FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 5.0
COMPANY IN CONFIDENCE Date: 05/06/01
Document Title: Group Definitions for the Secure NT Build
Document Type: Requirement Definition
Release: CSR+
Abstract: The ACP requires that access to Pathway systems be
controlled by the use of pre defined roles to which users can
be assigned. Such roles will allow users to access only
those parts of the system, with associated objects, they
need in order to complete the tasks associated with that
particular role. This document summarises this requirement
and defines the roles, with associated objects, domains and
access requirements.
Document Status: APPROVED
Originator & Dept: Mark Ascott, Secure Builds/IPDU
Contributors: Alan D’Alvarez
Reviewed By: Distribution List recipients listed by bold text.
Comments By:
Comments To: Document Controller & Originator
Distribution:
Alan D’Alvarez BRAO1 Geoffrey Vane FELO1 Chris Wannell FELO1
Alex Robinson BRAO1 Nial Finnegan FELO1 Glenn Stephens FELO1
Pete Dreweatt BRAO1 Brian Bradley FELO1 Simon Fawkes MAN27
Tom Northcott BRAO1 lan Morrison FELO1 Pat Lywood BRAO1
Aaron Torrens FELO1 Mik Peach BRAO1
Dave Tanner FELO1 Frank Loftus KIDO1 Warren Welsh FELO1
Graham Hooper FELO1 Pete Lindsey FELO1 lain Janssens FELO1
Suzanne Gordon BRAO1 I Gerry Boyce IRE11 Debbie BRAO1
Richardson
Julie Slocombe FELO1 Stephen Sloan FELO1 Colin Mills MAN27
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 1 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 5.0
COMPANY IN CONFIDENCE Date: 05/06/01
[ lan Cooley LSAO1 Mike Conneely LSAO1
0.0 Document Control
0.1 Document History
This table records the document history of RS/REQ/016, which is based on an identical copy
of RS/REQ/012 v5.2. V1
VersionI Date Reason for Issue Associated
No. CP/PinICL
No.
0.1 11/10/99 I Initial draft for PVCS review cycle.
0.2 03/11/99 I Incorporates comments received from Barry
Procter and Patrick Weightman resulting from
PVCS review cycle.
1.0 04/11/99 I V1.0 APPROVED BASELINE CSR+
1.1 12/11/99 I Amendments since document set to approved.
1.2 25/11/99 I Updated to clarify toolsets for KMS SYSADM
and KMS DBA roles.
1.3 07/12/99 I Updated to identify toolsets for OCMS Admin &
OCMS User roles.
1.4 17/12/99 I Updated to further clarify tools sets for KMS.
roles
1.5 10/01/00 I Updated to cater for CP2373 and CP2308 CP2373 &
CP2308
1.6 23/01/00 I Updated to cater for CP2330 FTMS —- OCMS CP2330
links in FRODB
2.0 30/01/00 I V2.0 APPROVED BASELINE CI3_2
2.1 10/03/00 I Updated to cater for CP2377 (WARWTIP), CP2377 &
CP2373 (EPOSS Reports), CP2272 (MIS CP2373 &
Client Build) and CP2458 (OCMS). CP2272 &
CP2458
2.2 19/04/00 I Updated to cater for CP2502 (KMS Roles CP2502
Printing to Network Printer).
2.3 05/05/00 I Updated to cater for CP2485 (APS User role CP2485
and CS Admin roles added in, RDMC Admin
role will be removed at some point in the
future).
24 09/05/00 I Updated to address pinicl 43816, document CP2591 &
requirement for Printer access from all the PC0043816
RODB User groups, CP2591.
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 2 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 5.0
COMPANY IN CONFIDENCE Date: 05/06/01
2.5 07/06/00 I Updated to address pinicl 46827, operational PC0046827
requirement for all KMS roles to view NT Event
Logs.
26 21/06/00 I Updated to address pinicl 44842, CS Admin & I PC0044842
RDMC User roles updated to include shortcut
pointing to
MessageSubmissionApplication.exe.
27 30/06/00 I Updated to change Domain name WARWTIP I CP2537
to PDRTIP as per CP2537 where PDR stands
for Pocl Disaster Recovery.
2.8 24/07/00 I Updated to remove all references to FRODB CP2630
domain and RODB roles as per CP2630.
2.9 08/08/00 I Updated to address comments received from
Frank Loftus, new Platforms TDA, main
changes to Physical Platform Configuration
design docment references.
2.9A 14/08/00 I KMS SSC APPS SUP role updated with the PC0052072
addition of Explorer.exe & Cmd.exe as per
PinICL 52072.
2.10 24/08/00 I Updated to include comments received from
PVCS Document Review Cycle.
2.11 18/09/00 I Auditor role updated to include new tool as per I PCO053666
PinlCL 53666
2.12 09/10/00 I OCMS Roles updated as per CP2672 taking CP2672
input from SD/DES/176 v0.3
3.0 09/10/00 I V3.0 APPROVED BASELINE CI4LP
3.1 26/10/00 I Addressed comments received from PIT which
were preventing SECURENT B008 build
3.2 02/11/00 I CP2582 RDMC-UKSS FTMS Link details CP2582
3.3 14/11/00 I PinICL 57685 Floppy Access for selected APS I PC0057685
Clients
3.4 27/11/00 I Document reworked using latest Pathway
template
3.5 28/11/00 I New APS Client Users for Scottish and CP2692
Southern Energy SSE
3.6 14/12/00 I OCMS User & OCMS DBC roles modified PC58136
slightly
3.7 19/12/00 I New APS Client Users for Northern Ireland CP2647
Electricity NIE CP2809
3.8 05/01/01 I SLAM User Role updated to remove redundant I PC59100
tools.
