cater for CP2485 (APS User role and CS Admin roles
added in, RDMC Admin role will be removed at some point in the
future).
24 09/05/00 Updated to address pinicl 43816, document requirement for Printer
access from all the RODB User groups, CP2591.
25 07/06/00 Updated to address pinicl 46827, operational requirement for all KMS
roles to view NT Event Logs.
2.6 21/06/00 Updated to address pinicl 44842, CS Admin & RDMC User roles
updated to include shortcut pointing to
MessageSubmissionApplication.exe.
2.7 30/06/00 Updated to change Domain name WARWTIP to PDRTIP as per
CP2537 where PDR stands for Pocl Disaster Recovery.
28 24/07/00 Updated to remove all references to FRODB domain and RODB roles
as per CP2630.
29 08/08/00 Updated to address comments received from Frank Loftus, new
Platforms TDA, main changes to Physical Platform Configuration
© 2000 ICL Pathway Limited Commercial in Confidence Page 2 of 31
FUJ00232447
FUJ00232447
ICL Pathway Group Definitions for the Secure NT Build Core Ref:RS/REQ/016
i Version:3.0
Services Release + Date: 18/10/2000
Commercial In Confidence
design docment references.
2.9A 14/08/00 KMS SSC APPS SUP role updated with the addition of Explorer.exe &
Cmd.exe as per PinICL 52072.
2.10 24/08/00 Updated to include comments received from PVCS Document Review
Cycle.
2.11 18/09/00 Auditor role updated to include new tool as per PinlICL 53666
2.12 09/10/00 OCMS Roles updated as per CP2672 taking input from SD/DES/176
v0.3
3.0 09/10/00 V3.0 APPROVED BASELINE
0.2 Approval authorities
Approval Authority Signature Date
Geoffrey Vane
Alan D’Alvarez
0.3. Associated documents
Reference Vers Date Title
ACP RS/POL/0003 3.0 18/12/98 Access Control Policy
SFS RS/FSP/0001 3.0 3/12/97 Security Functional Specification
NT DOM RS/DES/0051 1.0 19/08/99 CSR+ NT Domain Design
NT RS/REQ/012 5.0 04/06/99 NT Groups Definition for NR2
ROLES
0.4 Abbreviations and definitions
Local Access via the console attached directly to an NT platform
0.5 Changes in this version
OCMS Roles
Auditor role updated to fix PinICL 53666.
KMS SSC APPS SUP role now includes explorer.exe and cmd.exe
All references to RODB roles and FRODB domain have been removed
Domain WARWTIP changed to PDRTIP
RDMC User & CS Admin Roles updated with new shortcut
© 2000 ICL Pathway Limited Commercial in Confidence Page 3 of 31
FUJ00232447
FUJ00232447
ICL Pathway Group Definitions for the Secure NT Build Core Ref:RS/REQ/O16
i Rel + Version:3.0
Services Release Date:18/10/2000
Commercial In Confidence
0.6 Changes Forecast
None.
Table of content
0. DOCUMENT CONTROL...
0.1 DOCUMENT HISTORY.
0.2. APPROVAL AUTHORITIES.
0.3. ASSOCIATED DOCUMENTS.
0.4 ABBREVIATIONS AND DEFINITIONS.
0.5 CHANGES IN THIS VERSION.
0.6 CHANGES FORECAST.
1. INTRODUCTION
A Rowe we wv
3. REQUIREMENTS..
4. IMPLEMENTATION.
4.1 NT ADMINISTRATOR USER. 6
5. NOTES THAT APPLY TO ANNEX A....
Appendices
A. Table of roles and associated access requirements for Human Users
B. Table of Service User Accounts
C. Table of Remote FTMS Domain FTMS & FTP Users
© 2000 ICL Pathway Limited Commercial in Confidence Page 4 of 31
FUJ00232447
FUJ00232447
ICL Pathway Group Definitions for the Secure NT Build Core Ref:RS/REQ/016
i Rel + Version:3.0
Services Release Date:18/10/2000
Commercial In Confidence
1. Introduction
The nature of the Pathway system requires that access to the core systems should be
strictly controlled. [ACP] states that effective control depends on having a clear definition
of the roles and responsibilities of all personnel who need some form of access to the
system. Users will gain access by being assigned to these roles. This will be core to
Pathway implementing the principles of least privilege.
This document summarises the requirement and defines the human roles that will be
implemented for NT platforms; which objects will be used by each role; the domains each
role will function within; access point for the role; and associated privileges.
