The ACCESSCK ProcedureUser security profile |
|
From "VS Procedure", Access 86, July 1986 |
|
[ Prior Article ] [ Return to the Catalog of articles ] [ Next Article ] |
One of the more powerful aspects of Wang's Procedure language is its ability to easily use subroutines. With the availability of USERSUBS and other libraries of subroutines, procedures can be extended far beyond their usual use for job control. This month's procedure takes advantage of three USERSUBS - EXTRACT, DATE and BITUNPK - to extract, interpret, and display the current user's file access rights as defined by the Wang Security system.
First, let's briefly review the Wang security system as it relates to file access. Stored within the USERLIST file are three four-byte data items corresponding to the three levels of possible access - namely EXECUTE, READ or WRITE. These items are used in BINARY form; that is, the presence of a '1' in a column means that that access level is permitted, while the presence of a '0' means access is denied.
Normally, most users are barred from access to the USERLIST file for security reasons. Exceptions are made, though, to allow the system to extract and display certain non-sensitive items for the current user. Thus, the first task after the data items are defined is to use the EXTRACT subroutine to obtain these three items. (For a further discussion of the structure and users of USERLIST, see the article in the September 1985 issue of On-Line Data Access.) Sharp users will also note that I have included a call to DATE to obtain a translation of the system date and time, and that the 3-character user identifier is among the elements pulled by EXTRACT; both items will be displayed on the screen for documentation purposes.
The procedure consists of five major processes:
1. SETUP: data items are declared and the system date and time are extracted. The code sections through step S00 accomplish these tasks.
2. EXTRACT ACCESS MASKS: the EXTRACT subroutine is called to obtain the four-byte file access masks for the current user. This occurs in step S01.
3. UNPACK BINARY DISPLAY: the four-byte elements are unpacked to '0's and '1's. See steps S02 through S04.
4. TRANSLATE BINARY ELEMENTS TO MEANINGFUL CODES: the binary elements are translated to letter equivalents. This is done by looping 27 times through the binary display items, picking the letter code that corresponds to the highest security for that file class. See steps S05 through S07.
5. DISPLAY RESULTS ON THE WORKSTATION: the translated access codes are displayed on the user's workstation, along with explanatory material on Wang security and the time and date run. See step S08.
To get a better idea of how the binary elements work, key in the procedure from the start through step S04, then substitute the following code to display the "raw" binary elements:
S05: PROMPT CENTER "HERE ARE THE BINARY STRINGS:";; CENTER "EXECUTE: ", &EREC; CENTER "READ: ", &RREC; CENTER "WRITE: ", &WREC;; When run, you should get a display similar to this: HERE ARE THE BINARY STRINGS: EXECUTE: 01000011000000000000000011100000 READ: 01000010000000000000000011100000 WRITE: 00000010000000000000000011100000This translates to "EXECUTE access for class 'G', READ access for class 'A', and WRITE access to 'F', 'X', 'Y', and 'Z'". Confused? I didn't tell you that the items are arranged in alphabetical order - EXCEPT for the first position, which represents a '#' (Wang Security Administrator). Thus, position two is letter 'A', position 7 is letter 'F', etc.
Since this is hardly an understandable way to display this information, steps S05, S06, and S07 translate the data to the more familiar elements of 'E', 'R', or 'W'. Replace your temporary step S05 with steps S05 through S08 from the accompanying listing. Note that much of screen within step S08 is informational; I have included it here because this procedure is often used by users who are not familiar with Wang security or the access rights hierarchy.
Many other items could be extracted and included on the screen. You could include the full user name, the workstation number, the usage defaults for the user, or any other items. In multiple-CPU environments it may be desirable to display the system's Wangnet name; this is obtained by using EXTRACT with the keyword 'S$', accompanied by an eight-character receiver for the name. (Note that this item is only available with operating systems of release 6.40 or greater.) Consult the documentation for USERSUBS for further ideas. If you do not have the USERSUBS manual, see if you have the file SVCDOC in either USERSUBS or USERAIDS; this is a print file documenting most of the USERSUBS.
I'll close this month with a challenge to technical readers. It would be helpful to be able to print a snapshot of the screen for later reference. Unfortunately, this normally requires use of the HELP key, which many users do not have. The SCREEN subroutine in USERSUBS works admirably for this purpose in most programs, but I was not able to make it work within the procedure since the UFB for the screen address is not known. Do you know how to get around this problem? If so, please let me know and I will present the method in a later issue.
Happy trails, and may all your accesses be WRITE.
Copyright © 1986 Dennis S. Barnes
Reprints of this article are permitted without notification
if the source of the information is clearly identified