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 3 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 5.0
COMPANY IN CONFIDENCE Date: 05/06/01
3.9 09/01/01 I New APS Client Users for SWALEC and CP2808
Welsh Water
3.10 10/01/01 I Clarification of Business Objects V4.1.2a CP2672
functionality required for OCMS User role
4.0 06/02/01 I APPROVED Baseline corresponding to Cl4M1 I Cl4M1
following review cycle
4.1 06/02/01 I New APS Client Users for Royal Sun Alliance I CP2825
42 14/02/01 I New APS Client Users for Standard Life CP2860
4.3 20/02/01 I Updated to include Performance Monitoring CP2790
System Phase 2 Resource Domain access, cP2840
Outlet Monitoring Authentication Domain roles
and access and New APS Client for DVLNI CP2826
44 14/03/01 I OCMS User Role updated CP2926
45 26/03/01 I New APS Clients Users for British Telecom & I CP2893
TVL and address comments raised by Colin CP2945
Mills against V4.3. Further detail for CP2790
added, primarily GMETCONS in Appendix A I CP2960
Reference to RS/REQ/020 which describes the
NT platforms which are installed and
configured with Anti Virus protection software
46 20/04/01 I Updates for RDMC User, APS User and CS CP2695
Admin Roles CP2831
CP2935
47 26/04/01 I New APS Client for Alternative Collection Point I CP2949
(ACP)
Remove ECCO MIG USers CP2903
OCP3656 Security Auditor and Pathway OCP3656
Security Manager roles updated with Firewall
Management Tools
48 05/06/01 I New APS Client for BBC (CCM) CP2972
0.2 Approval Authorities
Name Position Signature Date
Pete Dreweatt Security Delivery
Unit Manager
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 4 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 5.0
COMPANY IN CONFIDENCE Date: 05/06/01
Geoffrey Vane Security TDA
0.3 Associated Documents
Reference] VersionI Date Title Source
e
PA/TEM I 2.0 ? This document is created from this PVCS
version of PA/TEM/001
ACP. 3.0 18/12/98 RS/POL/0003 — Access Control Policy I PVCS
SFS 3.0 03/12/97 RS/FSP/0001 — Security Functional PVCS
Specification
NT DOM I 4.0 01/02/01 RS/DES/0051 — CSR+ NT Domain PVCS
Design
NT 5.0 04/06/99 RS/REQ/012 — NT Groups Definition PVCS
ROLES for NR2
FTMSAP I 0.9 12/03/01 TD/ION/029 — FTMS Configurations PVCS
for AP Clients at CSR+
ANTIVI 0.4 06/03/01 RS/REQ/020 — Implementation of Anti- I C.Billin
Virus Requirements gs
DMZ 0.3 21/02/01 RS/DES/075 — Communication G.Van
Monitoring System DMZ Security e
Overview
0.4 Abbreviations/Definitions
Abbreviation Definition
BDC Windows NT Backup Domain Controller Server
CSR+ Core Services Release +
Local Access via the console attached directly to an NT platform
PDC Windows NT Primary Domain Controller Server
0.5 Changes in this Version
VersionI Changes
V4.8 CP2972 New APS Client for BBC
V4.7 CP2949 New APS Client ACP, CP2903 and OCP3656 Secure Role
V4.6 Updates
CP2695, 2831, 2935 Toolset updates for RDMC/RDT workstations &
V4.5 roles
CP2893 DPC (BT) APS Client, CP2960 TVL APS Client and CP2790
Human User Access role updates for STPDB Server in PERFMAN
© 2001 ICL Pathway Limited
COMPANY IN CONFIDENCE Page: 5 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 5.0
COMPANY IN CONFIDENCE Date: 05/06/01
V4.4
V4.3
Resource Domain
CP2926 Ad Hoc Reporting for OCMS (part2)
CP2826 DVLNI APS Client
CP2840 Outlet Monitoring
CP2790 Performance Monitoring System Phase2
Appendix B and C update for GAPSSTLF & FTMSSTLF
Appendix A and C updated for GAPSRSA & FTMSRSA
Appendix A OCMS User role
Appendix B and C updated for GAPSSWAL, GAPSWELW &
FTMSWELW
Appendix A and B updated for GAPSNIE & FTMSNIE
Appendix B and C updated for GAPSSSE
Appendix A and C updated for GAPSKNBC and GAPSOXSS
Appendix C updated
Restricted Desktop Menu added to Appendix A
Menu Type Column added to Appendices B & C
Spaces removed for KMAService and InteractiveService service user
names
PWYKMS Domain Secure Role SSC APPS SUP renamed KMS APPS
SUP
0.6
Changes Expected
Changes
All new APS Client CPs
0.7
Table of Contents
Requirements.
Implementation..
4.1 NT Administrator User.
BR wn a
5 Notes that apply to Annex Aun... eececeececeeeeseeeeseeeeeceeeeseeeeeeeeeeeeeeetenees 10
6 APPENDIX A — Human User Roles...............0:ccccececeeeeeeeseeseeeeeeeeeeerees 11
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 6 of 1
ICL Pathway Group Definitions for the Secure NT Build
COMPANY IN CONFIDENCE
FUJ00232477
FUJ00232477
Ref: RS/REQ/016
Version: 5.0
Date: 05/06/01
7 APPENDIX B — Service User ACCOUNES................::eeecceseeeeereeseeeeees 45
8 APPENDIX C — Remote Domain FTP Access UsefS..............:0000 49
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 7 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 5.0
COMPANY IN CONFIDENCE Date: 05/06/01
1 Introduction
The nature of the Pathway system requires that access to the core systems
should be strictly controlled. [ACP] states that effective control depends on
having a clear definition of the roles and responsibilities of all personnel who
need some form of access to the system. Users will gain access by being
assigned to these roles. This will be core to Pathway implementing the
principles of least privilege.
This document summarises the requirement and defines the human roles that
will be implemented for NT platforms; which objects will be used by each role;
the domains each role will function within; access point for the role; and
associated privileges.
2 Scope
This document addresses the roles to be implemented as part of the Pathway
central NT systems and access rights assigned to each role. Each role within
this document access the datacentre through the Pathway NT Domain
Structure referenced in [NT DOM].
Roles used by SMC, SMG and Girobank are specifically excluded from this
document as they are authenticated on separate NT systems which form part
of a managed service.
Roles used and defined by OSD are described in this document for
completeness. Configuration of these roles in the live estate may be partly
provided by SDU and T&I PIT or completely by OSD.
Pathway Human Roles configured with Secured Desktops are described in
Appendix A.
Pathway Service User Accounts are defined in Appendix B
FTMS APS Clients for FTP and NTFS Share Access Types are defined in
Appendix C
3 Requirements
The requirement to implement a role based access control system emanates
from [ACP]. [ACP] further defines the roles that are required for access to the
Pathway Systems and the responsibilities of these roles.