2. Scope
This document addresses the roles to be implemented as part of the Pathway central NT
systems and access rights assigned to each role. Each role within this document access
the datacentre through the Pathway NT Domain Structure referenced in [NT DOM].
CP2630 removes Roll Out Database and FRODB domain from the Secure Managed
Environment and is now out of scope.
Roles used by SMC, SMG and Girobank are specifically excluded from this document as
they authenticated on separate NT systems which form part of a managed service.
Roles used and defined by OSD are described in this document for completeness.
Configuration of these roles in the live estate may be partly provided by SDU and T&l PIT
or completely by OSD.
3. Requirements
The requirement to implement a role based access control system emanates from [ACP].
[ACP] further defines the roles that are required for access to the Pathway Systems and
the responsibilities of these roles.
It should be noted that the Pathway solution has moved on since Version 2 of the ACP
was issued and, as such, the Groups defined at Appendix A do not always correlate with
the roles defined in [ACP]. This will be addressed by feeding these role definitions into
the current review of the ACP which will be subject to a CP once all necessary changes
have been agreed.
4. Implementation
Each role will be set up as a Group within NT. Individual users will be assigned to these
Groups in which access to objects, domains, servers and associated privileges will be
controlled. These Groups are defined in Appendix A.
Roles will have defined access points which will have an accompanying Platform Design
Document. Access to objects will be made available to each role at the relevant access
point. This document specifically covers the Groups accessing the data centres. The
Horizon Helpdesk and SMC/SMG roles are the responsibility of the appropriate managed
service for the provision of suitable client systems compliant to the SFS and ACP.
© 2000 ICL Pathway Limited Commercial in Confidence Page 5 of 31
FUJ00232447
FUJ00232447
ICL Pathway Group Definitions for the Secure NT Build Core Ref:RS/REQ/O16
i Rel + Version:3.0
Services Release Date:18/10/2000
Commercial In Confidence
The definition of the users will be held in a spreadsheet, or similar, and automated tools
will be used for the production of the relevant command scripts.
Human roles and service users, as defined in this document, will be implemented using
automated command scripts. By doing this, it will simplify the implementation and
maintenance of the roles and service users defined in Annex A and B. Exceptions to this
are those roles within the support services, ICL Outsourcing and SSC, who will also
access toolsets via the command line. All roles only have authority to access the toolsets
specified in this document.
Human users created from the defined roles may only be members of one role/Group
definition. This is required to ensure the user is only provided with one appropriate
toolset.
Implementation of the toolsets for the ICL Outsourcing roles will be the responsibility of
the managed service and profiles will be set up locally on the NT client. In these
instances there will be no user profile on the PDC.
Implementation of the menu structure for each Group will ensure that users assigned to
that Group will be able to access the application set necessary for them to fulfil their
duties. Not all tools will be available through a direct menu option; for example, Business
Objects Universes will be accessed via a Business Object menu option. The Business
Objects Administrator will be responsible for allocating the appropriate universes to users.
Those ‘tools’ prefixed with ‘>’ will not typically be assigned as a menu option through the
PDC.
4.1 NT Administrator User
The Windows NT operating system is provided with a super user known as the
‘Administrator. This user has full administration and configuration privileges which is
exercised at both system/server and domain level. This capability cannot be removed
from Windows NT. Pathway recognises the power that this user has and the ability that a
human user, using the administrator user, has to interfere with the day to day operation of
the Pathway solution.
To address this issue, Pathway will limit and restrict the use of the NT Administrator User.
This will be achieved by:
> Renaming the Administrator User on all NT Servers so that it is hidden from the
system. The account name and password will be specified by the Pathway Security
Manager, which will be strictly controlled and stored in a secure safe.
> Restrict full administrator privileges to the ‘Operational Management’ role. Use of this
role will be subject to the management and procedural controls set out in the ‘Pathway
Code of Practice’, PA/STD/010.
© 2000 ICL Pathway Limited Commercial in Confidence Page 6 of 31
FUJ00232447
FUJ00232447
ICL Pathway Group Definitions for the Secure NT Build Core Ref:RS/REQ/O16
i Rel + Version:3.0
Services Release Date:18/10/2000
Commercial In Confidence
5. Notes that apply to Annex A
Those ‘tools’ prefixed with ‘>’ will not be assigned as a menu option from the users
workstation/access point. Instead the tool will be made available to the user from the
Command Line.
The term NT Resource Kit will mean the full complement of NT Resource Kit utilities will
be made available to the user role.