It should be noted that the Pathway solution has moved on since Version 2 of
the ACP was issued and, as such, the Groups defined at Appendix A do not
always correlate with the roles defined in [ACP]. This will be addressed by
feeding these role definitions into the current review of the ACP which will be
subject to a CP once all necessary changes have been agreed.
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 8 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 5.0
COMPANY IN CONFIDENCE Date: 05/06/01
41
Implementation
Each role will be set up as a Group within NT. Individual users will be
assigned to these Groups in which access to objects, domains, servers and
associated privileges will be controlled. These Groups are defined in
Appendix A.
Roles will have defined access points which will have an accompanying
Platform Design Document. Access to objects will be made available to each
role at the relevant access point. This document specifically covers the
Groups accessing the data centres. The Horizon Helpdesk and SMC/SMG
roles are the responsibility of the appropriate managed service for the
provision of suitable client systems compliant to the SFS and ACP.
The definition of the users will be held in a spreadsheet, or similar, and
automated tools will be used for the production of the relevant command
scripts.
Human roles and service users, as defined in this document, will be
implemented using automated command scripts. By doing this, it will simplify
the implementation and maintenance of the roles and service users defined in
Annex A and B. Exceptions to this are those roles within the support
services, ICL Outsourcing and SSC, who will also access toolsets via the
command line. All roles only have authority to access the toolsets specified
in this document.
Human users created from the defined roles may only be members of one
role/Group definition. This is required to ensure the user is only provided
with one appropriate toolset.
Implementation of the toolsets for the ICL Outsourcing roles will be the
responsibility of the managed service and profiles will be set up locally on the
NT client. In these instances there will be no user profile on the PDC.
Implementation of the menu structure for each Group will ensure that users
assigned to that Group will be able to access the application set necessary
for them to fulfil their duties. Not all tools will be available through a direct
menu option; for example, Business Objects Universes will be accessed via a
Business Object menu option. The Business Objects Administrator will be
responsible for allocating the appropriate universes to users. Those ‘tools’
prefixed with ‘>’ will not typically be assigned as a menu option through the
PDC.
NT Administrator User
The Windows NT operating system is provided with a super user known as
the ‘Administrator’. This user has full administration and configuration
privileges which is exercised at both system/server and domain level. This
capability cannot be removed from Windows NT. Pathway recognises the
power that this user has and the ability that a human user, using the
administrator user, has to interfere with the day to day operation of the
Pathway solution.
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 9 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 5.0
COMPANY IN CONFIDENCE Date: 05/06/01
To address this issue, Pathway will limit and restrict the use of the NT
Administrator User. This will be achieved by:
> Renaming the Administrator User on all NT Servers so that it is hidden
from the system. The account name and password will be specified by the
Pathway Security Manager, which will be strictly controlled and stored in a
secure safe.
> Restrict full administrator privileges to the ‘Operational Management’ role.
Use of this role will be subject to the management and procedural controls
set out in the ‘Pathway Code of Practice’, PA/STD/010.
5 Notes that apply to Annex A
Those ‘tools’ prefixed with ‘>’ will not be assigned as a menu option from the
users workstation/access point. Instead the tool will be made available to the
user from the Command Line.
The term NT Resource Kit will mean the full complement of NT Resource Kit
utilities will be made available to the user role.
The term NT Resource Kit* {Toolname} will mean only the specific Resource
Kit utility or utilities specified by {Toolname} will be made available to the user
role.
The term NT Server Tools will mean the default Administrative Tools
(Common) executables delivered with the NT Operating System.
Reference ANTIVI describes all the NT platforms that are installed with Anti-
Virus protection software. It also describes the configuration details. Anti-
Virus configuration details are not duplicated in this document.
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 10 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
6 APPENDIX A—-Human User Roles
Application » Discoverer 2000 B/W SLAM Read / Write/ I PWYDCS B/WSLAM OSD NT Client I Application
suP > PC Xware Domain User Execute PWYHQ PERFMAN PC Support (OSD)
> Microsoft Office HUTHTIP gue Party
Restricted upplier PC
Desktop Menu I” Onnnet (telnet/ftp) FARNHAPS
> Patrol v3.2.05 Access to LEICHAPS
> Legato Administrator Sequent PDRTIP
> 1E4.0
> SQL Server Admin
> CMD prompt
> ALL ATHENE CMDs will
be accessibile either from
the command line or by a
menu and toolset
produced and provided on
the ISD Desktop by ISD.
Athene Analyst
Analyst
ViewDB Storage
Athene Automatic Reporting
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 11 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
Define A Report
Schedule Editor
View Processed
Reports
Athene Client-Server
Client-Server
Athene CustomDB
CustomDB
Schedule Editor
Web Log Parser
Athene Explorer
Define A Report
Explore Reports
Athene Planner
Build Baseline Model
Calibrate Baseline
Model
Delete Models
Edit baseline Model
Edit Reference
Tables
Edit Thresholds
Evaluate Model
Modify Model
View Results
Athene Sentinel
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 12 of 1
ICL Pathway
Group Definitions for the Secure NT Build
COMPANY IN CONFIDENCE
FUJ00232477
FUJ00232477
Ref: RS/REQ/016
Version: 4.8
Date: 05/06/01
Alert Summary
Sentinel
Base Installation I NT Administrator All Servers Administrative I Local Server Console Server Base Installation &
& Configuration Console Configuration
Full
(OSD)
(not an
account
template - no
system policy)
Engineer Normal Full NT Desktop All Servers Read / PWYDCS SEQSUP Server Engineers (NT
Execute PWYHQ ORASUP Console Data Centres)
Non Restricted Assign as PWYKMS B/WSLAM
Desktop member of power
users group PWYFTMS B/WPOCL
PWYCSM B/WBOOT
HUTHTIP B/WOPSS
FARNHAPS PWYMAS
LEICHAPS PERFMAN
PDRTIP BRASUP
FELUSRS
SIGF
CONFMAN
CORPPWY
Security > NT User Manager All Servers Read / Write PWYDCS All OSD NT Security
Managers > SQL Server Admin PWYHQ Client PC Management
> SQL Server PWYFTMS Third Party
Restricted SecurityManager Supplier PC
HUTHTIP
Desktop Menu
© 2001 ICL Pathway Limited
COMPANY IN CONFIDENCE
Page: 13 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
>» CMD prompt FARNHAPS.