The term NT Resource Kit* {Toolname} will mean only the specific Resource Kit utility or
utilities specified by {Toolname} will be made available to the user role.
The term NT Server Tools will mean the default Administrative Tools (Common)
executables delivered with the NT Operating System.
© 2000 ICL Pathway Limited Commercial in Confidence Page 7 of 31
FUJ00232447
FUJ00232447
ICL Pathway Group Definitions for the Secure NT Build Core Ref:RS/REQ/016
‘ Version:3.0
Services Release + Date:18/10/2000
Commercial In Confidence
APPENDIX A — Human User Roles
Application SUP » Discoverer 2000 B/W SLAM Read / Write / PWYDCS B/WSLAM OSD NT Client I Application
>» PC Xware Domain User I Execute PWYHQ PC Support (OSD)
» Microsoft Office HUTHTIP. Third Party
>» Onnnet (telnet/ftp) Access to FARNHAPS Supplier PC
> Patrol v3.2.05 Sequent LEICHAPS.
>» Legato Administrator PDRTIP.
> 1E4.0
>» SQL Server Admin
> CMD prompt
>
Base Installation & INT Administrator All Servers Administrative Local \Server Console \Server Console {Base Installation &
Configuration Full Configuration (OSD)
(not an account
femplate - no
isystem policy)
Engineer Event logs All Servers Read / Execute I PWYDCS SEQSUP Server Console I Engineers (NT
PWYHQ ORASUP Data Centres)
System Shut Down Assign as PWYKMS B/WSLAM
member of PWYFTMS B/WPOCL
power users HUTHTIP. B/WBOOT
group FARNHAPS B/WOPSS
LEICHAPS PWYMAS
PDRTIP BRASUP
FELUSRS
SIGF
CONFMAN
CORPPWY
Security >» NT User Manager All Servers Read/Write PWYDCS All OSD NT Client I Security
Managers >_SQL Server Admin PWYHQ PC Management
© 2000 ICL Pathway Limited
Commercial in Confidence
Page 8 of 31
FUJ00232447
FUJ00232447
ICL Pathway Group Definitions for the Secure NT Build Core Ref:RS/REQ/016
‘ Version:3.0
Services Release + Date:18/10/2000
Commercial In Confidence
>» SQL Server PWYFTMS Third Party
SecurityManager HUTHTIP. Supplier PC
>» CMD prompt FARNHAPS
LEICHAPS
PDRTIP
KMS SYSADMs > NT Resource Kit All KMS Administrative PWYKMS N/A KMS Admin Operational
Servers Workstation Management
NT Server Tools (OSD)
SD/DES/135
CMD Prompt
Explorer.exe
This role requires
access to the network
printer which should be
configures on the KMS
Admin Workstation
(Operational MAN =I» Compaq systems All Servers [Administrative PWYDCS All IOSD NT Client {Operational
reference library Full PWYHQ IPC Management
> Insight Manager (Access to PWYFTMS [Third Party (OSD)
> SQL Server Admin \Sequent IHUTHTIP. [Supplier PC Riposte Management}
> Technet FARNHAPS.
> Microsoft Office LEICHAPS
> NT Resource Kit PDRTIP
> Onnnet (telnet/ftp)
> Patrol v3.2.05
> Legato Administrator
> nt srvtools
> Tivoli desktop
> 1E4.0 for access to
Tivoli web
> NT resource kit remote
console server
> PC Xware
© 2000 ICL Pathway Limited Commercial in Confidence Page 9 of 31
ICL Pathway
Group Definitions for the Secure NT Build Core
Services Release +
Commercial In Confidence
Ref:RS/REQ/016
Version:3.0
Date:18/10/2000
FUJ00232447
FUJ00232447
RiposteNode.exe
RiposteObjectSecurity.
Exe
RiposteObject.exe
RipostePing.exe
Vv
Vv
RipostePriorityMessag.
e.exe
>> CMD prompt
> VPNDiagClient.exe
> Notepad
> SVPNTSTN.exe
(Utimaco API Function
Tool)
Network Managers I> Telnet PWYDCS IN/A Network Client INetwork
> Router Configuration IPC Management
Software [Third Party Configurer
> Network Diagnostic [Supplier PC
software
> CMD prompt
> _VPNDiagClient.exe
iSequent Support [> PC Anywhere (Access to [Read PWYDCS ISEQSUP Sequent Client ISequent Support
> Hyper Terminal ISequent IPC
(Oracle Support > Telnet (Access to Read IPWYDCS (ORASUP Oracle Client PC IOracle Support
Sequent
EMC Support > EMC proprietary (Access to IRead PYWDCS IN/A IEMC Client PC INone
> Client software \Sequent
ISSC Apps MAN ICMD prompt IAll Servers IRead/Write/ IPWYDCS All ISSC NT Client PC [Application Support
[Execute IPWYHQ (SSC)
> Tivoli Remote Console Also: IPWYFTMS ISD/DES/172
> Relient IAccess to Sequent IHUTHTIP
> Rconsole IFARNHAPS
> RiposteGetMessage.exe ILEICHAPS
> RiposteIndex.exe PDRTIP
>
>
© 2000 ICL Pathway Limited
Commercial in Confidence
Page 10 of 31
ICL Pathway
Group Definitions for the Secure NT Build Core Ref:RS/REQ/016
Services Release +
Commercial In Confidence
Version:3.0
Date:18/10/2000
FUJ00232447
FUJ00232447
RiposteQueryUK.exe
RiposteNextMessage.exe
RipostePutMessage.exe
RiposteScanMessage.
RiposteStatus.exe
RODBClient.exe
SQLServer V6.5 client
utilities
ExCeed for Windows NTI
(V6.1
> Visual Basic I.D.E.
[Telnet
VVVVVVY
Vv
» FTP (To Host Sequent,
and other POCL.
Services)
[Microsoft Diagnostics
INT Event Viewer
WinZip/Pkzip
(CD Rom writing sofiware
\Textpad
INotePad
\Microsoft Word
(Microsoft Excel
[Microsoft Access
(Microsoft Explorer
Internet Explorer (c/w SSC
default links page)
Full NT Control Panel
Performance Monitor
[Registry editor
In-house Utilities
> Archive Viewer
> Expiry Reporter
> Stops Reporter
© 2000 ICL Pathway Limited
Commercial in Confidence
Page 11 of 31
ICL Pathway
Group Definitions for the Secure NT Build Core
Services Release +
Commercial In Confidence
Ref:RS/REQ/016
Version:3.0
Date:18/10/2000
FUJ00232447
FUJ00232447
Formatted File Utility
MessageStore Utility
EndOfDay Reporter
MessageStore Sort Utilit
VVVYV
VPN Utilities
VPNDiagClient.exe
SVPNTSTN.exe
Vv
Vv
SSC Apps SUP
CMD prompt Alll Servers Read / Execute
Tivoli Remote Console
Relient Also;
Reonsole Access to Sequent
VVVY
RiposteGetMessa
ge.exe
Ripostelndex.exe
RiposteNode.exe
RiposteObject.exe
RipostePing.exe
VVVVYV
RipostePriorityM
essage.cxe
RiposteNextMess
age.exe
> RiposteQueryUK.exe
RiposteScanMess
age.exe
> RiposteStatus.exe
» RODBClient.exe
> SQLServer V6.5 client
utilities
» ExCeed for Windows
NT (V6.1)
PWYDCS.
PWYHQ
PWYFTMS
HUTHTIP
FARNHAPS
LEICHAPS
PDRTIP
© 2000 ICL Pathway Limited Commercial in Confidence
All
SSC NT Client
PC
SD/DES/172
Page 12 of 31
Application Support
(SSC)
ICL Pathway
Group Definitions for the Secure NT Build Core Ref:RS/REQ/016
Services Release +
Commercial In Confidence
Version:3.0
Date:18/10/2000
FUJ00232447
FUJ00232447
» Visual Basic I.D.E.
Telnet
NT utilities
» FTP (To Host Sequent,
and other POCL.