LEICHAPS
PDRTIP
KMS SYSADMs I > NT Resource Kit Version All KMS Servers I Administrative I PWYKMS N/A KMS Admin Operational
supplied with Supplement Workstation Management
4 (OSD)
Restricted
Desktop Menu INT Server Tools SDIDES/135
CMD Prompt
Explorer.exe
This role requires access to
the network printer which
should be configures on the
KMS Admin Workstation
Operational » Compaq systems All Servers Administrative I PWYDCS All OSD NT Client I Operational
MAN reference library Full PWYHQ PC Management
> Insight Manager Access to PWYFTMS gue pay (OSD)
Restricted » SQL Server Admin Sequent HUTHTIP PP Riposte
Desktop Menu Technet Management
FARNHAPS
» Microsoft Office LEICHAPS
> NT Resource Kit PDRTIP
> Onnnet (telnet/ftp)
» Patrol v3.2.05
» Legato Administrator
» nt srvtools
> Tivoli desktop
» 1E4.0 for access to Tivoli
web
>_NT resource kit remote
© 2001 ICL Pathway Limited
COMPANY IN CONFIDENCE
Page: 14 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
» console server
» PC Xware
> CMD prompt
> VPNDiagClient.exe
> Notepad
> SVPNTSTN.exe (Utimaco
API Function Tool)
> ALL ATHENE CMDs will
be accessibile either from
the command line or by a
menu and toolset
produced and provided on
the ISD Desktop by ISD.
Athene Analyst
Analyst
ViewDB Storage
Athene Automatic Reporting
Define A Report
Schedule Editor
View Processed
Reports
Athene Client-Server
Client-Server
Athene CustomDB
CustomDB
Schedule Editor
Web Log Parser
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 15 of 1
ICL Pathway
Group Definitions for the Secure NT Build
COMPANY IN CONFIDENCE
Ref:
FUJ00232477
FUJ00232477
RS/REQ/016
Version: 4.8
Date:
05/06/01
Athene Explorer
Define A Report
Explore Reports
Athene Planner
Build Baseline Model
Calibrate Baseline
Model
Delete Models
Edit baseline Model
Edit Reference
Tables
Edit Thresholds
Evaluate Model
Modify Model
View Results
Athene Sentinel
Alert Summary
Sentinel
Network
Managers
Restricted
Desktop Menu
> Telnet
» Router Configuration
Software
> Network Diagnostic
software
> CMD prompt
> VPNDiagClient.exe
PWYDCS
N/A
Network Client
PC
Third Party
Supplier PC
Network
Management
Configurer
Sequent
Support
> PC Anywhere
Access to
Sequent
Read
PWYDCS
SEQSUP
Sequent Client
PC
Sequent Support
© 2001 ICL Pathway Limited
COMPANY IN CONFIDENCE
Page: 16 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
> Hyper Terminal
Non Restricted
Role at Present
Oracle Support I > Telnet Access to Read PWYDCS ORASUP Oracle Client Oracle Support
Sequent PC
Non Restricted
Role at Present
EMC Support » EMC proprietary Access to Read PYWDCS N/A EMC Client PC I None
> Client software Sequent
Non Restricted
Role at Present
SSC Apps MAN I CMD prompt All ‘Servers Read / Write / I PWYDCS All SSC NT Client I Application
Execute PWYHQ PC Support (SSC)
Restricted > Tivoli Remote Console Also; PWYFTMS
Desktop Menu I Relient Access to HUTHTIP SDIDES/172
> Reonsole Sequent FARNHAPS
>» RiposteGetMessage.exe LEICHAPS
> Ripostelndex.exe PDRTIP
>» RiposteNode.exe
» RiposteObjectSecurity.
Exe
» RiposteObject.exe
» RipostePing.exe
© 2001 ICL Pathway Limited
COMPANY IN CONFIDENCE
Page: 17 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
>
RipostePriorityMessage.
exe
> RiposteQueryUK.exe
> RiposteNextMessage.exe
> RipostePutMessage.exe
> RiposteScanMessage.
> RiposteStatus.exe
» RODBClient.exe
>» SQLServer V6.5 client
utilities
» ExCeed for Windows NT
(V 6.1)
» Visual Basic I.D.E.
Telnet
NT utilities
>» FTP (To Host Sequent,
and other POCL Services)
Microsoft Diagnostics
NT Event Viewer
WinZip/Pkzip
CD Rom writing software
Textpad
NotePad
Microsoft Word
Microsoft Excel
Microsoft Access
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 18 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
Microsoft Explorer
Internet Explorer (c/w SSC
default links page)
Full NT Control Panel
Performance Monitor
Registry editor
In-house Uti
ities
> Archive Viewer
> Expiry Reporter
» Stops Reporter
> Formatted File Utility
» MessageStore Utility
>» EndOfDay Reporter
» MessageStore Sort Utility
VPN Utilities
» VPNDiagClient.exe
>» SVPNTSTN.exe
Athene Analyst
Analyst
ViewDB Storage
Athene Automatic Reporting
Define A Report
Schedule Editor
View Processed
Reports
Athene Client-Server
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 19 of 1
ICL Pathway
Group Definitions for the Secure NT Build
COMPANY IN CONFIDENCE
Ref:
FUJ00232477
FUJ00232477
RS/REQ/016
Version: 4.8
Date:
05/06/01
Client-Server
Athene CustomDB
CustomDB
Schedule Editor
Web Log Parser
Athene Explorer
Define A Report
Explore Reports
Athene Planner
Build Baseline Model
Calibrate Baseline
Model
Delete Models
Edit baseline Model
Edit Reference
Tables
Edit Thresholds
Evaluate Model
Modify Model
View Results
Athene Sentinel
Alert Summary
Sentinel
SSC Apps SUP
CMD prompt
All Servers
Read /
Execute
PwyDCs
PWYHQ
All
SSC NT Client
PC
Application
Support (SSC)
© 2001 ICL Pathway Limited
COMPANY IN CONFIDENCE
Page: 20 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
Restricted > Tivoli Remote Console PWYFTMS
Desktop Menu I 5 Rotient Also; HUTHTIP SD/DES/172
» Rconsole Access to FARNHAPS
» RiposteGetMessage.exe Sequent LEICHAPS
» Ripostelndex.exe PDRTIP
» RiposteNode.exe
» RiposteObject.exe
>» RipostePing.exe
» RipostePriorityMessage.e
xe
» RiposteNextMessage.exe
> RiposteQueryUK.exe
» RiposteScanMessage.exe
> RiposteStatus.exe
» RODBClient.exe
>» SQLServer V6.5 client
utilities
» ExCeed for Windows NT
(V6.1)
> Visual Basic I.D.E.