Services)
Microsoft Diagnostics
W Event Viewer
WinZip/Pkzip
CD Rom writing software
Textpad
Microsoft Word
Microsoft Excel
Microsoft Access
Microsoft Explorer
Internet Explorer (c/w
SSC default links page)
Full NT Control Panel
CMD Prompt
Performance Monitor
In-house Utilities
Archve Viewer
Expiry Reporter
Stops Reporter
Formatted File Utility
MessageStore Utility
EndOfDay Reporter
MessageStore Sort
Utility
VVVVVVY
VPN Utilities
> VPNDiagClient.exe
© 2000 ICL Pathway Limited
Commercial in Confidence
Page 13 of 31
FUJ00232447
FUJ00232447
ICL Pathway Group Definitions for the Secure NT Build Core Ref:RS/REQ/O16
j Version:3.0
+
Services Release Date:18/10/2000
Commercial In Confidence
Auditors Legato client.exe Audit Archive Read/ Execute I PWYDCS B/WOPSS Audit PC NAO Auditor
RiposteRQueryUK and Retrieval POCL Auditor
Oracle Discoverer Server SD/DES/140 Pathway Business
Counter Determinant Functions Auditor
MS Word Correspondence
MS Access Server
MS Excel
MS Word Pad
Note Pad
WinZip v6.3
CD Writer Software
Windows Explorer
Printer
DLT
MS Backup
Audit Extractor Client
ACDB Admin ACDB Client.exe Auto- Read/Write/Exe I} PWYDCS B/WOPSS Auto- None
» assign member of ACDB I Configuration cute Configuration
Admin Group Server Client PC
SD/DES/141
ACDB User ACDB Client.exe Auto- Read/Write/Exe I} PWYDCS B/WOPSS Auto- None
(assign member of ACDB Configuration cute Configuration
User Group) Server Client PC
SD/DES/141
Business Support RiposteQueryUK.exe Access to Read / Execute I PWYHQ B/WOPSS Business Business Support
© 2000 ICL Pathway Limited Commercial in Confidence Page 14 of 31
FUJ00232447
FUJ00232447
ICL Pathway Group Definitions for the Secure NT Build Core Ref:RS/REQ/016
i Version:3.0
+
Services Release Date:18/10/2000
Commercial In Confidence
Business Objects Correspondence Support Client Pathway
> TPF Server PC Management
Business Objects Designer SD/DES/092
Oracle Forms SUPF
Series (Helpdesk)
SLAM Users SLAM Database B/WSLAM Read/Execute PWYHQ /WSLAM SLAM Client Implicit in text
CON SQL* Forms B/WOPSS PC
CCS SQL* Forms (SSCSS svrs)
Business Objects SD/DES/181
Business Objects Designer
Business Objects Supervisor
Business Objects Reporter
Business Objects Document
Agent
Reference Data
Windows Explorer
MS Word
MS Excel
Winzip v6.3
Printer to local printer
3.5 floppy
CD ROM access
CD ROM Writer &
Software
Telnet
IMIS BUS DEV Business Objects IB/WSLAM [Read/Execute IPWYHQ IB/WSLAM ISLAM Client PC [Implicit in text
Users > Business Universe
IWindows Explorer Access to Data ISD/DES/181
IMS Word IWarehouse
IMS Excel
[Printer
ECCO MIG Users As per SD/DES/016 Migration Agent I Read/Write/Exe I PWYMAS ECCO None
Server cute Migration
Laptop
© 2000 ICL Pathway Limited Commercial in Confidence Page 15 of 31
FUJ00232447
FUJ00232447
ICL Pathway Group Definitions for the Secure NT Build Core Ref:RS/REQ/016
i Version:3.0
Services Release + Date:18/10/2000
Commercial In Confidence
I SD/DES/149
Ics Admin (was IAPS User Maintenance IRDMC/RDDS [Read/ Write/ IPWYDCS IFELUSRS IRDMC
IRDMC Admin) IRDMC Access Control Execute IAdministrator
IRDMC Interactive Data IWorkstation
[Loader
IRDMC Release Manager ISD/DES/167
IRDMC Reports
IRDMC Send
IMS Word
IMS Excel
\Winzip
Discoverer 2000
Shortcut pointing to
IMessageSubmissionA pplicatio
In.exe
IRDMC User IRDMC Interactive Data IRDMC/RDDS IRead/ Execute IPWYDCS IFELUSRS IRDMC
[Loader [Administrator
IRDMC Release Manager IWorkstation
IRDMC Reports
IMS Word [Read/ Write/ ISD/DES/167
IMS Excel Execute
Winzip Note: As a result
[Discoverer 2000
Shortcut pointing to
MessageSubmissionA pplicatio
In.exe
jof CP2441, Paul
ICurley will operate
1 RDMC at
IBRAOI with
IMemoView Added’
Ito the workstation
© 2000 ICL Pathway Limited
Commercial in Confidence
Page 16 of 31
FUJ00232447
FUJ00232447
ICL Pathway Group Definitions for the Secure NT Build Core Ref:RS/REQ/016
i Version:3.0
Services Release + Date:18/10/2000
Commercial In Confidence
IAPS User IAPS Service Agreement IAPS [Read/ Execute IPWYDCS IFELUSRS IRDMC
Manager IAdministrator
IAPS System Parameters IWorkstation
IAPS Trans Except
IAPS Client Service Manager ISD/DES/167
IMS Word Read/ Write/
IMS Excel IExecute
Winzip
[Discoverer 2000
CMS Admin JOCMS Client (OCMS Server Read / Execute IPWYDCS IBOPSS IOCMS Client PC INone
feansa from ISQL Server 6.5 Client (ACDB server in Iwithin SQL DB IWOPSS ICP2033
;OCMS_Admin) (Configuration Utility IBOPSS/WOPSS) IPWYFTMS ISD/DES/176
ISQL Server 6.5 SPSa IFTMS Gateway in
This role is obsolete IODBC V2.65 IPWYFTMS
ind has been disabled
ly the Secure Role
configuration. This
hange was
implemented as per
P2539.
JOCMS DBA OCMS Client I(OCMS Server Read / Execute IPWYDCS IBOPSS JOCMS Client PC {None
ISQL Server 6.5 Client (ACDB server in Iwithin SQL DB. IWOPSS. ICP2591
(Configuration Utility IBOPSS/WOPSS) IPWYFTMS ISD/DES/176
ISQL Server 6.5 SPSa
(ODBC V2.65
(CD Writer
Event Viewer
IMS Backup
IMS Query
[Notepad
[Performance Monitor
lWordpad
User Manager
Windows NT Explorer
IFTMS Gateway in
IPWYFTMS
© 2000 ICL Pathway Limited
Commercial in Confidence
Page 17 of 31
FUJ00232447
FUJ00232447
ICL Pathway Group Definitions for the Secure NT Build Core Ref:RS/REQ/016
i Version:3.0
+
Services Release Date:18/10/2000
Commercial In Confidence
CMS Users OCMS Client (OCMS Server IRead / Execute [PWYDCS IBOPSS JOCMS Client PC {None
changed from ISQL Server 6.5 Client (ACDB server in within SQL DB IWOPSS ICP2033
\CMS_Users) configuration Utility IBOPSS/WOPSS) ISD/DES/176 ICP2672
ISQL Server 6.5 Tools
[Business Objects V4.12
Note: The interim solution
Irequires an icon pointing to
the interim solution and an
icon pointing to the full
[OCMS solution.
[Requires access to Floppy Disc
drive.
[Requires access to a locally
connected printer.
Security Auditors SecurID admin.client All Read / Execute I PWYDCS All SecurID Admin I Pathway Security
Event Viewer Access to PWYHQ Wis Event Auditor
Tivoli Web Browser Enterprise Server PWYFTMS
MS Access (SecurID) HUTHTIP SD/DES/171
FARNHAPS
LEICHAPS
PDRTIP
Pathway SECMAN __ISecurID admin.client IAll [Read /Execute IPWYDCS IAll SecurID Admin [Pathway Security
[Event Viewer IAccess to IPWYHQ \W/S IManager
[Tivoli Web Browser [Enterprise Server PWYFTMS
IMS Access ((SecurID) IHUTHTIP ISD/DES/171
IFARNHAPS
ILEICHAPS
IPDRTIP
© 2000 ICL Pathway Limited Commercial in Confidence Page 18 of 31
ICL Pathway
Key Managers
Group Definitions for the Secure NT Build Core
Services Release +
Commercial In Confidence
KMA GUI
NT Event Viewer
Crystal Report
Designer
Crystal SQL Designer
ODBC Administrator
Runtime File
Requirements
Seagate Crystal
Reports Developer's
Help
Seagate Crystal
Reports Help
Seagate Crystal
Reports Readme
Winhelp.exe
Winhlp32.exe
NOTE
Do not install
Crystal Query Client
Crystal Query Server
Web Report Server
This role requires
access to the network
printer which should
be configured on the
KMS Admin
Workstation
KMA Server
Read/Execute
Ref:RS/REQ/016
Version:3.0
Date:18/10/2000
PWYKMS
N/A
KMA
Workstation
SD/DES/134
FUJ00232447
FUJ00232447
Cryptographic
Key Manager
© 2000 ICL Pathway Limited
Commercial in Confidence
Page 19 of 31
FUJ00232447
FUJ00232447
ICL Pathway Group Definitions for the Secure NT Build Core Ref:RS/REQ/016
i Version:3.0
+
Services Release Date:18/10/2000
Commercial In Confidence
Data Managers KMA GUI KMA Server Read/Execute I PWYKMS N/A KMA KMA Data
NT Event Viewer Workstation Manager
Crystal Report SD/DES/134
Designer
Crystal SQL Designer
ODBC Administrator
Runtime File
Requirements
Seagate Crystal
Reports Developer's
Help
Seagate Crystal
Reports Help
Seagate Crystal
Reports Readme
Winhelp.exe
Winhlp32.exe
NOTE
Do not install
Crystal Query Client
Crystal Query Server
Web Report Server
This role requires
access to the network