Telnet
NT utilities
> FTP (To Host Sequent,
and other POCL Services)
Microsoft Diagnostics
W Event Viewer
WinZip/Pkzip
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 21 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
CD Rom writing software
Textpad
Microsoft Word
Microsoft Excel
Microsoft Access
Microsoft Explorer
Internet Explorer (c/w SSC
default links page)
Full NT Control Panel
CMD Prompt
Performance Monitor
In-house Utilities
>» Archve Viewer
v
Expiry Reporter
» Stops Reporter
> Formatted File Utility
>» MessageStore Utility
» EndOfDay Reporter
» MessageStore Sort Utility
VPN Utilities
>» VPNDiagClient.exe
Athene Analyst
Analyst
ViewDB Storage
Athene Automatic Reporting
Define A Report
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 22 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
Schedule Editor
View Processed
Reports
Athene Client-Server
Client-Server
Athene CustomDB
CustomDB
Schedule Editor
Web Log Parser
Athene Explorer
Define A Report
Explore Reports
Athene Planner
Build Baseline Model
Calibrate Baseline
Model
Delete Models
Edit baseline Model
Edit Reference
Tables
Edit Thresholds
Evaluate Model
Modify Model
View Results
Athene Sentinel
Alert Summary
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 23 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
Sentinel
GMETCONS Athene Analyst Short Term PDB Local Logon PWwYDCS PERFMAN STPDB Server I None
Analyst at Phase 1b rights at
¥ STPDB Server
ViewDB Storage Console
Athene Automatic Reporting
Define A Report Needs
Schedule Editor Read and
Execute
View Processed
Reports
Athene Client-Server
Client-Server
Athene CustomDB
CustomDB
Schedule Editor
Web Log Parser
Athene Explorer
Define A Report
Explore Reports
Athene Planner
Build Baseline Model
Calibrate Baseline
Model
Delete Models
Edit baseline Model
Edit Reference
access to C:\
Read, Execute
and Write
access to
D:\athene
Full Control
access to
E:\metron\mae
stro\datain and
E:\metron\data
base
© 2001 ICL Pathway Limited
COMPANY IN CONFIDENCE
Page: 24 of 1
ICL Pathway
Group Definitions for the Secure NT Build
COMPANY IN CONFIDENCE
Ref:
FUJ00232477
FUJ00232477
RS/REQ/016
Version: 4.8
Date:
05/06/01
Tables
Edit Thresholds
Evaluate Model
Modify Model
View Results
Athene Sentinel
Alert Summary
Sentinel
Athene Control Centre
Athene Database
Converter
Capture and
Collection
Control Centre
Control File Editor
Data Management
Define DB User
Details
Define Thresholds
Define User Data
Processing Options
Maintain DBF Files
View Control Centre
Error Logs
GSMCDBA
Restricted
Oracle Enterprise Manager
e Backup Manager
e Data Manager
SMDB Primary
and Hot Standby
Database
Administrative
Full
PWYCSM
None
SMDB Server
Local Console
None
Note: The
© 2001 ICL Pathway Limited
COMPANY IN CONFIDENCE
Page: 25 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
Desktop Menu Ie Instance Manager SD/DES/206 SYSMAN Domain
DBA_TECHNICIA
« Schema Manager N Role will also be
* SQL Worksheet trusted to operate
. within PWYCSM
* Security Manager via its membership
of the groups setup
e Storage Manager for SMCDBA
GSMDBOPMA SMDB Primary Administrative I PWYCSM None SMDB Server I Operational
N and Hot Standby Full Local Console I Management
» NT Server Tools
Restricted Technet T SD/DES/206 Note: The
Desktop Menu I ~ Andfor SYSMAN Domain
>» NT Resource Kit NT_TECHNICIAN
> Tivoli deskt SMC NT Client I S Role will also be
7 TINOl desktop PC Third Party I trusted to operate
> 1E4.0 for access to Tivoli Supplier PC within PWYCSM
web via its membership
f the tl
> NT resource kit remote for SMDBOPMAN
console server .