printer which should
be configured on the
KMS Admin
Workstation
KMS SecMANs SQL Server Admin All KMS Servers Read/Execute I PWYKMS N/A KMS Admin Security
Including and Domain Workstation Manager
SQL Server Security Workstations
© 2000 ICL Pathway Limited Commercial in Confidence Page 20 of 31
FUJ00232447
FUJ00232447
ICL Pathway Group Definitions for the Secure NT Build Core Ref:RS/REQ/016
i Version:3.0
+
Services Release Date:18/10/2000
Commercial In Confidence
Manager SD/DES/135
MS Query
SQL Trace Utility
SQL Server Books
Online
CMD Prompt
Usrmgr.exe
NT Event Viewer
This role requires
access to the network
printer which should
be configured on the
KMS Admin
Workstation
IKMS DBA ISQL Server V6.5 Client IKMA Server IRead/Execute IPWYKMS IN/A KMS Admin Database
Utilities including IWorkstation Administrator
ISQLUW
Enterprise Manager ISD/DES/135
IMS Query
ISQL Trace Utility
ISQL Server Books
(Online
INT Event Viewer
[Crystal Report Designer
Crystal SQL Designer
ODBC Administrator
Runtime File
Requirements
Seagate Crystal Reports
[Developer's Help
Seagate Crystal Reports
Help
Seagate Crystal Reports
Readme
© 2000 ICL Pathway Limited Commercial in Confidence Page 21 of 31
FUJ00232447
FUJ00232447
ICL Pathway Group Definitions for the Secure NT Build Core Ref:RS/REQ/016
i Version:3.0
+
Services Release Date:18/10/2000
Commercial In Confidence
inhelp.exe
inhip32.exe
INOTE
[Do not install
Crystal Query Client
Crystal Query Server
feb Report Server
[This role requires access
(0 the network printer
hich should be
configured on the KMS
Admin Workstation
ISSC APPS SUP__ISQL Server V6.5 Client IKMA Server IRead/Execute IPWYKMS IN/A IKMS Admin [Application
Utilities including IWorkstation Support (SSC)
ISQLIW
Enterprise Manager ISD/DES/135
IMS Query
[SQL Server Books
(Online
Crystal Report Designer
Crystal SQL Designer
ODBC Administrator
Runtime File
Requirements
[Seagate Crystal Reports
[Developer's Help
ISeagate Crystal Reports
Help
ISeagate Crystal Reports
[Readme
inhelp.exe
inhip32.exe
INT Event Viewer
lExplorer.exe
© 2000 ICL Pathway Limited Commercial in Confidence Page 22 of 31
FUJ00232447
FUJ00232447
ICL Pathway Group Definitions for the Secure NT Build Core Ref:RS/REQ/016
i Version:3.0
+
Services Release Date:18/10/2000
Commercial In Confidence
iCmd.exe
INOTE:
IDo not install Crystal
Query Client
Crystal Query Server
feb Reports Server
[This role requires access
fo the network printer
hich should be
configured on the KMS
(Admin Workstation
IKMS Auditors IMS Word IKMA Server IRead/Execute IPWYKMS IN/A KMS Admin INAO Auditor
IMS Access IWorkstation POCL Auditor
IMS Excel Pathway Business
IMS Word Pad ISD/DES/135 Functions Auditor
Note Pad
indows Explorer
INT Event Viewer
Printer
[This role requires access
fo the network printer
hich should be
configured on the KMS
Admin Workstation
© 2000 ICL Pathway Limited Commercial in Confidence Page 23 of 31
ICL Pathway Group Definitions for the Secure NT Build Core
Services Release +
Commercial In Confidence
APPENDIX B - Service User Accounts
This table lists by Domain those service users that are configured on the Domain PDC.