> CMD prompt
» Notepad
© 2001 ICL Pathway Limited
COMPANY IN CONFIDENCE
Page: 26 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
Auditors Legato client.exe Audit Archive and I Read / PWYDCS B/WOPSS Audit PC NAO Auditor
RiposteRQueryUK Retrieval Server I Execute POCL Auditor
Restricted Oracle Discoverer SD/DES/140 Pathway Business
Desktop Menu Counter Determinant Sorrespondence Functions Auditor
MS Word
MS Access
MS Excel
MS Word Pad
Note Pad
WinZip v6..3
CD Writer Software
Windows Explorer
Printer
DLT
MS Backup
Audit Extractor Client
ACDB Admin ACDB Client.exe Auto- , Read /Write/ I PWYDCS B/WOPSS Auto- , None
a > assign member of ACDB Configuration Execute Configuration
Decktop M enu SD/DES/141
ACDB User ACDB Client.exe Auto- Read/Write / I PWYDCS B/WOPSS Auto- None
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 27 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
(assign member of ACDB Configuration Execute Configuration
User Group) Server Client PC
Restricted
Desktop Menu
SD/DES/141
Business RiposteQueryUK.exe Access to Read / PWYHQ B/WOPSS Business Business Support
Support Business Objects Correspondence Execute CORPPWY Support Client Pathway
erver PC
TPE Management
. i- SD/DES/092
Restricted Busi Objects Designer
Desktop Menu_ I Business Obj 9 SLAM Client
Oracle Forms SUPF PC
Series (Helpdesk)
SLAM Users CON SQL* Forms B/WSLAM Read / PWYHQ B/WSLAM SLAM Client Implicit in text
CCS SQL" Forms Execute BIWOPSS Pe
Restricted Business Objects v4.1.10 (SSCSS svrs)
Desktop Menu SD/DES/181
Business Objects Designer
Business Objects Supervisor
Business Objects Reporter
Business Objects Document
Agent
Reference Data
Windows Explorer
MS Word
MS Excel
Winzip v6.3
Printer to local printer
3.5 floppy
CD ROM access
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 28 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
CD ROM Writer & Software
MIS BUS DEV I Business Objects B/WSLAM Read / PWYHQ B/WSLAM SLAM Client Implicit in text
5 A . Execute PC
Users > Business Universe
Windows Explorer Access to Data
Restricted MS Word Warehouse SD/DES/181
Desktop Menu MS Excel
Printer
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 29 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
CS Admin APS User Maintenance RDMC/RDDS Read / Write/ I PWYDCS FELUSRS RDMC Secure role
Execute Administrator previously known
RDMNC Access Control
Restricted RDMC Interactive Data
Desktop Menu Loader
RDMC Release Manager
RDMC Reports
RDMC Send
MS Word
MS Excel
Winzip
Oracle Discoverer 2000
RDT Reference Data
Monitoring Tool (RDT
produced Applictaion)
Workstation as RDMC Admin
SD/DES/167
Maestro Remote Console
SQL Worksheet
SQL Plus
Shortcut pointing to
MessageSubmissionApplicat
ion.exe
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 30 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
RDMC User RDMC Interactive Data RDMC/RDDS Read / PwYDCS FELUSRS RDMC
Loader Execute Administrator
Workstation
Restricted RDMC Release Manager
Desktop Menu I RDMC Reports
MS Word SD/DES/167
MS Excel Read / Write /
Winzi Execute Note: As a
tnzip result of
Oracle Discoverer 2000 cP2441, Paul
RDT Reference Monitoring Curley wil
Tool (RDT produced P
ae RDNC at
application) BRAO1 with
Maestro Remote Console MemoView
Added to the
SQL Worksheet workstation
SQL Plus
Internet Explorer*
Relient *
Shortcut pointing to
MessageSubmissionApplication
sexe
Note: * Both of these tools
are retricted to RDMC
Workstations located at
BRA01 only
© 2001 ICL Pathway Limited
COMPANY IN CONFIDENCE
Page: 31 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
APS User APS Service Agreement APS Read / PWYDCS FELUSRS RDMC.
Manager Execute Administrator
Workstation
Restricted APS System Parameters
Desktop Menu _ I APS Trans Except
APS Client Service Manager SD/DES/167
MS Word
MS Excel Read / Write /
Winzip Execute
Oracle Discoverer 2000
OCMS DBA OCMS Client OCMS Server Read / PWYDCS BOPSS OCMS Client None
7 i Execute within Pc
SQL Server 6.5 Client (ACDB server in SQL DB WOPSS P2591
Restricted Configuration Utility BOPSS/WOPSS) PWYFTMS
Desktop Menu I SQL Server 6.5 SP5a FTMS Gateway SD/DES/176
in PWYFTMS Full Control to
ODBC V2.65 Share point
Business Objects V4.1.10 OCMSRPTS
fi located on
Event Viewer OCMS Server
MS Backup
MS Query
Notepad
Performance Monitor
Wordpad
User Manager
Windows NT Explorer
Requires access to a locally
connected printer.
© 2001 ICL Pathway Limited
COMPANY IN CONFIDENCE
Page: 32 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
OCMS Users OCMS Client OCMS Server Read / PWYDCS BOPSS OCMS Client I None
SQL Server 6.5 Client (ACDB server in Sac os within wopss PC P2033
Restricted configuration Utility BOPSS/WOPSS) Full Control to P2672
Desktop Menu _I Business Objects V4.1.10 Share point SD/DES/176 cP2926
+ Designer V4.1.10 OCMSRPTS
i located on
+ Supervisor V4.1.10 OCMS Server Secure role
previously known
Requires access to Floppy Disc as OCMS_Users
drive.
Requires access to a locally
connected printer.
Security SecurlD admin.client All Read / PWYDCS All SecurlD Pathway Security
Auditors Event Viewer Access to Execute PWYHQ Admin W/S Event Auditor
Tivoli Web Browser eeu) PWYFTMS
Restricted MS A HUTHTIP SD/DES/171
Desktop Menu ecess
Firewall1 Log Viewer FARNHAPS
Firewall1 System Status LEICHAPS
Firewall Policy PDRTIP
© 2001 ICL Pathway Limited
COMPANY IN CONFIDENCE
Page: 33 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
Pathway SecurlD admin.client All Read / PWYDCS All SecurlD Pathway Security
SECMAN Event Viewer Access to Execute PWYHQ Admin W/S Manager
Tivoli Web Browser Enterprise Server PWYFTMS
. (SecurlD)
Restricted Ms A PWYCSM SD/DES/171
Desktop Menu ‘ecess
Firewall1 Log Viewer HUTHTIP.
Firewall1 System Status FARNHAPS
Firewall Policy LEICHAPS
PDRTIP
GSMDBUser This user is provided with a I SMDB Primary Read / PWYCSM None ICL Corporate I None
null menu. They access the I and SMDB Hot Execute Desktop or
SMDB Server via Internet Standby Dial-in Laptop
Null Menu Explorer or other Web connected to
Browser that is installed on the ICL
the ICL Corporate Corporate
THIS ROLE IS Desktop/Laptop. The user Network
NOT USED AT I accounts created from this
THE INITIAL role forces the user to be
INTRODUCTIO I authenticated by Windows
N OF CP2840 NT at the PWYCSM
BUT IS Domain. This enables an
PROVIDED audit trail for user access
READY FOR and attempted access to be
POSSIBLE maintained.
USE AT LATER
DEVELOPMEN
T PHASES OF
THE PWYCSM
DOMAIN.
Key Managers KMA GUI KMA Server Read / PWYKMS N/A KMA Cryptographic Key
Execute Workstation Manager
NT Event Viewer
© 2001 ICL Pathway Limited
COMPANY IN CONFIDENCE
Page: 34 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
Restricted
Desktop Menu Crystal Report Designer SD/DES/134
Crystal SQL Designer
ODBC Administrator
Runtime File Requirements
Seagate Crystal Reports
Developer's Help
Seagate Crystal Reports
Help
Seagate Crystal Reports
Readme
Winhelp.exe
Winhlp32.exe
NOTE
Do not install
Crystal Query Client
Crystal Query Server
Web Report Server
This role requires access to
the network printer which
should be configured on the
KMS Admin Workstation
Data Managers I KMA GUI KMA Server Read / PWYKMS N/A KMA KMA Data Manager
NT Event Viewer Execute Workstation
Restricted
Desktop Menu SD/DES/134
Crystal Report Designer
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 35 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
Crystal SQL Designer
ODBC Administrator
Runtime File Requirements
Seagate Crystal Reports
Developer's Help
Seagate Crystal Reports
Help
Seagate Crystal Reports
Readme
Winhelp.exe
Winhlp32.exe
NOTE
Do not install
Crystal Query Client
Crystal Query Server
Web Report Server
This role requires access to
the network printer which
should be configured on the
KMS Admin Workstation
KMS SecMANs I SQL Server Admin All KMS Servers Read / PWYKMS N/A KMS Admin Security Manager
and Domain Execute Workstation
Including Workstations
Restricted SQL Server Security
Desktop Menu Manager SD/DES/135
MS Query
SQL Trace Utility
SQL Server Books Online
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 36 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
CMD Prompt
Usrmgr.exe
NT Event Viewer
This role requires access to
the network printer which
should be configured on the
KMS Admin Workstation
KMS DBA SQL Server V6.5 Client KMA Server Read / PWYKMS N/A KMS Admin Database
Utilities including Execute Workstation Administrator
ISQL/W
Restricted ‘,
Desktop Menu I Enterprise Manager SD/DES/135
MS Query
SQL Trace Utility
SQL Server Books Online
NT Event Viewer
Crystal Report Designer
Crystal SQL Designer
ODBC Administrator
Runtime File Requirements
Seagate Crystal Reports
Developer's Help
Seagate Crystal Reports
Help
Seagate Crystal Reports
Readme
Winhelp.exe
Winhlp32.exe
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 37 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
NOTE
Do not install
Crystal Query Client
Crystal Query Server
Web Report Server
This role requires access to
the network printer which
should be configured on the
KMS Admin Workstation
KMS APPS SQL Server V6.5 Client KMA Server Read / PWYKMS N/A KMS Admin Application Support
SUP Utilities including Execute Workstation (SSC)
ISQL/W
Restricted Enterprise Manager SD/DES/135
Desktop Menu MS Query
SQL Server Books Online
Crystal Report Designer
Crystal SQL Designer
ODBC Administrator
Runtime File Requirements
Seagate Crystal Reports
Developer's Help
Seagate Crystal Reports
Help
Seagate Crystal Reports
Readme
Winhelp.exe
Winhlp32.exe
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 38 of 1
ICL Pathway
Group Definitions for the Secure NT Build
COMPANY IN CONFIDENCE
Ref:
FUJ00232477
FUJ00232477
RS/REQ/016
Version: 4.8
Date:
05/06/01
NT Event Viewer
Explorer.exe
Cmd.exe
NOTE:
Do not install Crystal Query
Client
Crystal Query Server
Web Reports Server
This role requires access to
the network printer which
should be configured on the
KMS Admin Workstation
KMS Auditors
Restricted
Desktop Menu
MS Word
MS Access
MS Excel
MS Word Pad
Note Pad
Windows Explorer
NT Event Viewer
Printer
This role requires access to
the network printer which
should be configured on the
KMS Admin Workstation
KMA Server Read / PWYKMS
Execute
N/A
KMS Admin
Workstation
SD/DES/135
NAO Auditor
POCL Auditor
Pathway Business
Functions Auditor
GAPSKNBC
Restricted
Windows Explorer
Must be able to access
MKNRAPOt Read/ PWYFTMS
MKNRAPO2 Execute
N/A
Remote APS
Gateway for
Knowsley BC.
None
© 2001 ICL Pathway Limited
COMPANY IN CONFIDENCE
Page: 39 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
Desktop Menu Floppy Disc Drive and D: TD/ION/029
Drive
GAPSOXSS Windows Explorer MOXRAPO1 Read / PWYFTMS N/A Remote APS None
Execute Gateway for
MOXRAPO2 Oxfordshire
Restricted Must be able to access Social
Desktop Menu Floppy Disc Drive and D: Services
Drive TD/ION/029
GAPSRSA Windows Explorer MBMRAPO1 Read / PWYFTMS N/A Remote APS None
Execute Gateway for
MBMRAPO2 Royal Sun
Restricted Must be able to access Alliance
Desktop Menu Floppy Disc Drive and D: TD/ION/029
Drive
GAPSDVNI Windows Explorer MCORAP01 Read / PWYFTMS N/A Remote APS None
Execute Gateway
MCORAPO2 forDVLNI
Restricted Must be able to access
Desktop Menu Floppy Disc Drive and D: TDIION/029
Drive
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 40 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
7 APPENDIX B - Service User Accounts
This table lists by Domain those service users that are configured on the Domain PDC.