Ref:RS/REQ/016
Version:3.0
Date:18/10/2000
FUJ00232447
FUJ00232447
Service User Account Name [Domain Account Created In IComments
IACDBsql IBOPSS IMSSQLServer and SQLExecutive Services
IJOCMSsql IMSSQLServer and SQLExecutive Services
IFTMS IFTMS User
MAESTRO IMAESTRO User
Signing Signing Service
IKMHarvester M Key Object Harvester
IKMLoader IKM Key Object & Memo Loaders
IFTMS IBPOCL IFTMS User
IMAESTRO (AESTRO User
IVPNPMCSVC IBVPN PN Service User
IVPNPMSSVC IVPN Service User
IFTMS IFARNHAPS IFTMS User
IPOCLHAPS IPOCL HAPS Service
IFTMS IHDHORIZON IFTMS User
IHHDBTX [Horizon Helpdesk BTX User
IHHDMitel [Horizon Helpdesk Mitel User
IHHDSorbus [Horizon Helpdesk Sorbus User
IFTMS IHUTHTIP IFTMS User
IPOCLRDB IPOCL RDB Service
IPOCLRDT IPOCL RDT Service
POCLRMAIL IPOCL RMAIL Service
IPOCLTIP IPOCL TIP Service
IPOSAPADS. IPOSAPADS Service
IFTMS ILEICHAPS IFTMS User
IPOCLHAPS IPOCL HAPS Service
MAESTRO IPWYDCS MAESTRO User
© 2000 ICL Pathway Limited Commercial in Confidence
Page 24 of 31
FUJ00232447
FUJ00232447
ICL Pathway Group Definitions for the Secure NT Build Core Ref:RS/REQ/016
j Version:3.0
+
Services Release Date:18/10/2000
Commercial In Confidence
IRDMC IRDMC Service User
MAESTRO IPWYFTMS [AESTRO User
IFTMSAPS IFTMS APS Service User (Local Gateway)
IFTMSGENERAL IFTMS APS User for BGT client
IFTMSBGT IFTMS APS User for CQO client
IFTMSCQO IFTMS APS User for Mid Kent Water client
IFTMSMDKW
IFTMSHCC
IFTMSYE
IFTMSKNBC
IDBABatch IPWYKMS [Maestro DBA Service User
[Interactive Service Interactive service Account
IKMABatch IKMA Maestro SQL Service
IKMA Service IKMA Service Account
MAESTRO IAESTRO User
MAESTRO IPWYMAS IMAESTRO User
Signing SIGF Signing Service
IFTMS IPDRTIP IFTMS User
IPOCLRDB [POCL RDB Service
IPOCLRDT [POCL RDT Service
IPOCLRMAIL IPOCL RMAIL Service
[POCLTIP IPOCL TIP Service
IPOSAPADS IPOSAPADS Service
[ACDBsql ‘OPSS ISSQLServer and SQLExecutive Services
JOCMSsql IMSSQLServer and SQLExecutive Services
IFTMS IFTMS User
MAESTRO MAESTRO User
Signing Signing Service
IKMHarvester IKM Key Object Harvester
IKMLoader IKM Key Object & Memo Loaders
© 2000 ICL Pathway Limited Commercial in Confidence Page 25 of 31
FUJ00232447
FUJ00232447
ICL Pathway Group Definitions for the Secure NT Build Core Ref:RS/REQ/016
j Version:3.0
+
Services Release Date:18/10/2000
Commercial In Confidence
IFTMS VPOCL IFTMS User
IMAESTRO [AESTRO User
IFTMS ‘SLAM IFTMS User
MAESTRO [AESTRO User
IVPNPMCSVC VVPN IVPN Service User
IVPNPMSSVC PN Service User
© 2000 ICL Pathway Limited Commercial in Confidence Page 26 of 31
ICL Pathway
Services Release +
Commercial In Confidence
Group Definitions for the Secure NT Build Core Ref:RS/REQ/016
Version:3.0
Date:18/10/2000
APPENDIX C — Remote FTMS Domain FTMS & FTP Users
This table lists by Domain those service users that are configured on the Domain PDC.
FUJ00232447
FUJ00232447
IFTP User Account Name
[Domain Account Created In (Comments
IBPOCL
vPOCL
IPOCLHAPS
IFARNHAPS
IPOCLHAPS
ILEICHAPS
IPOCLRDB
IPOCLRMAIL
[POCLTIP
IPOCLRDT
IPOSAPADS
IHUTHTIP
IPOCLRDB
POCLRMAIL
IPOCLTIP
IPOCLRDT
IPOSAPADS
IPDRTIP
IAPSBGT
IAPSCQO,
IAPSMDKW
IAPSHCC
IAPSSCC
IAPSYE
IAPSKNBC
(OCMSUKSS,
[FTMSBGT
IFTMSCQO
IFTMSMDKW
IFTMSHCC
IFTMSYE
[FTMSKNBC
IPWYFTMS
© 2000 ICL Pathway Limited
Commercial in Confidence
Page 27 of 31