Service User Account Name Domain Account Created In Comments Menu Type
ACDBsal BOPSS MSSQLServer and SQLExecutive Services None
OCMSsal MSSQLServer and SQLExecutive Services None
FTMS FTMS User Null Menu as default state
MAESTRO MAESTRO User None
Signing Signing Service None
KMHarvester KM Key Object Harvester None
KMLoader KM Key Object & Memo Loaders None
FTMS BPOCL FTMS User Null Menu as default state
MAESTRO MAESTRO User None
VPNPMCSVC BVPN VPN Service User None
VPNPMSSVC VPN Service User None
FTMS FARNHAPS FTMS User Null Menu as default state
POCLHAPS POCL HAPS Service Null Menu
FTMS HDHORIZON FTMS User Null Menu as default state
HHDBTX Horizon Helpdesk BTX User No Policy Entry
HHDMitel Horizon Helpdesk Mitel User No Policy Entry
HHDSorbus Horizon Helpdesk Sorbus User No Policy Entry
FTMS HUTHTIP FTMS User Null Menu as default state
POCLRDB POCL RDB Service Null Menu
POCLRDT POCL RDT Service Null Menu
© 2001 ICL Pathway Limited
COMPANY IN CONFIDENCE
Page: 41 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
POCLRMAIL POCL RMAIL Service Null Menu
POCLTIP POCL TIP Service Null Menu
POSAPADS POSAPADS Service Null Menu
FTMS LEICHAPS FTMS User Null Menu as default state
POCLHAPS POCL HAPS Service Null Menu
ORA_BACKUPSERVICE PWYCSM Oracle Backup Service None
ORA_SMDB Oracle SMDB Service User None
VeritasBackup VeritasBackup Service User None
WWW_uUser Oracle Web Server Service User None
MAESTRO PWYDCS MAESTRO User None
RDMC RDMC Service User None
MAESTRO PWYFTMS MAESTRO User None
FTMSAPS FTMS APS Service User (Local Gateway) Null Menu
FTMSGENERAL FTMS General Service User for ICL FTMS. Null Menu
FTMSBGT FTMS Service User for BGT client Null Menu
FTMSCQO FTMS Service User for CQO client Null Menu
FTMSMDKW FTMS Service User for Mid Kent Water client Null Menu
FTMSHCC. FTMS Service User for Hampshire CC client Null Menu
FTMSYE FTMS Service User for Yorkshire Elec client Null Menu
FTMSKNBC FTMS Service User for Knowsley BC client Null Menu
FTMSGIRO FTMS Service User for GiroBank client Null Menu
FTMSMAN FTMS Service User for OBCS Null Menu
FTMSSTEV FTMS Service User for OBCS Null Menu
FTMSUKSS FTMS Service User for OCMS/RDMC Null Menu
FTMSOXSS FTMS Service User for Oxford SS client Null Menu
© 2001 ICL Pathway Limited
COMPANY IN CONFIDENCE
Page: 42 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
FTMSSSE FTMS Service User for Scottish & Southern Energy I Null Menu
client Null Menu
FTMSNIE awe Service User for Northern Ireland Electricity I Null Menu
Null Menu
FTMSWELW FTMS Service User for SWALEC & Welsh Water
FTMSRSA Null Menu
FTMS Service User for Royal Sun Alliance
FTMSSTLF Null Men
FTMS Service User for Standard Life
FTMSDVNI Null Menu
FTMS Service User for DVLNI
FTMSDPC Null Menu
FTMS Service User for DPC (British Telecom)
FTMSTVL Null Menu
FTMS Service User for TVL
FTMSACP Null Menu
FTMS Service User for ACP
FTMSCCM FTMS Service User for CCM (BBC)
DBABatch PWYKMS Maestro DBA Service User None
InteractiveService Interactive service Account None
KMABatch KMA Maestro SQL Service None
KMAService KMA Service Account None
MAESTRO MAESTRO User None
KMSsql KMA SQL Service User None
TivoliSC. Tivoli System Control Service User None
Signing SIGF Signing Service None
FTMS PDRTIP FTMS User Null Menu as default state
POCLRDB POCL RDB Service Null Menu
POCLRDT POCL RDT Service Null Menu
POCLRMAIL POCL RMAIL Service Null Menu
© 2001 ICL Pathway Limited
COMPANY IN CONFIDENCE
Page: 43 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
POCLTIP POCL TIP Service Null Menu
POSAPADS POSAPADS Service Null Menu
ACDBsal WoPSS MSSQLServer and SQLExecutive Services None
OCMSsqI MSSQLServer and SQLExecutive Services None
FTMS FTMS User Null Menu as default state
MAESTRO MAESTRO User None
Signing Signing Service None
KMHarvester KM Key Object Harvester None
KMLoader KM Key Object & Memo Loaders None
FTMS WPOCL FTMS User Null Menu as default state
MAESTRO MAESTRO User None
FTMS WSLAM FTMS User Null Menu as default state
MAESTRO MAESTRO User None
VPNPMCSVC WVPN VPN Service User None
VPNPMSSVC VPN Service User None
© 2001 ICL Pathway Limited
COMPANY IN CONFIDENCE
Page: 44 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
8 APPENDIX C —- Remote Domain FTP Access Users
This table lists by Domain those service users that are configured on the Domain PDC.
FTP User Account Name / GGroup I Domain Account Created In Comments Menu Type
Name
BPOCL
WPOCL
POCLHAPS (GPOCLHAPS) FARNHAPS Null Menu
POCLHAPS (GPOCLHAPS) LEICHAPS. Null Menu
POCLRDB (GPOCLRDB) HUTHTIP. Null Menu
POCLRMAIL (GPOCLRMAIL) Null Menu
POCLTIP (GPOCLTIP) Null Menu
POCLRDT (GPOCLRDT) Null Menu
POSAPADS (GPOSAPADS) Null Menu
POCLRDB (GPOCLRDB) PDRTIP Null Menu
POCLRMAIL (GPOCLRMAIL) Null Menu
POCLTIP (GPOCLTIP) Null Menu
POCLRDT (GPOCLRDT) Null Menu
POSAPADS (GPOSAPADS) Null Menu
APSBGT (GAPSBGT) PWYFTMS Null Menu
APSCQO (GAPSCQO) Null Menu
APSMDKW (GAPSMDKW) Null Menu
APSHCC (GAPSHCC) Null Menu
APSSCC (GAPSSCC) Null Menu
APSYE (GAPSYE) Null Menu
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 45 of 1
FUJ00232477
FUJ00232477
ICL Pathway Group Definitions for the Secure NT Build Ref: RS/REQ/016
Version: 4.8
COMPANY IN CONFIDENCE Date: 05/06/01
APSSSE (GAPSSE) Null Menu
APSSWAL (GAPSSWAL) Null Menu
APSWELW (GAPSWELW) Null Menu
APSSTLF (GAPSSTLF) Null Menu
OCMSUKSS (GOCMSUKSS) Null Menu
OBCSSTEV (GOBCSSTEV) Null Menu
OBCSMAN (GOBCSMAN) Null Menu
OCMSUKSS (GOCMSUKSS) Null Menu
RDMCUKSS(GRDMCUKSS) Null Menu
APSDPC (GAPSDPC) Null Menu
APSTVL (GAPSTVL) Null Menu
APSACP (GAPSACP) Null Menu
APSCCM (GAPSCCM) Null Menu
© 2001 ICL Pathway Limited COMPANY IN CONFIDENCE Page: 46 of 1